ChopperCharles

I need sqlite3 for several of the modules installed in metasploit. Thus far, however, I've been unable to get it to install. If I install (gem install sqlite3) from a console prompt, it installs successfully. But if I start teamserver and armitage, and then run a module that requires sqlite3, it bombs just like before. If I attempt the "gem install sqlite3" from an armitage console, it starts the install but never finishes. Either way, I'm unable to use any of the modules that require sqlite3. Is there a fix for this, or am I SOL? Charles.

Unfortunately, that didn't work at all for my android (Nook Color) device. Charles.

So far the only reliable way I've found to detect iOS operating systems (on ipod/iphone) is to run a "Comprehensive" scan in Armitage. The metasploit command for that is: db_nmap --min-hostgroup 06 -sS -n -sU -T4 -A -v -PE -PP -PS80, 443 -PA3389 -PU40125 -PY -g 53 192.168.1.113 That works, but it takes forever and a day to complete. Is there a faster way to detect iOS? Note that the above scan does not work to detect my android devices on my network, so I need something else entirely for that. An ARP scan shows me my nook color (android tablet) as "192.168.1.103 appears to be up (BARNES&NOBLE.COM)", which is more information than an nmap scan of that IP address gives. Any ideas how to accomplish faster iOS detect, and any kind of android OS detect at all? Thanks! Charles.

Is there documentation for session.fs.file in metasploit? Here's my problem: I'm building a post module (meterpreter, windows sessions only). If I attempt to upload a nonexistent file using session.fs.file.upload, a zero byte file gets created on the remote system, and the remote directory is locked. I don't mind the zero byte file, but the locked directory is a BIG problem. So, I need a way to check that the local file exists before uploading, or preferably have a way to release the lock on the directory when an error occurs. I can't even find where in the metasploit code session.fs.file is located, and there's no documentation that I've been able to find using google... but I may not be searching for the right thing. Any help would be appreciated! Charles.

... did you READ my question? upload/download work fine from Metasploit to the target. But they do not transfer files to or from the RPC client. Charles.

hak5 is a show? Learn something new every day I guess. I just thought it was the name of this forum. I'm a developer not a hacker, just learning these things :) Charles.

Right now I'm using MPGRPC to communicate with metasploit. Previously I was using XMLRPC. Both of these RPCs are extremely limited. My big problem is, when I send a "pwd" using a meterpreter_write, I then have to issue a meterpreter_read to get the response. Well, the response may not be on the console yet, so i have to keep polling for the result until it shows up. This is all well and good, except for say the "cd" command. If successful there is no result from a CD. If it fails there is an error condition, but if i'm attempting to cd into a directory tree until I find a directory in the tree that does not exist, well then the problem arises thus: path "/cheeze/whiz/taco" exists. cd cheeze <-- this doesn't complete before the next line is called. cd whiz <-- this is attempting to change to /whiz, because the cd above has not completed yet. I currently get around this by issuing a pwd command and then waiting for that result in between each Cd command. But that does slow things down. The other problem is the RPC makes the cat command entirely useless. I can poll forever, and never know when a cat has completed. When polling the session, I can't just wait for 0 bytes returned and say I'm done, because network conditions and metasploit server load can easily cause some meterpreter_reads to come back with zero bytes, even though the cat has not finished outputting to the console. What's more, if there are two concurrent users of the session, their data can get interspersed with mine. What I want is a way to execute and wait for a command to finish. Is this possible using some other RPC? Thanks. Charles.

Okay, I have three machines. One is a target. One is running Metasploit, and one is running my custom app which uses the MSGRPC client (previously used XMLRPC). I'm using the app to download a file from the target, via a meterpreter download command sent over the RPC. However, ultimately I want that file to be transferred back to the application that initiated the transfer. From what I see, there is no way for this to be done over the RPC... however, Artimage does it somehow. My question is: How? :) I need to retrieve that file, or preferably transfer it directly from the target to my application, and not even save it on the metasploit box. Thanks. Charles.

On the registration page, it asks "what is the show called". I tried Shmoocon, but that wasn't it, and the question is without any context whatsoever. Luckily I saw the facebook login right before I gave up in frustration. Mods might want to take a look at that... Charles.