bobbyb1980 Posted December 14, 2011 Share Posted December 14, 2011 Hey guys. For like the past week or two I've been addicted to metasploit. At work we have a network of over 50 machines (I'm the unofficial tech guy) and I've been setting up a bunch of browser exploits, like the java applet attack and the aurora module and getting meterpreter shells - tons of fun! I also get a free pass to play around with spear phishing which is tons of fun and actually works! I have a few questions for those of you more experienced in metasploit. After compromising one machine (over the internet) what I like to do is add that route to msfconsole so I can further explore the LAN from the internet. The logical next step, for me at least, is to map the network and then go after the router/switch. I'll see what kind it is, try to enumerate snmp info, search for known exploits, etc. I haven't done it yet but I'd like to try to bruteforce/dictionary attack the router via the compromised machine. The problem is I only have axx to a shell, the cli. Does anyone know any ways I can run hydra or a similar program form the cli? I don't know much about this stuff in Windows and it seems everything is GUI. Or perhaps there is a module within metasploit that I can use to do this? My next question is about managing meterpreter shells. I'm using metasploit framework the free version and not the pro version. I have a dedicated server running a listener. I would like to know how I can setup the server with say a java applet attack, the victim goes there and I then get a meterpreter shell. The problem is that if I close this instance of the listener, the shell goes and doesn't come back. Does anyone know of any ways to manage meterpreter shells while being able to connect/disconnect at will (not background it)? I hope this all makes sense. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.