PoSHMagiC0de Posted September 25, 2017 Share Posted September 25, 2017 So, I notice a lot of folks cramming pentest frameworks into their bunny to access its library of payloads. Even I gave a passing thought in the past to install Empire on the bunny but it faded fast. Metasploit has a lot of nice local and remote exploits that I do see what entices people to want to throw it on the Bunny. The downside is it is heavy. Even on a normal machine firing it up gets an extensive load while it is loading modules. Even if you use a rc file. I can imagine the time it takes to come up on the bunny. This extends the amount of time you need connected to the machine by a lot. So, here is an idea. Has anyone thought of taking out of Metasploit what they need and using just that. Really, the exploits you need will run shellcode you feed to it, or Powershell code if it is a Powershell based module. You just need the exploit and your code you want it to run. If you stage it then you need way to get the stages. This way you only use what you need, reducing the spinup time and even the exploit time. Pretty much you can trim the fat and make it more portable and less resource extensive. Just an idea. Only time I see you needing the full framework is if you can and are going to be interacting with it where you then can make use of the variety of modules more dynamically with the target. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.