This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REGISTRY: | |
| Data::Meterpreter | |
| [*] Running against session 1 | |
| [*] Session type is meterpreter | |
| [*] | |
| [*] TESTING: registry_value_exist? for key:HKLM\Software\Microsoft\Active Setup, val:DisableRepair | |
| [*] RESULTS: TrueClass true | |
| [*] |
kernelsmith
/ custom_meterp_bind.txt
Created
September 11, 2012 22:20
Connecting a custom binary to the Meterpreter handler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * connect to the handler | |
| * read a 4-byte length | |
| * allocate a length-byte buffer | |
| * mark it as writable and executable (on Windows you'll need VirtualProtect for this) | |
| * read length bytes into that buffer | |
| * jump to the buffer. easiest way to do this in C is cast it to a function pointer and call it. | |
| via egypt | |
| Assuming x86 arch, you have to make sure that the EDI register contains your socket descriptor (the value of the ConnectSocket variable). You can do this via inline asm, but it might be easier to just prepend the 5 bytes for setting it to your shellcode: |
kernelsmith
/ validate_datastore_option.rb
Created
October 3, 2012 22:14
Validate a datastore option AFTER run/exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Validate a datastore option AFTER run/exploit, in case it has changed or whatever | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Auxiliary | |
| def initialize(info = {}) | |
| super(update_info(info, | |
| 'Name' => 'opt_check', | |
| 'Description' => %q{ |
kernelsmith
/ msf_obj_space_files_exceptions.rb
Created
January 9, 2013 18:50
irb/ruby code snippets to find all the active Exceptions or open file handles etc. You may encounter and possibly want to handle these exceptions in code you are writing for msf.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # open file handles | |
| ObjectSpace.each_object(File) {|o| puts o.inspect} | |
| # finding all the active Exceptions which one might have to catch in metasploit | |
| # start msfconsole, proceed to the environment you want to examine, for instance if | |
| # you want to see what exceptions are available in a meterp session, then establish | |
| # one, interace with it, and then... | |
| # run the irb command and enter the following | |
| ObjectSpace.each_object(Class) {|o| puts o.inspect if o.ancestors.include?(Exception)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is really a .rc file, but to get pretty colors, we're calling it a .rb file | |
| # | |
| # setup handler | |
| # | |
| use multi/handler | |
| set LPORT 8080 | |
| set ExitOnSession false | |
| exploit -j |
kernelsmith
/ ruby_books.txt
Last active
December 14, 2015 17:08
Ruby books to read in approximate order
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. The Humble Little Ruby Book | |
| ============================================================= | |
| http://www.humblelittlerubybook.com/ Free online book | |
| 1. The Little Book of Ruby | |
| ============================================================= | |
| http://www.sapphiresteel.com/The-Little-Book-Of-Ruby Free online book | |
| Both are free, short, and easy to read. | |
| The humble book is also pretty entertaining, so I recommend that when folks aren't quite sure they | |
| want to learn Ruby. |
kernelsmith
/ useful_sublime_text2_plugins.txt
Last active
December 15, 2015 18:59
useful sublime text 2 plugins
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) Install package control in sublime: http://wbond.net/sublime_packages/package_control/installation. For the impatient: | |
| a) Ctl-` (control backtick, might be command-backtick for macsters) | |
| b) Paste the following: | |
| import urllib2,os; pf='Package Control.sublime-package'; ipp=sublime.installed_packages_path(); os.makedirs(ipp) if not os.path.exists(ipp) else None; urllib2.install_opener(urllib2.build_opener(urllib2.ProxyHandler())); open(os.path.join(ipp,pf),'wb').write(urllib2.urlopen('http://sublime.wbond.net/'+pf.replace(' ','%20')).read()); print('Please restart Sublime Text to finish installation') | |
| c) Hit enter | |
| d) Restart sublime | |
| 2) Install the git package (https://github.com/kemayo/sublime-text-2-git/wiki): | |
| a) Bring up the Command Palette (Command+Shift+p on OS X, Control+Shift+p on Linux/Windows). | |
| b) Select "Package Control: Install Package" (it'll take a few seconds) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem config_winrm.bat | |
| rem This script assumes WinRM 2.0 has been installed on XP. WinRM 2.0 | |
| rem should already be installed on Windows > XP | |
| rem The quickconfig command used to fail if the firewall was disabled. | |
| rem Hopefully they fixed that problem. It didn't present the last time | |
| rem I ran quickconfig with the disabled firewall | |
| rem For more information on WinRM, please visit Microsoft's WinRM site: | |
| rem http://msdn.microsoft.com/en-us/library/aa384426(v=VS.85).aspx |
kernelsmith
/ run_cmds_via_winrm.rb
Created
April 17, 2013 19:44
Run shell commands, powershell scripts, WQL queries etc via winrm in ruby
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'winrm' # winrm depends on nokogiri | |
| require 'csv' | |
| # file path for the csv of ips etc | |
| ip_file = "./vms.csv" | |
| # commands to be run on each | |
| cmds = [ | |
| "tzutil /s utc_dstoff", | |
| "date /t", | |
| "time /t", # don't forget the commas, this is an array |
kernelsmith
/ mesh_ideas.txt
Last active
July 28, 2021 14:34
MASH/MESH/SMASH ~ Metasploit Attack Shell or Metasploit Action Shell or Metasploit Exploitation Shell or whatever
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MSF | |
| ME | |
| METASPLOIT | |
| SH | |
| BASH | |
| to summarize earlier comments, | |
| maybe soft linking into /usr/bin, maybe /usr/bin/msf/* or aliasing the root console-type commands | |
| which would shovel a call to an rpc daemon running on localhost presumably. Could do a busybox type | |
| approach where they all call into the same rb file, or if not, could put a bunch of rb files in |
OlderNewer