Menu

Home

pedro ubuntu


my-auxiliary.rb V3.0

alternate text

                        Developer: pedro ubuntu "r00t-3xp10it"
                  Suspicious Shell Activity Labs@2013 | r00tsect0r


Module Description

"this auxiliary module needs metasploit framework installed, and a session open to target host"
my-auxiliary.rb is a script written in ruby that uses msf to interact with the target host
through a previous open session (after the target gets exploited)
my-auxiliary.rb provides the most common post-exploitation tasks, all-in-one auxiliary module,
also this module provides the ability to run only one option, or all of them simultaneously.


Module Options

                    APPL        => enumerate intalled applications
                    CLEAR       => clear IDS event logfiles on target host
                    GETPRIVS    => Elevate meterpreter to AUTHORITY/SYSTEM privs
                    HOST        => dump target hostfile to loot folder
                    HOSTFILE    => add entrys to target hostfile <ip-add> <domain>
                    DELHOST     => revert target hostfile to default settings
                    LOGIN       => enumerate Recently logged on users
                    MSG         => execute one message on target desktop
                    SESSION     => the session to run the module on
                    UACSET      => check if UAC is enabled and is settings
                    UACBYPASS   => will bypass UAC settings using regedit
                    EXECUTE     => will execute an cmd command on target host
                    LABEL       => will rename the c: harddrive display name
                    SETCH       => will backdoor setch.exe on target system
                    HIDETASK    => restrict the use of TaskManager (hide)
                    STOPPROCESS => stop remote process from running (e.g iexplore.exe)
                    PANIC       => Disable ControlPanel, hide Drives+desktop icons,
                                   DisableTaskMgr, restric major browsers from running,
                                   restart host,and display a msgbox at login time.
                    POWERSHELL PERSISTENCE => will persist a powershell.bat payload
                    deliver befor by 'netool.sh toolkit', also uploads a hidden.vbs
                    script to run the powershell in a hidden cmd windows and insert
                    a registry entry (HKLM\..\run) to run the payload at startup.
                    "powershell.bat and hidden.vbs must be stored in /var/www"


GIT repository


my-auxiliary.rb GIT repository


Video Tutorials


my-auxiliary.rb V1.7 + netool.sh V4.0
my-auxiliary.rb V1.5
my-auxiliary.rb V1.2
my-auxiliary.rb V1.1


'Building A Module'

              Special Thanks to [darkoperator & sinn3r] from Rapid7 Community,
              and to [offensive security] online courses 'metasploit unleashed'
                   (the only CORE/API documentation available to study) :(

          http://www.offensive-security.com/metasploit unleashed/Building_A_Module
          http://www.offensive-security.com/metasploit unleashed/seful_API_Calls




INSTALL ON UBUNTU LINUX alternate text


[download the tool]
"open terminal and write"

  wget https://sourceforge.net/projects/myauxiliarymete/files/my-auxiliary.tar.gz


[unzip the file]

  tar -xvf my-auxiliary.tar.gz


[copy auxiliary to metasploit db]

  sudo cp my-auxiliary.rb <path-to-metasploit-install>/msf3/modules/auxiliary/analyze/my-auxiliary.rb

  example:
  sudo cp my-auxiliary.rb /opt/metasploit/msf3/modules/auxiliary/analyze/my-auxiliary.rb

 "Manually Path Search"
  root@ubuntu:~# locate modules/auxiliary/analyze


[run module]

  meterpreter> background
  msf exploit(handler)> reload_all
  msf exploit(handler)> use auxiliary/analyze/my-auxiliary
  msf post(my-auxiliary)> show options
  msf post(my-auxiliary)> set SESSION 1
  msf post(my-auxiliary)> set UACSET true
  msf post(my-auxiliary)> exploit




INSTALL ON KALI LINUX alternate text

[download the tool]
"open terminal and write"

  wget https://sourceforge.net/projects/myauxiliarymete/files/my-auxiliary.tar.gz


[unzip the file]

  tar -xvf my-auxiliary.tar.gz


[copy auxiliary to metasploit db]

  cp my-auxiliary.rb <path-to-metasploit-install>/modules/auxiliary/analyze/my-auxiliary.rb

  example:
  cp my-auxiliary.rb /usr/share/metasploit-framework/modules/auxiliary/analyze/my-auxiliary.rb

 "Manually Path Search"
  root@kali:~# locate modules/auxiliary/analyze


[run module]

  meterpreter> background
  msf exploit(handler)> reload_all
  msf exploit(handler)> use auxiliary/analyze/my-auxiliary
  msf post(my-auxiliary)> show options
  msf post(my-auxiliary)> set SESSION 1
  msf post(my-auxiliary)> set UACSET true
  msf post(my-auxiliary)> exploit



                                       [Develop/coded By]
                                 pedro ubuntu aka r00t-3xp10it
                     Suspicious Shell Activity Labs@2013 | r00tsect0r Team

alternate text
r00tsect0r

alternate text
www.rapid7.com



Project Admins: