Showing posts with label Tools. Show all posts
Showing posts with label Tools. Show all posts

Friday, June 22, 2012

ScreenSpy – New Meterpreter Script



A new Meterpreter script named “ScreenSpy” was developed and added to Metasploit. This Meterpreter script captures images from a remote victim system, at a predefined interval, and displays the image sequence on your attack system.
Code:
meterpreter > run screenspy -h
 
Screenspy v1.0
--------------
 
Usage: bgrun screenspy -t 20 -d 1 => will take interactive Screenshot every sec for 20 sec long.
Usage: bgrun screenspy -t 60 -d 5 => will take interactive Screenshot every 5 sec for 1 min long.
Usage:  bgrun screenspy -s windows -d 1 -t 60 => will take interactive  Screenshot every 1 sec for 1 min long, windows local mode.
 
Author:Roni Bachar (@roni_bachar) roni.bachar.blog@gmail.com
 
OPTIONS:
 
-d   The Delay in seconds between each screenshot.
-h        Help menu.
-s   The local system linux/windows
-t   The time to run in sec.
Posted by at No comments:
Labels: , , , , , , , ,

Reverse ICMP backdoor


Reverse icmp backdoor kit from Bernardo Damele A. G
Sometimes, network administrators make the penetration tester’s life harder. Some of them do use firewalls for what they are meant to, surprisingly!
Allowing traffic only onto known machines, ports and services (ingress filtering) and setting strong egress access control lists is one of these cases. In such scenarios when you have owned a machine part of the internal network or the DMZ (e.g. in a Citrix breakout engagement or similar), it is not always trivial to get a reverse shell over TCP, not to consider a bind shell.
However, what about UDP (commonly a DNS tunnel) or ICMP as the channel to get a reverse shell?
Bernardo: Last year a friend of mine coded a tool called icmpsh. It implements the reverse ICMP shell concept very well. The main advantage over the other open source tools is that it does not require administrative privileges to run onto the target machine.
I spent some time playing with the tool and was immediately impressed. It is clean, easy and portable. The slave (client) runs on the target machine, it is written in C and works on Windows only whereas the master (server) can run on any platform as it has been implemented in C and Perl by Nico. I ported it to Python too.
The reason for the Python port is that I wrapped it into sqlmap too. As of version 0.9 stable you can either establish the out-of-band connection via TCP with Metasploit or via ICMP with icmpsh – switch –os-pwn.
icmpsh Features
  • Open source software – primarily coded by Nico, forked by Bernardo Damele A. G .
  • Client/server architecture.
  • The master is portable across any platform that can run either C, Perl or Python code.
  • The target system has to be Windows because the slave runs on that platform only for now.
  • The user running the slave on the target system does not require administrative privileges.
Example
Running icmpsh slave on target system (192.168.136.129) by specifying the master IP 192.168.136.1

Running icmpsh master on attacker machine (192.168.136.1) and issuing two OS commands onto the target system (192.168.136.129)
Response packet from icmpsh slave containing output of issued command whoami
The forked tool can be found on Bernardo’s GitHub at https://github.com/inquisb/icmpsh.

Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)