Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Default Metasploit Installation #47

Open
akefallonitis opened this issue Sep 25, 2019 · 15 comments
Open

Default Metasploit Installation #47

akefallonitis opened this issue Sep 25, 2019 · 15 comments

Comments

@akefallonitis
Copy link

Can purple-team-attack-automation modules be installed in an existing metasploit or only docker version is supported ?
@akefallonitis
Copy link
Author

To be more specific . It would be nice to export the metasploit modules so that they can be added separately in an existing metasploit installation.

@tmsteen
Copy link
Contributor

tmsteen commented Sep 25, 2019

I think you could conceivably do it by copying the following module directories to the same directories for your installation:

modules/post/windows/purple/
modules/post/osx/purple/
modules/post/linux/purple/

You would also need to drop lib/msf/core/post/windows/purple.rb in the right place.

Then startup MSF or run reload_all.

This is totally untested so YMMV.

@akefallonitis
Copy link
Author

Thank you i will try it :)

@akefallonitis
Copy link
Author

also data/purple folder needed

@tmsteen
Copy link
Contributor

tmsteen commented Sep 27, 2019

Just to confirm, that worked? If so, I think we can probably add that to the README.

@akefallonitis
Copy link
Author

akefallonitis commented Sep 30, 2019
edited
Loading

At my first try it worked but today i get similar error to some of the modules

[09/27/2019 18:01:34] [e(0)] core: /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb failed to load due to the following error: NameError uninitialized constant Msf::Post::Windows::Purple Call
stack: /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb:8:in <class:MetasploitModule>' /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb:5:in module_eval_with_lexical_sc
ope' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:51:in module_eval' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:51:in module_eval_with_lexical_scope' /usr/share/
metasploit-framework/lib/msf/core/modules/loader/base.rb:140:in block in load_module' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:567:in namespace_module_transaction' /usr/share/metaspl
oit-framework/lib/msf/core/modules/loader/base.rb:178:in load_module' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:246:in block in load_modules' /usr/share/metasploit-framework/lib/msf/c
ore/modules/loader/directory.rb:49:in block (2 levels) in each_module_reference_name' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:133:in block in find' /usr/sh
are/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in catch' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in find' /
usr/share/metasploit-framework/lib/msf/core/modules/loader/directory.rb:40:in block in each_module_reference_name' /usr/share/metasploit-framework/lib/msf/core/modules/loader/directory.rb:30:in foreach' /usr/s
hare/metasploit-framework/lib/msf/core/modules/loader/directory.rb:30:in each_module_reference_name' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:245:in load_modules' /usr/share/metasplo
it-framework/lib/msf/core/module_manager/loading.rb:135:in block in load_modules' /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:133:in each' /usr/share/metasploit-framework/lib/msf/cor
e/module_manager/loading.rb:133:in load_modules' /usr/share/metasploit-framework/lib/msf/core/module_manager/reloading.rb:43:in block in reload_modules' /usr/share/metasploit-framework/lib/msf/core/module_mana
ger/reloading.rb:42:in each' /usr/share/metasploit-framework/lib/msf/core/module_manager/reloading.rb:42:in reload_modules' /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/modules.rb:859:
in cmd_reload_all' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in block in run_single' /usr/ share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in run_single' /usr/share/metasploit-framework/lib/rex/ui/tex t/shell.rb:151:in run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in start' /usr/bin/m
sfconsole:49:in `

'

I guess there is an issued with the library purple.rb although its loades in msf/core/post/windows/

@akefallonitis
Copy link
Author

Also when i change the live for the data/purple folder :
data = client.powershell.import_file({:file=>'data/purple/t1003/Invoke-DCSync.ps1'})

i also get an error for import_file event with the correct full path

@akefallonitis
Copy link
Author

akefallonitis commented Sep 30, 2019
edited
Loading

Ok the loading of the module needed needs one more thing:

/usr/share/metasploit-framework/lib/msf/core/post/windows.rb

add : require 'msf/core/post/windows/purple'

The only thing i dont know now is were to place the data folder with the extra files cause i can not run the attacks using them

@tmsteen
Copy link
Contributor

tmsteen commented Sep 30, 2019

I think data just goes in your base metasploit directory.

@akefallonitis
Copy link
Author

akefallonitis commented Oct 1, 2019
edited
Loading

Probably the problem is with powershell_import:

msf5 post(windows/purple/t1003) >
[+] Got SYSTEM privileges
[-] Post failed: Errno::ENOENT No such file or directory @ rb_sysopen - data/purple/t1003/Invoke-DCSync.ps1
[-] Call stack:
[-] /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/powershell/powershell.rb:39:in read' [-] /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/powershell/powershell.rb:39:in import_file'
[-] /usr/share/metasploit-framework/modules/post/windows/purple/t1003.rb:114:in `run'

or

msf5 post(windows/purple/exec_bloodhound) > run

[] loading powershell...
[-] The 'powershell' extension has already been loaded.
[] importing sharphound ingestor...
[-] Error running command powershell_import: Errno::ENOENT No such file or directory @ rb_sysopen - data/purple/BloodHound/SharpHound.ps1
[*] starting SharpHound with specified options: Invoke-BloodHound -CollectionMethod Default -ZipFileName C:\BloodHound.zip
[+] Command execution completed:

[!] sleeping for 45 seconds and then checking for SharpHound output files
[+] SharpHound file found! Downloading file from remote host
[+] BloodHound execution complete.
[*] Post module execution completed

@akefallonitis
Copy link
Author

Is powershell_import a known error ?

@tmsteen
Copy link
Contributor

tmsteen commented Oct 2, 2019

Not that I am aware of, but as stated before, you are in uncharted territory with trying to roll this on top of a default MSF install.

@akefallonitis
Copy link
Author

So basically to sum up what it needs to be done to install in a default MSF:

Copying Modules

modules/post/windows/purple/
modules/post/osx/purple/
modules/post/linux/purple/

Copying purple.rv
lib/msf/core/post/windows/purple.rb

Add an entry in /usr/share/metasploit-framework/lib/msf/core/post/windows.rb

add : require 'msf/core/post/windows/purple'

Copy data/purple folder in %MSF/data

I haven't figure out why powershell_import does not work yet

@sulaimanbale
Copy link

Hi,

Are you able to install on local host ?

@sulaimanbale
Copy link

Where is %MSF/data?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tmsteen @akefallonitis @sulaimanbale