Skip to content

r00t-3xp10it/resource_files

Repository files navigation

METASPLOIT RESOURCE FILES

Resource scripts provides an easy way for us to automate repetitive tasks in Metasploit. Conceptually they're just like batch scripts, they contain a set of commands that are automatically and sequentially executed when you load the script in Metasploit. You can create a resource script by chaining together a series of Metasploit console commands or by directly embedding Ruby to do things like call APIs, interact with objects in the database, modules and iterate actions.

This repository contains various resource files to assiste in exploitation or metasploit database related issues.
pic


DISCLAMER

The resource scripts this repository contains serves as proof of concept (POC) of this article published on resource files scripting. This repository is designed to demonstrate what resource files ERB can accomplish when automating tasks in msfconsole, and they are written to take advantage of multi-hosts-exploitation-scan tasks (manage large databases of hosts) from scanning the local lan for alive hosts, scan attackers input rhosts or scan wan networks in search of rhosts to exploit.



Mosquito - Automating reconnaissance and brute force attacks

mosquito_banner


Index

[1] Project History
[2] Framework Description
[3] Framework Dictionary files
[4] Framework Dependencies
[5] Framework Limitations
[6] Framework Download
[7] Framework help-update-install-execution
[8] Project Referencies url's
[9] Project Acknowledgment
[10] Project releases description



Project History

Mosquito.sh (BASH) script was written for the purpose of automating the resource files (ERB) contained in this repository. Each resource file is written to allow users to run them in three different ways, from scan the Local Lan, scan user inputs (RHOSTS/LHOSTS) or randomly scan the WAN network for possible targets to add to metasploit database.

mosquito_banner

WARNING: In 'Random search WAN for rhosts' its advice to use default LIMMIT values (4 to 5 minuts scan aprox.)



Framework Description

Mosquito as first step uses nmap to seach-recon hosts information (or possible targets), then adds all the hosts found (with open ports) to metasploit database to be used in further recon, exploration or brute force jobs carried out later with msf.

mosquito_banner mosquito_banner mosquito_banner

Mosquito allow us to scan Local Lan or WAN networks using nmap (search-recon) and metasploit (recon-exploration-brute-force), but unlike msf the scans performed by nmap will use a fake UserAgent (IPhone/Safari) stealth scans (SYN ack) and Cloak scan(s) with decoys (-D decoy_ip,decoy_ip,ME) that makes forensic IDS analysis more dificult to identify the attack.

mosquito_banner

WARNING: All this stealth technics will not prevent us from beeing caugth, so its advice to not use mosquito inside your home network (Local Lan), but insted find a public hotspot to use and abuse of mosquito framework.

stealth technics used to evade IDS analysis
-------------------------------------------
nmap -sS [stealth scan using SYN ack]
nmap -D 188.234.11.254,167.113.24.80,ME [Cloak a scan with decoys]
nmap --script-args http.useragent="Apache-HttpClient/4.0.3 (java 1.5)" [spoof your UserAgent]

Mosquito also allow us to search-scan-exploit-brute-force multiple targets at the same time (multi-tasking).

mosquito_multi_targets mosquito_multi_targets

And each valid credentials found (brute-force) will spawn a shell session to remote host.

mosquito_banner mosquito_banner

jump to top



Framework Dictionary files

Initialy all resource scripts that this project contains are written to allow is users to input dictionary file absoluct path before the scan take place (own dictionary), but mosquito ships with is own set of dictionary files to assist in brute force tasks, and it does not allow is users to input another dictionary file when running mosquito framework.

nevertheless mosquito users can still improve the existing dictionary(s) by edit them before executing the framework.
All dictionary files can be found in project working directory under: 'resource_files/bin/worldlists'.

mosquito_banner

jump to top



Framework Dependencies

Dependencie Function Install
zenity Bash script GUI interfaces zenity download *
nmap WAN random search; recon nmap download *
metasploit msf database; recon; exploitation; brute force metasploit download
geoiplookup hosts geo location sudo apt-get install geoip-bin *
curl hosts geo location sudo apt-get install curl *
dig ip address resolver Linux native installed package **
vulners.nse CVE recon mosquito native nse script *
freevulnsearch.nse CVE recon mosquito native nse script *
http-winrm.nse http winrm recon mosquito native nse script *
* ./mosquito.sh -i = to install all packages/scripts/modules
** Linux native installed package = no need to install it

Hint: All mosquito dependencies can be easy installed by runing: sudo ./mosquito.sh -i
Adicionaly to the dependencies described above, diferent resource scripts requires diferent msf auxiliarys or nmap nse adicional scripts installed, the -i switch in mosquito allow us to download/install all that extra modules fast and easy.

jump to top



Framework Limitations

a) mosquito only accepts ip addr inputs, not domain names
b) brute forcing takes time, use 'CTRL+C' to skip current task(s)
c) mosquito dicionarys can be found in resource_files/bin/worldlists
d) finding valid credentials sometimes fails to spawn a shell
e) multiple sessions open (msf) migth slowdown your pc

Hint: This resource scripts requires that the msf database to be empty of hosts and services data. Thats the main reason why this scripts creates a new workspace named 'mosquito' and stores all data inside that workspace while working, then the resource script deletes the 'mosquito' workspace in the end of execution and leave *default database intact.

jump to top



Framework Download

[download]   git clone https://github.com/r00t-3xp10it/resource_files.git
[permitions] cd resource_files && find ./ -name "*.sh" -exec chmod +x {} \;

Framework help-update-install-execution

[help]    sudo ./mosquito.sh -h

mosquito_banner

[update]  sudo ./mosquito.sh -u

mosquito_banner

jump to top



Referencies

[1] Project home page
[2] Project wiki - dependencies
[3] offensive resource script - geo_location.rc
[4] offensive resource script - post_exploitation.rc
[5] hacking-material-books - metasploit_resource_files


Project Acknowledgment

@fyodor - nmap framework
@Hhdm - metasploit framework
@gmedian - vulners.nse script
@SeanWarnock - http-winrm.nse script
@MathiasGut - freevulnsearch.nse script

jump to top


Suspicious Shell Activity redteam@2019