Reload db_autopwn in metasploit 4

Started by ultra_lazer, March 07, 2012, 10:18:39 PM

Previous topic - Next topic

ultra_lazer

Hi
Ciao tutti.

As you all know db_autopwn has been removed simply because it launches too many exploits at once that causes remote hosts to crash.
But still is a handy option sometimes, so i will show you how to bring it back to metasploit.

Ok, first we update metasploit :

root@UltraLazer:~# cd /opt/metasploit/msf3
root@UltraLazer:/opt/metasploit/msf3# svn update
U    modules/exploits/windows/ssh/sysax_ssh_username.rb
Updated to revision 14875.

root@UltraLazer:/opt/metasploit/msf3#

Now download the rb file from here :  http://www.mediafire.com/?9cwwdeaa1jc4t55

as root, place the rb file in : /opt/metasploit/msf3/plugins.

Reboot your system.

Now open msfconsole and connect metasploit to postgres or mysql or your custom database : ( if you dont know how, ask me and i will show you, or just Google it )!
When the database is connected, give the command : " load db_autopwn ".

root@UltraLazer:~# msfconsole

     ,           ,
    /             \
   ((__---,,,---__))
      (_) O O (_)_________
         \ _ /            |\
          o_o \   M S F   | \
               \   _____  |  *
                |||   WW|||
                |||     |||


       =[ metasploit v4.3.0-dev [core:4.3 api:1.0]
+ -- --=[ 812 exploits - 453 auxiliary - 135 post
+ -- --=[ 247 payloads - 27 encoders - 8 nops
       =[ svn r14875 updated today (2012.03.07)

msf > db_status
  • postgresql connected to msf3dev
    msf > load db_autopwn
  • successfuly loaded db_autopwn
    msf >

    ;) Enjoy
        UL

davehardy20

As you say db_autopwn was dropped, because it could launch too many exploits against a target, creating race conditions amongst other problems that could/would crash targets.
So rather than re-adding db_autopwn I would checkout a plugin written by Carlos Perez - darkoperator.com.

The plugin is auto_exploit and is a work in progress but works really well..

https://github.com/darkoperator/Metasploit-Plugins,,

Just checkout the git repo and load it into metasploit.
Also take a look at the pentest plugin which adds extra functions like auto discovery.

ultra_lazer

 ;) Hey thanks a lots , cool plugins indeed , cant wait to test them all  ;)
Good job