Re: Thanks Alex and Jond -- metasploit and proxyport

From: H D Moore (sflist@digitaloffense.net)
Date: Thu Oct 18 2007 - 12:10:48 EDT

• Next message: Sat Jagat Singh: "re: Directory Transversal"
• Previous message: Danux: "SQL Injecton - Strange Result"
• In reply to: James Kelly: "Thanks Alex and Jond -- metasploit and proxyport"
• Next in thread: Alexander Bondarenko: "Re: Thanks Alex and Jond -- metasploit and proxyport"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wednesday 17 October 2007, James Kelly wrote:
> I've re-read the docs for metasploit 4 and there is an option to set
> a "proxies" environmental variable.
> I have to dig deaper but it looks like metasploit 3 will do proxying
> transparently. I have to dig deeper though.

Metasploit 3 includes builtin proxy support for all TCP sockets created by
exploit/auxiliary modules. The format is:

msf> setg Proxies SOCKS4:127.0.0.1:1080

You can configure multiple proxies in a chain with commas:

msf> setg Proxies SOCKS4:host1:1080,SOCKS4:host2:1080

A number of bugs were fixed in the Metasploit 3 proxy support after
version 3.0 was released. I recommend that you use the development
version instead and always use the latest version:

$ svn co http://metasploit.com/svn/framework3/trunk/ msf3-trunk

At this time, only SOCKS4 proxies are supported. We will be happy to add
HTTP, SOCKS4A, SOCKS5 if there is any demand for it. Proxy support only
works for connections initiated from the system running Metasploit -- if
you configure a proxy, but route your connection through another
exploited system (using the route command and meterpreter), then the
proxy parameters will be simply be ignored.

The following example routes a HTTP banner scan through TOR:

msf > use auxiliary/scanner/http/version
msf auxiliary(version) >

msf auxiliary(version) > set RHOSTS 216.75.15.0/24
RHOSTS => 216.75.15.0/24

msf auxiliary(version) > set Proxies SOCKS4:127.0.0.1:2080
Proxies => SOCKS4:127.0.0.1:2080

msf auxiliary(version) > run
[*] 216.75.15.3 is running Apache/2.2.0 (Linux/SUSE)
[*] 216.75.15.4 is running Apache ( Powered by PHP/4.4.4-8+etch3 )
[*] 216.75.15.5 is running Apache/2.2.2 (Fedora)
[*] 216.75.15.6 is running Microsoft-IIS/6.0 ( Powered by ASP.NET )
[*] 216.75.15.8 is running Apache
[*] 216.75.15.9 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.14 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.16 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.17 is running Apache
[*] 216.75.15.18 is running Apache/2.2.3 (Fedora) ( Powered by PHP/5.1.6 )
[*] 216.75.15.19 is running Apache/2.2.3 (Fedora) ( Fedora Default Page )
[*] Caught interrupt from the console...
[*] Auxiliary module execution completed

msf auxiliary(version) >

-HD

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Sat Jagat Singh: "re: Directory Transversal"
• Previous message: Danux: "SQL Injecton - Strange Result"
• In reply to: James Kelly: "Thanks Alex and Jond -- metasploit and proxyport"
• Next in thread: Alexander Bondarenko: "Re: Thanks Alex and Jond -- metasploit and proxyport"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:10 EDT