Fresh Veil

Automatically Generating Payloads

Veil is awesome - it makes payload generation easy and supports a wide variety of payloads with new ones being dropped pretty often. Getting caught by AV during a test is not awesome. Being caught because the target’s AV had a signature hit on you is even worse. Because YOU (the tester) messed up. You didn’t take the extra few minutes to regenerate a payload. I’ve been there and I’m sure you’ve been there. It sucks and you feel silly. The solution? Use Veil’s command line options and cron to regenerate payloads every 30 minutes. Server Build This is the basic build. Let’s assume that you have a server that you catch social engineering payloads on. Static IP (or domain). For setup, make a directory... [Read More]

Hit the Ground Running- Automating Metasploit

There are a number of commands that tend to get run on every session on a target I get in Metasploit. Using resource files, these commands can be automated to dump as much information as possible, as quickly as possible. This can be combined with an MSFConsole autostart script to automate the starting of handlers and pre-fill options for post modules that don’t need to be run on every session. First we make a new file for the autorunscript to be run on each new session: nano /infogather and paste the following in the file: run migrate -f screenshot -v false ps ipconfig sysinfo run post/windows/gather/enum_shares run post/windows/gather/enum_domain_group_users group="Domain Admins" run post/windows/gather/checkvm screenshot -v false background Each command will... [Read More]