Skip to content

Instantly share code, notes, and snippets.

@kernelsmith

kernelsmith/proof_multi_command.txt

Last active September 29, 2016 11:58
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kernelsmith/5822064 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kernelsmith/5822064 to your computer and use it in GitHub Desktop.
Download ZIP
testing results for msfconsole multi commands, old PR 1336, and RM7705
Raw
proof_multi_command.txt
msf exploit(psexec) > set RHOST 1.1.1.1;set LHOST 1.1.1.2
RHOST => 1.1.1.1
LHOST => 1.1.1.2
msf exploit(psexec) > show options
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 1.1.1.1 yes The target address
RPORT 445 yes Set the SMB service port
SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
SMBDomain WORKGROUP no The Windows domain to use for authentication
SMBPass no The password for the specified username
SMBUser Administrator no The username to authenticate as
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 1.1.1.2 yes The local listener hostname
LPORT 8443 yes The local listener port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(psexec) > "set SMBPass wtf;bbq";set LPORT 443
SMBPass => wtf;bbq
LPORT => 443
msf exploit(psexec) > show options
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.248.128 yes The target address
RPORT 445 yes Set the SMB service port
SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
SMBDomain WORKGROUP no The Windows domain to use for authentication
SMBPass wtf;bbq no The password for the specified username
SMBUser Administrator no The username to authenticate as
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 192.168.248.1 yes The local listener hostname
LPORT 443 yes The local listener port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(psexec) > "set SMBPass wtf\';bbq";set LPORT 443
SMBPass => wtf';bbq
LPORT => 443
msf exploit(psexec) > show options
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.248.128 yes The target address
RPORT 445 yes Set the SMB service port
SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
SMBDomain WORKGROUP no The Windows domain to use for authentication
SMBPass wtf';bbq no The password for the specified username
SMBUser Administrator no The username to authenticate as
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 192.168.248.1 yes The local listener hostname
LPORT 443 yes The local listener port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(psexec) > "set SMBPass wtf\"";bbq";set LPORT 443
SMBPass => wtf";bbq
LPORT => 443
msf exploit(psexec) > so
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.248.128 yes The target address
RPORT 445 yes Set the SMB service port
SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
SMBDomain WORKGROUP no The Windows domain to use for authentication
SMBPass wtf";bbq no The password for the specified username
SMBUser Administrator no The username to authenticate as
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 192.168.248.1 yes The local listener hostname
LPORT 443 yes The local listener port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(psexec) > alias so show options
msf exploit(psexec) > alias se show evasion
msf exploit(psexec) > alias -f sa show advanced
msf exploit(psexec) > "alias -f sall so;sa;se"
[*] The alias failed validation, but force is set so we allow this. This is often the case
[*] when for instance 'exploit' is being overridden but msfconsole is not currently in the
[*] exploit context (an exploit is not loaded), or you are overriding a system command
msf exploit(psexec) > sall
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.248.128 yes The target address
RPORT 445 yes Set the SMB service port
SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
SMBDomain WORKGROUP no The Windows domain to use for authentication
SMBPass wtf";bbq no The password for the specified username
SMBUser Administrator no The username to authenticate as
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process, none
LHOST 192.168.248.1 yes The local listener hostname
LPORT 443 yes The local listener port
Exploit target:
Id Name
-- ----
0 Automatic
Module advanced options:
Name : CHOST
Current Setting:
Description : The local client address
<snip>
Payload advanced options (windows/meterpreter/reverse_https):
Name : AutoLoadStdapi
Current Setting: true
Description : Automatically load the Stdapi extension
<snip>
msf exploit(psexec) > help sall
[*] sall is an alias so it's help may not be accurate.
[*] The alias contains multiple commands (so;sa;se). Try checking the help for each command separately.
msf exploit(psexec) > help so
[*] so is an alias so it's help may not be accurate.
[*] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, plugins, options
[*] Additional module-specific parameters are: advanced, evasion, targets, actions
ks$ ./msfconsole -x 'version;ruby -v'
<snip>
Framework: 4.7.0-dev
Console : 4.7.0-dev.15168
[*] exec: ruby -v
ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.4.0]
ks$ ./msfconsole -x '"alias -f sall so;sa;se"'
<snip>
[*] The alias failed validation, but force is set so we allow this. This is often the case
[*] when for instance 'exploit' is being overridden but msfconsole is not currently in the
[*] exploit context (an exploit is not loaded), or you are overriding a system command
msf exploit(psexec) > alias
Current Aliases
===============
Alias Name Alias Value
---------- -----------
alias so show options
alias sa show advanced
alias se show evasion
alias sp set PAYLOAD
alias slh set LHOST
alias slp set LPORT
alias s sessions
alias si sessions -i
alias session sessions -l -v
alias slv sessions -l -v
alias sk sessions -k
alias sK sessions -K
alias j jobs -l -v
alias sall so;sa;se
ks$ ./msfconsole -x 'set SMBUser admin;"set SMBPass wtf;bbq"'
[*] Processing /Users/joshuasmith/.msf4/msfconsole.rc for ERB directives.
resource (/Users/joshuasmith/.msf4/msfconsole.rc)> load alias
[*] Successfully loaded plugin: alias
SMBUser => admin
SMBPass => wtf;bbq
ks$ ./msfconsole -x 'set SMBUser admin;"set SMBPass wtf"";bbq"'
<snip>
SMBUser => admin
[-] Parse error: Unmatched double quote: "set SMBPass wtf\";bbq"
ks$ ./msfconsole -x 'set SMBUser admin;"set SMBPass wtf\"";bbq"'
<snip>
SMBUser => admin
SMBPass => wtf";bbq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment