Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Thanks Alex and Jond -- metasploit and proxyport

from [H D Moore] Network Security [Permanent Link]
Subject: Re: Thanks Alex and Jond -- metasploit and proxyport
Date: Thu, 18 Oct 2007 11:10:48 -0500 
On Wednesday 17 October 2007, James Kelly wrote:

I've re-read the docs for metasploit 4 and there is an option to set
a "proxies" environmental variable.
I have to dig deaper but it looks like metasploit 3 will do proxying
transparently. I have to dig deeper though.


Metasploit 3 includes builtin proxy support for all TCP sockets created by 
exploit/auxiliary modules. The format is:

msf> setg Proxies SOCKS4:127.0.0.1:1080

You can configure multiple proxies in a chain with commas:

msf> setg Proxies SOCKS4:host1:1080,SOCKS4:host2:1080

A number of bugs were fixed in the Metasploit 3 proxy support after 
version 3.0 was released. I recommend that you use the development 
version instead and always use the latest version:

$ svn co http://metasploit.com/svn/framework3/trunk/ msf3-trunk

At this time, only SOCKS4 proxies are supported. We will be happy to add 
HTTP, SOCKS4A, SOCKS5 if there is any demand for it. Proxy support only 
works for connections initiated from the system running Metasploit -- if 
you configure a proxy, but route your connection through another 
exploited system (using the route command and meterpreter), then the 
proxy parameters will be simply be ignored.

The following example routes a HTTP banner scan through TOR:

msf > use auxiliary/scanner/http/version
msf auxiliary(version) > 

msf auxiliary(version) > set RHOSTS 216.75.15.0/24
RHOSTS => 216.75.15.0/24

msf auxiliary(version) > set Proxies SOCKS4:127.0.0.1:2080
Proxies => SOCKS4:127.0.0.1:2080

msf auxiliary(version) > run
[*] 216.75.15.3 is running Apache/2.2.0 (Linux/SUSE)
[*] 216.75.15.4 is running Apache ( Powered by PHP/4.4.4-8+etch3 )
[*] 216.75.15.5 is running Apache/2.2.2 (Fedora)
[*] 216.75.15.6 is running Microsoft-IIS/6.0 ( Powered by ASP.NET )
[*] 216.75.15.8 is running Apache
[*] 216.75.15.9 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.14 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.16 is running Apache/2.0.53 (Linux/SUSE)
[*] 216.75.15.17 is running Apache
[*] 216.75.15.18 is running Apache/2.2.3 (Fedora) ( Powered by PHP/5.1.6 )
[*] 216.75.15.19 is running Apache/2.2.3 (Fedora) ( Fedora Default Page )
[*] Caught interrupt from the console...
[*] Auxiliary module execution completed

msf auxiliary(version) >

-HD

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SQL Injecton - Strange Result, Danux
Next by Date:  re: Directory Transversal, Sat Jagat Singh
Previous by Thread:  Re: Thanks Alex and Jond -- metasploit and proxyport, Brett Cunningham
Next by Thread:  Re: Thanks Alex and Jond -- metasploit and proxyport, Alexander Bondarenko
Indexes:  [Date] [Thread] [Top] [All Lists]