Hi there, i am in te process of writeup a howto on this one as well as contributing a lot of stuff back to the project. I did most of the stuff you mentioned allready.
Greetings max On Oct 22, 2008, at 12:33 PM, M. GAD wrote: > Hi all > I need your advice/help on the implementation of a new metasploit > module. > The idea is that we are sometimes interested not only in breaking > (penetrating) into systems but also we are interested in post-access > actions, which can be very significant for security analysis or > evaluation (statefull or behavior-based IDSes by example). > > Metasploit already contains "access" actions as well as other usefull > auxiliary tools of attack (e.g., Dos, scanners, etc). So, I thought to > extend metasploit framework by a new module to imitate (and automate) > post-access actions that can probably be carried out by attackers. For > example, executing a sequence of commands to browse the victim > machine, upload a piece of malwae, connect back to another machine, > etc. > The advantage in metasploit is that it contains all what we need to > carry out such actions but the question is how to automate it. I know > that autopwn is an advanced step for doing this but unfortunately it > stops at gaining access and establishing sessions. We need to go a > step further in the automation. > > What is the entry point to interact with the established sessions, how > can we execute commands, receive and process their outputs? > I think Msf::Session is the key entry, right? > > Any help or suggestion for this end is highly appreciated. > > Best regards, > Mohammed GAD > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
