Run POST Modules On All Sessions

Monday, December 05, 2011

Rob Fuller

D8853ae281be8cfdfa18ab73608e8c3f

 

 

Jcran recently blogged about an easy way to run a post module on all sessions:

http://blog.pentestify.com/simple-framework-domain-token-scanner

msf> use post/windows/gather/enum_domain_tokens

msf enum_domain_tokens> irb

framework.sessions.count.each do |session|

  run_single("set SESSION #{session.first}")

  run_single("run")

  sleep 1

end

You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module.

Thinking back to http://blog.metasploit.com/2010/03/automating-metasploit-console.html and my rapid file PSEXEC resource file, we know we can run ruby inside of resource files with the tag.

Save the following as runall.rc somewhere where you'll remember:

framework.sessions.count.each do |session|

  run_single("set SESSION #{session.first}")

  print_status("Running #{active_module.fullname} against session #{session.first}")

  run_single("run")

  sleep 1

end

Then when you want to run a POST module against every session you have you simply do:

msf> use post/windows/gather/enum_domain_tokens

msf enum_domain_tokens> resource runall.rc

[*] Running post/windows/gather/enum_domain_tokens on session 1

Cross-posted from Room362

Possibly Related Articles:
12492
Network->General
Information Security
Penetration Testing Metasploit Security Infosec Pentesting Sessions POST Modules
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.