Automate the Metasploit Console

The Metasploit Console (msfconsole) has uses the concept of resource files from a long time. A resource file is essentially a batch script for Metasploit which is used to automate common tasks. For example, if you create a resource script called ~/.msf3/msfconsole.rc, it will automatically load each time you start the msfconsole interface. This is a great way to automatically connect to a database and set common parameters (setg PAYLOAD, etc). . . . → Read More: Automate the Metasploit Console

Capturing Logon Credentials with Meterpreter

In the previous post, we described the keystroke sniffing capabilities of the Meterpreter payload. One of the key restrictions of this feature is that it can only sniff while running inside of a process with interactive access to the desktop. In the case of the MS08-067 exploit, we had to migrate into Explorer.exe in order to capture the logged-on user’s keystrokes. . . . → Read More: Capturing Logon Credentials with Meterpreter