msf-auxiliarys : collection of msf auxiliary module.

msf-auxiliarys : collection of msf auxiliary module.

latest change 24/3/2016:
+ myaixiliarys.rb: this module needs a meterpreter session open, to gather info about target machine by default (advanced SYSINFO), the option (GETPRIVS)  will try to rise meterpreter to SYSTEM privileges, (CLEAR) will clean IDS event logfiles on target host, (UACSET) will Check UAC settings and is level of running, (UACBYPASS) will try to bypass UAC settings using regedit, (LOGIN) will try to enumerate recently logged on users, (APPL) will enumerate Installed Applications of target host, (STARTBROWSER) opens URL using target Browser.
(HOSTFILE) add entrys to target hostfile <ip-add> <domain>, (DELHOST) revert target hostfile to default settings, (MSG) will execute the input message on target desktop, (SHUTDOWN) will ask for the amount of time to shutdown the remote host, (LABEL) will rename the c: harddrive display name, (HIDETASK) disable task manager display on target host, (EXECUTE) will execute an arbitary cmd command on target host, (STOPPROCESS) stop a running process on target host, (SETCH) will backdoor setch.exe on target system, just Press Shift key 5 times at Login Screen and you should be greeted by a shell, (to bypass user credentials: net user username *) (PANIC)
Disable ControlPanel, hide Drives, hide desktop icons, DisableTaskMgr, restrict access to webBrowsers [IExplorer,Chrome,Firefox], logoff target host, and display a msg at login time.
+ UpAndRun.rb – upload a script or executable and run it

my-auxiliary

my-auxiliary

:[ Auxiliary Module History ]:
As metasploit framework long time user i realized that in actual database does not exist any module that cover your tracks efficiently (in a forensic breach investigation) after a successfully exploitation. Looking at the actual database we can only find two ‘meterpreter’ modules that help us in your task: ‘clearev’ that clears the Applications, System and Security logs on a Window system (eventviewer) and ‘timestomp’ to manipulate the MACE (Modified, Accessed, Changed) times of a file/appl (Window system)…Cleantrack-auxiliary-1.3
CleanTracks.rb auxiliary as writen to work in post-exploitation (after the target gets exploited and a meterpreter session pops up), it rellys on policies registry keys and cmd commands (remote executed by auxiliary) to cover footprints left in target system.
Description:
this module needs a meterpreter session open to cover, your fingerprints in target system after a sucessfully exploitation, it rellys on registry keys and cmd commands to achieve that goal. “Also we can set more than one option to run simultaneously”
stage1: prevents the creation of data in target system by adding registry policie keys into target regedit, this module should be run just after a sucessfully exploitation.
stage2: clear temp/prefetch folders, flushdns cache, clear eventlogs this module should be run befor leaving the current session also we can only use stage2 without runing stage1 but it will be more uneffective that runing the two stages separately.
getsys: getpriv msf module to elevate current session to authority/system, its advice to run it before running any of the stages describe above
(stage1 and stage2) logoff: logoff target machine (optional, more effective).

Usage :

CleanTracks.rb Script:

Source : http://sourceforge.net/p/msf-auxiliarys/ | Our Post Before