Every so often someone writes a Metasploit Module that is pretty epic. Today is one such day:
Twitter Link: https://twitter.com/webstersprodigy/status/222529916783169536
Which has a link to here: https://github.com/rapid7/metasploit-framework/pull/589
Demo / Example resource files: https://skydrive.live.com/?cid=19794fac33285fd5&resid=19794FAC33285FD5!170&id=19794FAC33285FD5%21170
You can pull the fork w/ branch from here: https://github.com/webstersprodigy/metasploit-framework/tree/module-http-ntlmrelay
And as soon as you do you can start doing this (using the example resource file to put a file, cat it out, enum shares available, list files on a share, then psexec all from a single URL being loaded):![]()
![]()
![]()
![]()
![]()
↧