Hey guys, just had one question. I've used autopwn in both BT2 and BT3 beta, in BT2 with the Ninja script, and in BT3 with FastTrack using Sqlite3 (and have tried both manually and had the same problem). I am able to create all databases and users and Nmap scan and even load all the exploits, but when it goes through them all, after its loaded (i.e. completed 67/67 and continues on with it's stuff), it goes through part of it, then slows down and eventually doesn't move. Without cancelling what it's doing, I type the "sessions -l" command to see if anything's spawned, and it hasn't. I have tried this against my old router, my WinXP SP2 semi-unpatched machine, and an old Live CD based Server with many services, and had the same trouble with all of them. This is using an updated metasploit also. Does anyone else have this trouble, or is it just me? And is there something I'm doing wrong, or can this be fixed? Thanks,

-Stephen

Ok, never mind, I got that much. I installed a brand new XP with no service pack and no patches, and managed to exploit that fairly easily, so it was only freezing before because the previous system was patched completely. I added a backdoor my XP computer in the form of a new user account (not subtle, but serves for my learning). I am just wondering how I am able to connect (using any linux or windows system, doesn't matter) back to that machine and get access to the command line without having to Metasploit it again? Is this possible. I've done a bit of google searching with no fruit so far. Thanks for your help.

-Stephen

what backdoor and how do you connect from windows(bt has already vnc/rdp tools)

You could drop VNC or netcat on it.

Ok, never mind, I got that much. I installed a brand new XP with no service pack and no patches, and managed to exploit that fairly easily, so it was only freezing before because the previous system was patched completely. I added a backdoor my XP computer in the form of a new user account (not subtle, but serves for my learning). I am just wondering how I am able to connect (using any linux or windows system, doesn't matter) back to that machine and get access to the command line without having to Metasploit it again? Is this possible. I've done a bit of google searching with no fruit so far. Thanks for your help.

-Stephen
I think you've used the wrong Payload in order to get a command line...try wind32_bind or reverse to get a shell.
If you create a user account you can only connect via rdp...
...and then run cmd.exe to have a shell in the Remote Desktop windows
...or get your shell via netcat/socat/sbd (you have to upload to the machine at first)

I get the same problem referred to in the original post. Does this mean that if autopwn is targeted at a fully patched xp system it will cease working at a point? I've also tried targeting a few other devices, with the same result. It seems to halt while trying to connect to the smb service.

Cheers,
Stubbers

Would edit my last post if i could. Problem fixed, there was no problem :)

If I'm using autopwn, how do I go about dropping in a VNC or RDP? I think I've seen that metasploit has an upload feature, but can this be used with autopwn? Thanks guys,

-Stephen

Theres a videoCourtesy of PureH@te thats around I cant post the link because I dont have 15 posts but search around you'll find it. In the vid he uses fasttrack and shows the process to have a back way in and such.

Theres a videoCourtesy of PureH@te thats around I cant post the link because I dont have 15 posts but search around you'll find it. In the vid he uses fasttrack and shows the process to have a back way in and such.

You mean this one?:
http://blip.tv/file/568518
Courtesy of Pureh@te

:)

You mean this one?:

Courtesy of Pureh@te

:)

to be honest, I've tried this & it didnt work?? Im running win xp pro sp2, is this why? when I tried to exploit my 'victim system' it just seemed to pause & not create any sessions? Is there something else Im needing to do?

to be honest, I've tried this & it didnt work?? Im running win xp pro sp2, is this why? when I tried to exploit my 'victim system' it just seemed to pause & not create any sessions? Is there something else Im needing to do?

You tried what ?
Try to be a little more detailed about what you did and what the results were.
That way others who read this will be able to help you.

Gee, this one got resurrected. I posted that ages ago. But yeah, exploiting an XP SP2 Machine using fast-track will likely not work. If you try an unpatched, non-sp install home edition, you can get about 4 shells with fast-track from memory. Try that instead.

-Stephen

Gee, this one got resurrected. I posted that ages ago. But yeah, exploiting an XP SP2 Machine using fast-track will likely not work. If you try an unpatched, non-sp install home edition, you can get about 4 shells with fast-track from memory. Try that instead.

-Stephen
Agreed, I've tested it against three fully patched XP SP2 boxes and got nothing.

When fast-track 3 comes out it will have a improved client-side attack that will be more effective against sp2

Sounds good. Any word on when this will be happening? And will it be included in BT3 Final?

-Stephen

I let ReL1k tell it since its his tool however I'm certain the new and improved version (with a GUI:eek:) will be in BT3 final.

Sure thing pureh@te, I will get in contact with him. Thanks for the info - I had no idea who this tool was by, only that it was good :P

-Stephen