0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Scripting Post-Exploitation

with 5 comments

A common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated.

You can easily run a single command using the ‘AutoRunScript’ option. For example:

msf (psexec) > set AutoRunScript killav

However, if you need multiple things to run, there’re a couple multi-runner scripts that you should know about: multiscript, multicommand, and multi_console_command. They can take either a -c or a -rc option, which will provide the list of items to run. These scripts were provided by dark0perator.

Sidenote: If you’re using the multi* scripts, it’s better to use the -rc option. The parsing for the multi-command scripts doesn’t handle spaces well.

msf (psexec) > set AutoRunScript multi_console_command -c ‘command, command, command’ ## Don’t do this

It’s much better to use an external rc file where commands.rc is just a list of commands one-per-line like:

run killav

Then call it like:

msf (psexec) > set AutoRunScript multi_console_command -rc commands.rc

Another (non-recommended) trick is to set the InitialAutoRunScript option ie ‘set InitialAutoRunScript killav’ if you only need two scripts to run – but generally InitialAutoRunScript shouldn’t be touched except by exploits. It’s intended for exploits that know the target process is going to die, so they can migrate. (thanks to egyp7 for the info).


Written by jcran

July 2, 2010 at 5:51 PM

5 Responses

Subscribe to comments with RSS.

  1. Thanks! this was a very timely post, and while it took me a while to figure out what was a script (ie: run migrate – not just migrate) and what was a command (screenshot) I’ve got it working just perfectly!


    July 6, 2010 at 5:36 PM

    • thanks james, glad it helped. i’ll clean this up and add a few more examples time permitting


      July 7, 2010 at 3:58 PM

  2. Hey great Tip 🙂 would it be ok if i reblog this one? So simple but brilliant, so im gonna spread it aight?


    September 26, 2012 at 12:04 PM

    • Sure thing

      jcran – sent from the mobile

      Jonathan Cran

      September 26, 2012 at 2:41 PM

  3. Reblogged this on My.grind.on.IT und kommentierte:
    simple but brilliant thanks jcran 🙂


    September 26, 2012 at 3:53 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: