Skip to content

02. Basic Use

Jump to bottom
Gabrielle Decker edited this page Jun 26, 2023 · 1 revision

Dependencies

The following tools and packages are required to run the script:

  • Kali Linux.
  • Bash shell
  • Root privileges for the user running the script.
  • PostgreSQL and PostgreSQL client packages.
  • fdupes utility for finding and deleting duplicate files.
  • msfdb for initializing Metasploit database.
  • Nmap network exploration tool.
  • git for cloning the nmap-parse-output repository.
  • wget for downloading the db_autopwn.rb Metasploit plugin.
  • Metasploit Framework.
  • John the Ripper password cracking tool.

Features

  • Scans target machine for vulnerabilities using Nmap with vulners script.
  • Sets up Metasploit environment with Nmap scan results.
  • Executes db_autopwn module to exploit vulnerabilities on target machine.
  • Downloads sensitive files such as /etc/passwd and /etc/shadow.
  • Gathers & cracks credentials from downloaded files with John the Ripper.
  • Executes post-exploitation modules to gather info & escalate privileges.
  • Generates easy-to-read HTML report of Nmap scan.

Step One

The script begins by checking whether it is being run as root user, which is essential for some of the later operations. Next, it sets the main path for the project and creates directories for reports, modules, credentials, and files.

Screenshot 1

Step Two

The script then downloads nmap-parse-output and the Metasploit plugin autopwn. The first action function is the nmap_() function, which scans the target system for vulnerabilities using the Nmap tool. It uses various flags to perform a thorough scan and generate a report in XML format. The report is then saved to the reports directory.

Screenshot 2

Step Three

The createAuto_() function creates an module that automates the exploitation process. The module uses db_autopwn to exploit vulnerabilities found in the scan and opens sessions to the target. The function then dumps and saves the session IDs and opens a Meterpreter shell in any session opened by the exploit. The port_cleaner.rc file is executed to clean up any open ports after the exploit.

Screenshot 3

Step Four

The createPost_() function creates a post-exploitation module that gathers information from the target system, including credentials and system configurations. It is called at the end of the createAuto_() function and downloads important files such as /etc/passwd, /etc/shadow, and /etc/group to the creds directory.

Screenshot 4

Step Five

The createCreds_() function creates a password cracking module that uses the John the Ripper password cracker to crack the password hashes stored in the shadow file. It is called at the end of the createPost_() function.

Screenshot 5

Limitations

  • Educational Use Only: This script is intended for educational purposes and should not be used to exploit systems without proper authorization.
  • Compatibility: The script is designed to work with Metasploitable 2 virtual machines and may not be compatible with other versions or configurations.
  • Operating System: Rogue.sh is tailored for use with Kali Linux and may not function correctly on other operating systems.
  • Deprecated Metasploit Plugin: The db_autpwn plugin used in this script is deprecated in newer versions of Metasploit.
  • Lack of Error Checking: The script does not include comprehensive error checking or validation, so caution should be exercised while using it.
  • Hardcoded Paths: The script utilizes hardcoded paths to main folders and files, which may cause issues if the directory structure is modified or if the script is run on a different machine.
  • Assumption of User: The script assumes that the user is running under the username 'kali'.
  • Noisiness: Rogue.sh generates significant noise during its execution, which may be detectable by network monitoring tools.

Made by Gabrielle Decker.
Code released under the GPL v3.

Examples

Video playthrough can be seen here: https://youtu.be/YNRqINIU3Is

Clone this wiki locally