Skip to content

Twitt Metasploit Plugin

Jump to bottom Edit New page
darkoperator edited this page Dec 30, 2010 · 2 revisions

This Plugin send twitter messages when a session is created and when a session is shutdown, Each message will contain information about the session it is reporting on.

#Installing

Download and copy the twitt.rb file in to the plugins folder in the folder where you have Metasploit installed. To be able to load the plugin before starting Metasploit install the Ruby Gem needed by the plugin, to achieve this do:

Ubuntu/Debian

     $ sudo gem install twitter

CenOS/RH

    $ su -
    # gem install twitter

Systems with RVM

    $ rvm gem install twitter

#Use

Here is an example on the use of the plugin, You must first register the application with Twitter since it uses Twitter OAuth for Sending information to Twitter over SSL. To do this login with your Twitter account to http://dev.twitter.com/apps and get

  • Consumer Key
  • Consumer Secret
  • OAuth Token
  • OAuth Token Secret

Once Metasploit msfconsole start load the plugin:

    msf exploit(handler) > load twitt
    [*] Successfully loaded plugin: twitt

Once loaded if it is for the first time you must create a configuration file with the information that Twitter provided:

    msf exploit(handler) > twitt_set_consumer_key uqgfughqjfheoufhoqhfe
    [*] Setting the Consumer Key to uqgfughqjfheoufhoqhfe
    msf exploit(handler) > twitt_set_consumer_secret YFHjhujhjUGYTFHFSDFlljghfdr
    [*] Setting the Consumer Secret to YFHjhujhjUGYTFHFSDFlljghfdr
    msf exploit(handler) > twitt_set_oauth_token_secret 8488nmjhlkHGMJKGJNHHFGFHGKJ656e4k
    [*] Setting the OAUTH Token Secret target user to 8488nmjhlkHGMJKGJNHHFGFHGKJ656e4k
    msf exploit(handler) > twitt_set_oauth_token 15435173-tUbJX2uo438RRQxqWRGU4wvvrjd2UoiTqO2Rd8usk
    [*] Setting the OAUTH Token to 15435173-tUbJX2uo438RRQxqWRGU4wvvrjd2UoiTqO2Rd8usk

Next we set the user that will receive the Twitter Direct Messages:

    msf exploit(handler) > twitt_set_user carlos_perez
    [*] Setting the DM target user to carlos_perez

Now We save the configuration, this will create a YAML file in your ~./.msf3 folder where it will store the information, so you will not have to enter it again and again:

    msf exploit(handler) > twitt_save 
    [*] Saving paramters to config file
    [+] All parameters saved to /Users/cperez/.msf3/twitter.yaml

Now we can start the plug in and it will monitor for new session and the shutdown of existing sessions sending a DM to the specified user for each, for future use just fo twitt_start and it will load the values from the YAML file:

    msf exploit(handler) > twitt_start 
    [*] Starting to monitor sessions to Twitt
    [+] Twitter Plugin Started, Monitoring Sessions

When a new session is received it will send a notification:

    msf exploit(handler) > 
    [*] Sending stage (749056 bytes) to 192.168.17.128
    [*] Meterpreter session 1 opened (192.168.17.1:4444 -> 192.168.17.128:1911) at 2010-12-29 12:23:43 -0400
    [*] Session received Sending Message to carlos_perez

The message received will be something like this:

    D Carlos_Perez MSFTwitter Session Num:1 IP:192.168.17.128:1916 Platform:x86/win32 meterpreter

To unload the module just do a:

    msf exploit(handler) > unload twitt
    Unloading plugin twitt...unloaded.
Add a custom footer
Add a custom sidebar
Clone this wiki locally