Windows Manage Local NBD Server for Remote Disks
Maps remote disks and logical volumes to a local Network Block Device server. Allows for forensic tools to be executed on the remote disk directly.
Rank
- Normal
Authors
- Wesley McGrew < wesley [at] mcgrewsecurity.com >
Development
Similar Modules
- post/windows/manage/add_user_domain
- post/windows/manage/autoroute
- post/windows/manage/delete_user
- post/windows/manage/download_exec
- post/windows/manage/enable_rdp
- post/windows/manage/inject_ca
- post/windows/manage/inject_host
- post/windows/manage/migrate
- post/windows/manage/multi_meterpreter_inject
- post/windows/manage/payload_inject
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/manage/nbd_server
msf post(nbd_server) > set DEVICE [STRING]
msf post(nbd_server) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/manage/nbd_server
msf post(nbd_server) > set DEVICE [STRING]
msf post(nbd_server) > set SESSION [INTEGER]
Module Options
| DEVICE | Device to map (use enum_drives for possible names) |
| NBDIP | IP address for NBD server (default: 0.0.0.0) |
| NBDPORT | TCP port for NBD server (default: 10005) |
| SESSION | The session to run this module on. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |