Managing and Editing Task Chains
Task chains are a series of preconfigured tasks that execute in sequential order. They are editable, cloneable, and suspendable, which makes it easy for you to manage and reuse task chains. For example, if you have an existing task chain that you want to reuse with a slightly different configuration, you can clone and customize that task chain.
Adding a Task to a Task Chain
To add a task to a task chain, click the '+' Add task button.
When you click the '+' button, the task list appears and shows you the tasks that can be added to the task chain.
After you add the task, a new task bubble appears on the task chain, and the task configuration form displays below the task chain.
The task bubble displays the tasks' position in the task chain. A task in the first position displays a number '1', a task in the second position displays a number '2', and so forth. You can click the task bubble and drag it to reposition it in the task chain.
Any task bubble highlighted in red indicates that the task has not been configured correctly and the task chain cannot be saved. You can click on the task to fix the issues on the task form.
Cloning a Task
When you clone a task, you are adding a copy of the task to the end of the task chain. You can move or modify the task as needed.
You should only clone tasks that are highlighted in blue, which indicate that there are no errors in the task configuration.
To clone a task, click the task you want to clone to select it.
Then, click the Clone button located in the task chain tool bar.
The cloned task will be added to the end of the task chain.
If you need to reposition the task in the task chain, click on the task and drag it to the position you want it to appear in the task chain.
Rearranging Tasks in a Task Chain
To move a task to a different position in the task chain, click the task bubble and drag it to reposition it in the task chain.
After you reposition the task, the position that displays in the task bubble is updated. A task in the first position displays a number '1', a task in the second position displays a number '2', and so forth.
Removing a Task from a Task Chain
To remove a task from a task chain, click the task you want to delete to select it.
Then, click the Delete button located in the task chain toolbar.
A dialog window will appear and prompt you to confirm that you want to delete the task. Click OK to delete the task from the task chain.
You can only remove one task at a time. If you need to remove multiple tasks, please repeat the steps listed above or reset the task chain. For more information on resetting the task chain, see Resetting a Task Chain.
After you remove a task from the task chain, you will not be able to recover the task. You will need to rebuild the task.
Clearing the Project Data before a Task Chain Runs
If you want to clear the project data before the task chain runs, you can enable the Delete previous project data option.
Any and all data stored in the project, including hosts, collected evidence, session information, reports, and credentials will be wiped from the project. Enable this option only if you want to start the task chain with an empty project. Data cannot be recovered after it has been cleared from the project.
Resetting a Task Chain
You can reset a task chain to clear all of the tasks from it. A task chain reset will remove all tasks and their configurations from the task chain. This action cannot be reverted.
To reset a task chain, click the Reset button located in the task chain toolbar.
A dialog window will appear and prompt you to confirm that you want to reset the task chain. Click OK to reset it.
Running a Task Chain
You can run task chains on demand or outside the scope of its schedule.
To run a task chain, select Tasks > Chains from the Project tab bar.
Select the task chain that you want to run.
Click the Run Now button.
A dialog window will appear and prompt you to confirm that you want to run the task chain. Click OK to run it.
Editing a Task Chain
You can edit a task chain to modify its existing settings. To edit a task chain, select Tasks > Chains from the Project tab bar.
When the Task Chains list appears, click on the name of the task chain that you want to edit.
When the task chain configuration page opens, you can do things like add, clone, and remove tasks; tweak settings for a particular task; and update the schedule for the task chain.
Cloning a Task Chain
When you clone a task chain, you are making a copy of it. Cloning enables you to reuse an existing task chain configuration. For example, you may want to clone a task chain if you want to run the same task chain on a different schedule or if you want to run a task chain with slight modifications.
To clone a task chain, select Tasks > Chains from the Project tab bar.
When the Task Chains list appears, select the task chain that you want to clone.
Click the Clone button.
The task chain configuration form appears. The form retains the configuration settings that you used to create the original task chain. You can run the task chain as is, or you can modify its settings.
The cloned task chain will use the following naming convention: [task-chain-name]-timestamp
.
Suspending a Task Chain
You can suspend a task chain if you want the task chain to ignore its current schedule. When you suspend a task chain, it will not run again until you re-enable the schedule or manually run it yourself.
When you suspend a running task chain, the task chain will be canceled. Do not suspend a running task chain unless you intend to stop it.
To suspend a task chain, select Tasks > Chains from the Project tab bar.
When the Task Chains list appears, select the task chain whose schedule you want to suspend. The task chain that you select must be scheduled and in an unsuspended state. These task chains will have a scheduled icon located next to them.
If you need to bulk suspend task chains, you can select multiple task chains.
Click the Suspend button.
The schedule icon changes to the suspended icon.
To unsuspend a task chain, select it and click the Unsuspend button. The task chain you selected must be in a suspended state.
Updating the Schedule for a Task Chain
To edit the schedule for an existing task chain, select Tasks > Chains from the Project tab bar.
When the Task Chains list appears, click on the name of the task chain whose schedule you want to edit.
When the task chain configuration page opens, click on the Schedule Now link to open the scheduler.
The scheduler will display the current schedule. You can use the scheduler to update the existing settings.
Stopping a Running Task Chain
To cancel a running task chain, select Tasks > Chains from the Project tab bar.
Select the running task chain you want to cancel and click the Stop button. A running task chain will show a running icon in the Status column.
Any data that was collected before you stopped the tasks will still be stored in the project.
Stopping All Running Tasks
To stop all tasks that are currently running in Metasploit Pro, select Administration > Global Settings. Scroll down to the bottom of the page and find the Stop all tasks button. This will immediately stop all active tasks. Please alert your other team members if you intend to cancel their running tasks.
Any data that was collected before you stopped the tasks will still be stored in the project.
Viewing the Tasks Log
The Tasks Log shows you the events for a particular task. To view the task log for a task, select Tasks > Show Tasks from the Project tab bar.
When the task log appears, find and click on the task you want to view.
The Tasks Log appears and shows you the status and activity for the task.
Cleaning Up Open Sessions
A task chain that includes a task like bruteforce, exploit, or module run may open a session on the target system. An open session enables you to interact with the compromised system. When you are done with a session, you should close the connection with the target.
To clean up and close open sessions, you should add a clean up task to the task chain. As a rule of thumb, the clean up task should be the last task in the task chain. This ensures that Metasploit has the opportunity to collect system information and take advantage of open sessions before it closes them.
Deleting a Task Chain
When you delete a task chain, it will be permanently removed from the project, and you will no longer be able to access or run it. You will not be able to recover a deleted task chain.
To delete a task chain, select Tasks > Chains from the Project tab bar.
When the Task Chains list appears, select the task chain that you want to delete.
Click the Delete button.
Adding a Post-Exploitation Module to a Task Chain
Post-exploitation is the phase that occurs after the system successfully exploits the target. It is the process that you use to identify information that helps you gain further access to the target or to additional systems within the target’s internal networks.
When you manually run an attack against a target and get an active session, Metasploit Pro provides actions that you can take against the session. The actions are available on the session page and vary based on the session type, such as shell or Meterpreter, and system information. For example, if the system opens a shell on a target, the actions that you can take include opening a command shell that connects to the target and collecting system data. If the system opens a Meterpreter session, you can do things like set up a proxy pivot or access the file system.
Using the target system information, automatically displays the post-exploitation modules that are applicable to the target. This makes it easy for you to identify and choose the post-exploitation modules that you want to run against the target.
When you work with task chains, the post-exploitation process is completely manual. You must search for the post-exploitation modules that you want to use based on the information that you have about the target. For example, if you know the target is a Windows system, and you want to capture screenshots, you may want to add a module task to your task chain that runs post/Windows/gather/screenshot
. Or if you know your target is a Linux system, and you want to collect hashes, you may want to run post/linux/gather/hashdump
.