Esempio n. 1
0
    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
        self.options = options
        self.msfip = options.msfip
        self.msfport = options.msfport
        self.rpcip = options.rpcip
        self.rpcpass = options.rpcpass
        self.javapwncfg = options.javapwncfg or './config_files/javapwn.cfg'

        if not self.msfip:
            sys.exit('[-] JavaPwn plugin requires --msfip')

        self.javacfg = ConfigObj(self.javapwncfg)

        self.javaVersionDic = {}
        for key, value in self.javacfg.iteritems():
            self.javaVersionDic[float(key)] = value

        self.sploited_ips = []  #store ip of pwned or not vulnerable clients so we don't re-exploit

        try:
            msf = msfrpc.Msfrpc({"host": self.rpcip})  #create an instance of msfrpc libarary
            msf.login('msf', self.rpcpass)
            version = msf.call('core.version')['version']
            print "[*] Successfully connected to Metasploit v%s" % version
        except Exception:
            sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")

        #Initialize the BrowserProfiler plugin
        BrowserProfiler.initialize(self, options)

        print "[*] JavaPwn plugin online"
        t = threading.Thread(name='pwn', target=self.pwn, args=(msf,))
        t.setDaemon(True)
        t.start()  #start the main thread
Esempio n. 2
0
    def finish(self):
        '''This will be called when shutting down'''
        msf = msfrpc.Msfrpc({"host": self.rpcip})
        msf.login('msf', self.rpcpass)

        jobs = msf.call('job.list')
        if len(jobs) > 0:
            print '[*] Stopping all running metasploit jobs'
            for k, v in jobs.items():
                msf.call('job.stop', [k])

        consoles = msf.call('console.list')['consoles']
        if len(consoles) > 0:
            print "[*] Closing all virtual consoles"
            for console in consoles:
                msf.call('console.destroy', [console['id']])
Esempio n. 3
0
        try:
            self.javacfg = options.configfile['JavaPwn']
        except Exception, e:
            sys.exit("[-] Error parsing config for JavaPwn: " + str(e))

        self.msfport = msfcfg['msfport']
        self.rpcip = msfcfg['rpcip']
        self.rpcpass = msfcfg['rpcpass']

        #Initialize the BrowserProfiler plugin
        BrowserProfiler.initialize(self, options)
        self.black_ips = []

        try:
            msf = msfrpc.Msfrpc({"host": self.rpcip
                                 })  #create an instance of msfrpc libarary
            msf.login('msf', self.rpcpass)
            version = msf.call('core.version')['version']
            print "|  |_ Connected to Metasploit v%s" % version
        except Exception:
            sys.exit(
                "[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server"
            )

        t = threading.Thread(name='pwn', target=self.pwn, args=(msf, ))
        t.setDaemon(True)
        t.start()  #start the main thread

    def rand_url(
        self
    ):  #generates a random url for our exploits (urls are generated with a / at the beginning)