msfrpc-simple 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/msfrpc-simple/features/framework.rb +60 -96
- data/lib/msfrpc-simple/version.rb +1 -1
- metadata +1 -1
@@ -15,63 +15,39 @@ module Msf
|
|
15
15
|
# - auxiliary/scanner/smb/smb_enumshares
|
16
16
|
# - auxiliary/scanner/smb/smb_enumusers
|
17
17
|
modules_and_options = [
|
18
|
-
{:module_name => "auxiliary/scanner/http/http_version",
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
{:module_name => "auxiliary/scanner/
|
23
|
-
:
|
24
|
-
{:module_name => "auxiliary/scanner/
|
25
|
-
:
|
26
|
-
{:module_name => "auxiliary/scanner/
|
27
|
-
:
|
28
|
-
#{:module_name => "auxiliary/scanner/
|
29
|
-
|
30
|
-
#{:module_name => "auxiliary/scanner/
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
{:module_name => "auxiliary/scanner/
|
35
|
-
:
|
36
|
-
|
37
|
-
|
38
|
-
#{:module_name => "auxiliary/scanner/netbios/nbname_probe",
|
39
|
-
#:module_option_string => "RHOSTS #{range}" },
|
40
|
-
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp",
|
41
|
-
#:module_option_string => "RHOSTS #{range}" },
|
42
|
-
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp",
|
43
|
-
#:module_option_string => "RHOSTS #{range}" },
|
44
|
-
{:module_name => "auxiliary/scanner/pop3/pop3_version",
|
45
|
-
:module_option_string => "RHOSTS #{range}" },
|
46
|
-
{:module_name => "auxiliary/scanner/postgres/postgres_version",
|
47
|
-
:module_option_string => "RHOSTS #{range}" },
|
48
|
-
{:module_name => "auxiliary/scanner/smb/smb_version",
|
49
|
-
:module_option_string => "RHOSTS #{range}" },
|
50
|
-
{:module_name => "auxiliary/scanner/snmp/snmp_enum",
|
51
|
-
:module_option_string => "RHOSTS #{range}" },
|
52
|
-
{:module_name => "auxiliary/scanner/ssh/ssh_version",
|
53
|
-
:module_option_string => "RHOSTS #{range}" },
|
54
|
-
{:module_name => "auxiliary/scanner/telnet/telnet_version",
|
55
|
-
:module_option_string => "RHOSTS #{range}" },
|
56
|
-
#{:module_name => "auxiliary/scanner/vmware/vmauthd_version",
|
57
|
-
#:module_option_string => "RHOSTS #{range}" },
|
18
|
+
{:module_name => "auxiliary/scanner/http/http_version"},
|
19
|
+
#{:module_name => "auxiliary/scanner/http/cert"},
|
20
|
+
{:module_name => "auxiliary/scanner/ftp/ftp_version"},
|
21
|
+
{:module_name => "auxiliary/scanner/h323/h323_version"},
|
22
|
+
{:module_name => "auxiliary/scanner/imap/imap_version"},
|
23
|
+
#{:module_name => "auxiliary/scanner/portscan/syn"},
|
24
|
+
#{:module_name => "auxiliary/scanner/portscan/tcp"},
|
25
|
+
#{:module_name => "auxiliary/scanner/lotus/lotus_domino_version"},
|
26
|
+
{:module_name => "auxiliary/scanner/mysql/mysql_version"},
|
27
|
+
#{:module_name => "auxiliary/scanner/netbios/nbname"},
|
28
|
+
#{:module_name => "auxiliary/scanner/netbios/nbname_probe"},
|
29
|
+
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_tcp"},
|
30
|
+
#{:module_name => "auxiliary/scanner/pcanywhere/pcanywhere_udp"},
|
31
|
+
{:module_name => "auxiliary/scanner/pop3/pop3_version"},
|
32
|
+
{:module_name => "auxiliary/scanner/postgres/postgres_version"},
|
33
|
+
{:module_name => "auxiliary/scanner/smb/smb_version"},
|
34
|
+
{:module_name => "auxiliary/scanner/snmp/snmp_enum"},
|
35
|
+
{:module_name => "auxiliary/scanner/ssh/ssh_version"},
|
36
|
+
{:module_name => "auxiliary/scanner/telnet/telnet_version"},
|
37
|
+
#{:module_name => "auxiliary/scanner/vmware/vmauthd_version"},
|
58
38
|
]
|
59
39
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
module_name = module_and_options[:module_name]
|
66
|
-
module_option_string = module_and_options[:module_option_string]
|
40
|
+
output = ""
|
41
|
+
module_list.each do |m|
|
42
|
+
# Merge in default options
|
43
|
+
m[:module_option_string] = "RHOSTS #{range}"
|
67
44
|
|
68
45
|
# store this module's name in the output
|
69
|
-
|
70
|
-
|
71
|
-
module_output_data_string += execute_module_and_return_output(module_and_options)
|
46
|
+
output += "=== #{m[:module_name]} ===\n"
|
47
|
+
output += execute_module_and_return_output(m)
|
72
48
|
end
|
73
49
|
|
74
|
-
|
50
|
+
output
|
75
51
|
end
|
76
52
|
|
77
53
|
|
@@ -80,45 +56,30 @@ module Msf
|
|
80
56
|
#
|
81
57
|
def bruteforce_range(range)
|
82
58
|
|
83
|
-
|
84
|
-
{:module_name => "auxiliary/scanner/ftp/ftp_login",
|
85
|
-
|
86
|
-
{:module_name => "auxiliary/scanner/
|
87
|
-
|
88
|
-
{:module_name => "auxiliary/scanner/
|
89
|
-
|
90
|
-
{:module_name => "auxiliary/scanner/
|
91
|
-
|
92
|
-
{:module_name => "auxiliary/scanner/
|
93
|
-
|
94
|
-
{:module_name => "auxiliary/scanner/pop3/pop3_login",
|
95
|
-
:module_option_string => "RHOSTS #{range}" },
|
96
|
-
{:module_name => "auxiliary/scanner/smb/smb_login",
|
97
|
-
:module_option_string => "RHOSTS #{range}" },
|
98
|
-
{:module_name => "auxiliary/scanner/snmp/snmp_login",
|
99
|
-
:module_option_string => "RHOSTS #{range}" },
|
100
|
-
{:module_name => "auxiliary/scanner/ssh/ssh_login",
|
101
|
-
:module_option_string => "RHOSTS #{range}" },
|
102
|
-
{:module_name => "auxiliary/scanner/telnet/telnet_login",
|
103
|
-
:module_option_string => "RHOSTS #{range}" },
|
59
|
+
module_list = [
|
60
|
+
#{:module_name => "auxiliary/scanner/ftp/ftp_login"},
|
61
|
+
#{:module_name => "auxiliary/scanner/http/http_login"},
|
62
|
+
#{:module_name => "auxiliary/scanner/smb/smb_login"},
|
63
|
+
#{:module_name => "auxiliary/scanner/mssql/mssql_login"},
|
64
|
+
#{:module_name => "auxiliary/scanner/mysql/mysql_login"},
|
65
|
+
#{:module_name => "auxiliary/scanner/pop3/pop3_login"},
|
66
|
+
#{:module_name => "auxiliary/scanner/smb/smb_login"},
|
67
|
+
#{:module_name => "auxiliary/scanner/snmp/snmp_login"},
|
68
|
+
{:module_name => "auxiliary/scanner/ssh/ssh_login"},
|
69
|
+
#{:module_name => "auxiliary/scanner/telnet/telnet_login"},
|
104
70
|
]
|
105
71
|
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
module_name = module_and_options[:module_name]
|
112
|
-
module_option_string = module_and_options[:module_option_string]
|
72
|
+
output = ""
|
73
|
+
module_list.each do |m|
|
74
|
+
#m[:module_option_string] = "RHOSTS #{range}, USER_FILE /opt/metasploit/msf3/data/wordlists/unix_users.txt, PASS_FILE /opt/metasploit/msf3/data/wordlists/unix_passwords.txt"
|
75
|
+
m[:module_option_string] = "RHOSTS #{range}, USERNAME root, PASSWORD root"
|
113
76
|
|
114
77
|
# store this module's name in the output
|
115
|
-
|
116
|
-
|
117
|
-
module_output_data_string += execute_module_and_return_output(module_and_options)
|
78
|
+
output += "=== #{m[:module_name]} ===\n"
|
79
|
+
output += execute_module_and_return_output(m)
|
118
80
|
end
|
119
81
|
|
120
|
-
|
121
|
-
|
82
|
+
output
|
122
83
|
end
|
123
84
|
|
124
85
|
#
|
@@ -133,14 +94,16 @@ module Msf
|
|
133
94
|
#
|
134
95
|
def execute_module_and_return_output(options)
|
135
96
|
module_name = options[:module_name]
|
136
|
-
#module_options = options[:module_options]
|
137
97
|
module_option_string = options[:module_option_string]
|
138
98
|
|
99
|
+
puts "module: #{module_name}"
|
100
|
+
puts "options: #{module_option_string}"
|
101
|
+
|
139
102
|
# split up the module name into type / name
|
140
103
|
module_type = module_name.split("/").first
|
141
104
|
raise "Error, bad module name" unless ["exploit", "auxiliary", "post", "encoder", "nop"].include? module_type
|
142
105
|
|
143
|
-
#
|
106
|
+
# TODO - we may have to deal w/ targets somehow
|
144
107
|
|
145
108
|
#info = @client.call("module.execute", module_type, module_name, module_options)
|
146
109
|
#@client.call("job.info", info["job_id"])
|
@@ -151,6 +114,7 @@ module Msf
|
|
151
114
|
# File, etc). For your use case, the best bet is to run the module
|
152
115
|
# via the Console API instead of module.execute, and use that to read
|
153
116
|
# the output from the console itself, which provides buffer output for you.
|
117
|
+
output = ""
|
154
118
|
|
155
119
|
# Create the console and get its id
|
156
120
|
console = @client.call("console.create")
|
@@ -165,12 +129,14 @@ module Msf
|
|
165
129
|
# Set up the module's datastore
|
166
130
|
module_option_string.split(",").each do |module_option|
|
167
131
|
@client.call "console.write", console_id, "set #{module_option}\n"
|
168
|
-
@client.call("console.read", console_id)
|
132
|
+
module_output = @client.call("console.read", console_id)
|
133
|
+
output += "#{module_output['data']}"
|
169
134
|
end
|
170
135
|
|
171
136
|
# Ugh, this is horrible, but the read call is currently racey
|
172
|
-
5.times do
|
173
|
-
@client.call("console.read", console_id)
|
137
|
+
5.times do
|
138
|
+
module_output = @client.call("console.read", console_id)
|
139
|
+
output += "#{module_output['data']}"
|
174
140
|
end
|
175
141
|
|
176
142
|
# Depending on the module_type, kick off the module
|
@@ -184,26 +150,24 @@ module Msf
|
|
184
150
|
|
185
151
|
# do an initial read of the module's output
|
186
152
|
module_output = @client.call("console.read", console_id)
|
187
|
-
|
153
|
+
output += "#{module_output['data']}"
|
188
154
|
|
189
|
-
|
190
|
-
|
191
|
-
while module_output["busy"] do
|
155
|
+
until !module_output["busy"] do
|
192
156
|
module_output = @client.call("console.read", console_id)
|
193
|
-
|
157
|
+
output += "#{module_output['data']}"
|
194
158
|
return "Module Error" if module_output["result"] == "failure"
|
195
159
|
end
|
196
160
|
|
197
161
|
# Ugh, this is horrible, but the read call is currently racey
|
198
162
|
5.times do
|
199
163
|
module_output = @client.call("console.read", console_id)
|
200
|
-
|
164
|
+
output += "#{module_output['data']}"
|
201
165
|
end
|
202
166
|
|
203
167
|
# Clean up
|
204
168
|
@client.call("console.destroy", console_id)
|
205
169
|
|
206
|
-
|
170
|
+
output
|
207
171
|
end
|
208
172
|
|
209
173
|
end
|