Python implements methods that call MetaSploit remotely
- 2020-04-02 13:57:18
- OfStack
This article describes the method of remote calling MetaSploit in Python in more detail, which is of great reference value for learning Python. The specific implementation method is as follows:
(1) install Python's msgpack class library. The data serialization standard in the MSF official document is referred to msgpack.
root@kali:~# apt-get install python-setuptools
root@kali:~# easy_install msgpack-python
(2) create createdb_sql.txt:
create database msf;
create user msf with password 'msf123';
grant all privileges on database msf to msf;
(3) execute the above files in PostgreSQL:
root@kali:~# /etc/init.d/postgresql start
root@kali:~# sudo -u postgres /usr/bin/psql < createdb_sql.txt
(4) create the setup.rc file
db_connect msf:msf123@127.0.0.1/msf
load msgrpc User=msf Pass='abc123'
(5) start MSF and execute the load file
root@kali:~# msfconsole -r setup.rc
* SNIP *
[*] Processing setup.rc for ERB directives.
resource (setup.rc)> db_connect msf:msf123@127.0.0.1/msf
[*] Rebuilding the module cache in the background...
resource (setup.rc)> load msgrpc User=msf Pass='abc123'
[*] MSGRPC Service: 127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: abc123
[*] Successfully loaded plugin: msgrpc
(6) there is a Python library on Github, but it's not easy to use
root@kali:~# git clone git://github.com/SpiderLabs/msfrpc.git msfrpc
root@kali:~# cd msfrpc/python-msfrpc
root@kali:~# python setup.py install
The test code is as follows:
#!/usr/bin/env python
import msgpack
import httplib
class Msfrpc:
class MsfError(Exception):
def __init__(self,msg):
self.msg = msg
def __str__(self):
return repr(self.msg)
class MsfAuthError(MsfError):
def __init__(self,msg):
self.msg = msg
def __init__(self,opts=[]):
self.host = opts.get('host') or "127.0.0.1"
self.port = opts.get('port') or 55552
self.uri = opts.get('uri') or "/api/"
self.ssl = opts.get('ssl') or False
self.authenticated = False
self.token = False
self.headers = {"Content-type" : "binary/message-pack" }
if self.ssl:
self.client = httplib.HTTPSConnection(self.host,self.port)
else:
self.client = httplib.HTTPConnection(self.host,self.port)
def encode(self,data):
return msgpack.packb(data)
def decode(self,data):
return msgpack.unpackb(data)
def call(self,meth,opts = []):
if meth != "auth.login":
if not self.authenticated:
raise self.MsfAuthError("MsfRPC: Not Authenticated")
if meth != "auth.login":
opts.insert(0,self.token)
opts.insert(0,meth)
params = self.encode(opts)
self.client.request("POST",self.uri,params,self.headers)
resp = self.client.getresponse()
return self.decode(resp.read())
def login(self,user,password):
ret = self.call('auth.login',[user,password])
if ret.get('result') == 'success':
self.authenticated = True
self.token = ret.get('token')
return True
else:
raise self.MsfAuthError("MsfRPC: Authentication failed")
if __name__ == '__main__':
# Create a new instance of the Msfrpc client with the default options
client = Msfrpc({})
# Login to the msfmsg server using the password "abc123"
client.login('msf','abc123')
# Get a list of the exploits from the server
mod = client.call('module.exploits')
# Grab the first item from the modules value of the returned dict
print "Compatible payloads for : %sn" % mod['modules'][0]
# Get the list of compatible payloads for the first option
ret = client.call('module.compatible_payloads',[mod['modules'][0]])
for i in (ret.get('payloads')):
print "t%s" % i
I believe that the method described in this paper can play a certain role in learning Python.