Python Remote Call Metasploit

(1) Install the Python msgpack class library, The data serialization standard in the MSF official documentation is reference msgpack.

[Email protected]:~# apt-get Install Python-setuptools

[Email protected]:~# easy_install Msgpack-python

(2) create createdb_sql.txt:

Create DATABASE MSF;

Create user MSF with password ' msf123 ';

Grant all privileges in database MSF to MSF;

(3) Execute the above documents at PostgreSQL:

[Email protected]:~#/etc/init.d/postgresql Start

[Email protected]:~# sudo-u Postgres/usr/bin/psql < Createdb_sql.txt

(4) Create a setup.rc file

Db_connect Msf:[email PROTECTED]/MSF

Load Msgrpc user=msf pass= ' abc123 '

(5) Start the MSF and execute the load file

[Email protected]:~# msfconsole-r setup.rc

* SNIP *

[*] Processing setup.rc for ERB directives.

Resource (setup.rc) > Db_connect msf:[email protected]/msf

[*] Rebuilding the module cache in the background ...

Resource (SETUP.RC) > Load msgrpc user=msf pass= ' abc123 '

[*] Msgrpc service:127.0.0.1:55552

[*] Msgrpc USERNAME:MSF

[*] Msgrpc password:abc123

[*] Successfully loaded PLUGIN:MSGRPC

(6) There is a Python class library on Github, but it's not very useful.

[Email protected]:~# git clone git://github.com/spiderlabs/msfrpc.git msfrpc

[Email protected]:~# cd MSFRPC/PYTHON-MSFRPC

[Email protected]:~# python setup.py Install

Test code:

#!/usr/bin/env python

Import Msgpack

Import Httplib

class Msfrpc:

class Msferror(Exception):

def __init__ (self,msg):

Self. msg = msg

def __str__ (self):

return repr(self. msg)

class Msfautherror(msferror):

def __init__ (self,msg):

Self. msg = msg

def __init__ (self,opts=[]):

Self. Host = opts. Get(' host ') or "127.0.0.1"

Self. Port = opts. Get(' Port ') or 55552

Self. Uri = opts. Get(' uri ') or '/api/'

Self. SSL = opts. Get(' SSL ') or False

Self. Authenticated = False

Self. Token = False

Self. Headers = {"Content-type" : "Binary/message-pack" }

if self. SSL:

Self. Client = httplib. Httpsconnection(self. Host,self. Port)

Else :

Self. Client = httplib. Httpconnection(self. Host,self. Port)

def encode (self,data):

return msgpack. PACKB(data)

def Decode (self,data):

return msgpack. UNPACKB(data)

def Pager (self,meth,opts = []):

if meth! = "Auth.login":

if not self. Authenticated:

raise self. Msfautherror("Msfrpc:not authenticated")

if meth! = "Auth.login":

OPTs. Insert(0,self. Token)

OPTs. Insert(0,meth)

params = self. Encode(opts)

Self. Client. Request("POST",self. ) Uri,params,self. Headers)

Resp = self. Client. GetResponse()

return self. Decode(resp. Read())

def Login (self,user,password):

RET = self. Call(' auth.login ', [user,password])

if ret. Get(' result ') = = ' success ':

Self. Authenticated = True

Self. Token = ret. Get(' token ')

return True

Else :

raise self. Msfautherror("Msfrpc:authentication failed")

if __name__ = = ' __main__ ':

# Create A new instance of the MSFRPC client with the default options

Client = Msfrpc({})

# Login to the MSFMSG server using the password "abc123"

Client. Login(' MSF ',' abc123 ')

# Get A list of the exploits from the server

MoD = client. Call(' module.exploits ')

# Grab The first item from the modules value of the returned Dict

Print "Compatible payloads for:%s\n" % mod[' modules '] [0]

# Get The list of compatible payloads for the first option

RET = client. Call(' module.compatible_payloads ', [mod[' modules '][0 ]])

for i in (ret. Get(' payloads ')):

    print   "\t%s"  %  i