Interacting with Metasploit

msf.go

package rpc

import (

	"bytes"

	"fmt"

	"gopkg.in/vmihailenco/msgpack.v2"

	"net/http"

)

// Build the Go types to handle both the request and response data.

type sessionListReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Token    string

}

type SessionListRes struct {

	ID          uint32 `msgpack:",omitempty"`

	Type        string `msgpack:"type"`

	TunnelLocal string `msgpack:"tunnel_local"`

	TunnelPeer  string `msgpack:"tunnel_peer"`

	ViaExploit  string `msgpack:"via_exploit"`

	ViaPayload  string `msgpack:"via_payload"`

	Description string `msgpack:"desc"`

	Info        string `msgpack:"info"`

	Workspace   string `msgpack:"workspace"`

	SessionHost string `msgpack:"session_host"`

	SessionPort int    `msgpack:"session_port"`

	Username    string `msgpack:"username"`

	UUID        string `msgpack:"uuid"`

	ExploitUUID string `msgpack:"exploit_uuid"`

}

// Defining Request and Response Methods

type loginReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Username string

	Password string

}

type loginRes struct {

	Result       string `msgpack:"result"`

	Token        string `msgpack:"token"`

	Error        bool   `msgpack:"error"`

	ErrorClass   string `msgpack:"error_class"`

	ErrorMessage string `msgpack:"error_message"`

}

type logoutReq struct {

	_msgpack    struct{} `msgpack:",asArray"`

	Method      string

	Token       string

	LogoutToken string

}

type logoutRes struct {

	Result string `msgpack:"result"`

}

// Creating a configuration Struct and an RPC Method

type Metasploit struct {

	host  string

	user  string

	pass  string

	token string

}

// Performing Remote send using serialization, deserializatiion, and HTTP communication logic.

func (msf *Metasploit) send(req interface{}, res interface{}) error {

	buf := new(bytes.Buffer)

	msgpack.NewEncoder(buf).Encode(req)

	dest := fmt.Sprintf("http://%s/api", msf.host)

	r, err := http.Post(dest, "binary/message-pack", buf)

	if err != nil {

		return err

	}

	defer r.Body.Close()

	if err := msgpack.NewDecoder(r.Body).Decode(&res); err != nil {

		return err

	}

	return nil

}

// Metasploit API calls implementation

func (msf *Metasploit) Login() error {

	ctx := &loginReq{

		Method:   "auth.login",

		Username: msf.user,

		Password: msf.pass,

	}

	var res loginRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = res.Token

	return nil

}

func (msf *Metasploit) Logout() error {

	ctx := &logoutReq{

		Method:      "auth.logout",

		Token:       msf.token,

		LogoutToken: msf.token,

	}

	var res logoutRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = ""

	return nil

}

func (msf *Metasploit) SessionList() (map[uint32]SessionListRes, error) {

	req := &sessionListReq{

		Method:   "session.list",

		Token:    msf.token,

	}

	res := make(map[uint32]SessionListRes)

	if err := msf.send(req, &res); err != nil {

		return nil, err

	}

	for id, session := range res {

		session.ID = id

		res[id] = session

	}

	return res, nil

}

// Initializing the client with embedding Metasploit login

func New(host, user, pass string) (*Metasploit, error) {

	msf := &Metasploit{

		host:  host,

		user:  user,

		pass:  pass,

	}

	if err := msf.Login(); err != nil {

		return nil, err

	}

	return msf, nil

}

Client - main.go

package main

import (

	"fmt"

	"log"

	"metasploit-minimal/rpc"

	"os"

)

func main() {

	host := os.Getenv("MSFHOST")

	pass := os.Getenv("MSFPASS")

	user := "msf"

	if host == "" || pass == "" {

		log.Fatalln("Missing required environment variable MSFHOST or MSFPASS")

	}

	msf, err := rpc.New(host, user, pass)

	if err != nil {

		log.Panicln(err)

	}

	defer msf.Logout()

	sessions, err := msf.SessionList()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Println("Sessions:")

	for _, session := range sessions {

		fmt.Printf("%5d %s\n", session.ID, session.Info)

	}

} 

exploit the target windows before running this client code.

Run this metasploit-minimal client program successfully.

Go Pentester - HTTP CLIENTS(4)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  4. Go Pentester - HTTP CLIENTS(2)

    Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/)  is the world' ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. Android开发Fragment的使用学习

    基本概念 Fragment是Android3.0(API11)提出的概念,support-v4库中也开发了一套Fragment API,最低兼容Android 1.6.所以在开发中要注意不要导错包 导 ...

  2. 腾讯云Redis混合存储版重磅推出,万字长文助你破解缓存难题!

    导语 | 缓存+存储的系统架构是目前常见的系统架构,缓存层负责加速访问,存储层负责存储数据.这样的架构需要业务层或者是中间件去实现缓存和存储的双写.冷热数据的交换,同时还面临着缓存失效.缓存刷脏.数据 ...

  3. 在ASP.NET 中有哪些数据验证控件(请解释ASP.NET中以什么方式进行数据验证)?

    (1)RequiredFieldValidator:检查用户是否输入: (2)CompareValidator:检查两个表单输入项的输入信息是否存在某种指定关系,比如大.等于等: (3)RangeVa ...

  4. JavaWeb网上图书商城完整项目--day02-24.分类模块的相关类创建

    所谓的分类模块:就是显示所有的分类的功能,显示所有的分类在left.jsp页面中 这就是显示所有的分类: 要实现上面的,我们首先创建一个分类模块,该模块需要实现下面的功能 我们先创建上面的java包 ...

  5. linux shell编程子bash变量

    参考视频:https://www.imooc.com/u/279399/courses?sort=publish https://www.imooc.com/video/6516 慕课网 用户的自定义 ...

  6. 9、ssh的集成方式2

    1.在第一种的集成方式中,通过struts2-spring-plugin-2.1.8.1.jar这个插件让spring自动产生对应需要的action类,不需要在对应的spring.xml文件中进行配置 ...

  7. 四层发现-TCP和UDP发现简介

    虽然这里使用到了端口发现,但是四层发现阶段并不对端口进行解析,而是通过端口进行对ip是否存活的判断. 这里是对主机的发现,而不是对端口的识别. 四层发现的结果比三层发现的结果更加精确,基本不会被防火墙 ...

  8. 查看日志文件常用命令:tail,cat,tac,head,echo

    linux查看日志文件内容命令tail.cat.tac.head.echo tail -f test.log你会看到屏幕不断有内容被打印出来. 这时候中断第一个进程Ctrl-C, ---------- ...

  9. 入门大数据---Kafka消费者详解

    一.消费者和消费者群组 在 Kafka 中,消费者通常是消费者群组的一部分,多个消费者群组共同读取同一个主题时,彼此之间互不影响.Kafka 之所以要引入消费者群组这个概念是因为 Kafka 消费者经 ...

  10. 【错误】fatal: destination path already exists and is not an empty directory. 错误及解决办法

    今天在使用Git for Windows clone代码时,遇到了题目所示的错误,简单来说就是目标路径‘.’已经存在并且不是一个空目录. 可是在我在文件夹下并没有看到任何文件,显示“该文件夹为空”,然 ...