Interacting with Metasploit

msf.go

package rpc

import (

	"bytes"

	"fmt"

	"gopkg.in/vmihailenco/msgpack.v2"

	"net/http"

)

// Build the Go types to handle both the request and response data.

type sessionListReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Token    string

}

type SessionListRes struct {

	ID          uint32 `msgpack:",omitempty"`

	Type        string `msgpack:"type"`

	TunnelLocal string `msgpack:"tunnel_local"`

	TunnelPeer  string `msgpack:"tunnel_peer"`

	ViaExploit  string `msgpack:"via_exploit"`

	ViaPayload  string `msgpack:"via_payload"`

	Description string `msgpack:"desc"`

	Info        string `msgpack:"info"`

	Workspace   string `msgpack:"workspace"`

	SessionHost string `msgpack:"session_host"`

	SessionPort int    `msgpack:"session_port"`

	Username    string `msgpack:"username"`

	UUID        string `msgpack:"uuid"`

	ExploitUUID string `msgpack:"exploit_uuid"`

}

// Defining Request and Response Methods

type loginReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Username string

	Password string

}

type loginRes struct {

	Result       string `msgpack:"result"`

	Token        string `msgpack:"token"`

	Error        bool   `msgpack:"error"`

	ErrorClass   string `msgpack:"error_class"`

	ErrorMessage string `msgpack:"error_message"`

}

type logoutReq struct {

	_msgpack    struct{} `msgpack:",asArray"`

	Method      string

	Token       string

	LogoutToken string

}

type logoutRes struct {

	Result string `msgpack:"result"`

}

// Creating a configuration Struct and an RPC Method

type Metasploit struct {

	host  string

	user  string

	pass  string

	token string

}

// Performing Remote send using serialization, deserializatiion, and HTTP communication logic.

func (msf *Metasploit) send(req interface{}, res interface{}) error {

	buf := new(bytes.Buffer)

	msgpack.NewEncoder(buf).Encode(req)

	dest := fmt.Sprintf("http://%s/api", msf.host)

	r, err := http.Post(dest, "binary/message-pack", buf)

	if err != nil {

		return err

	}

	defer r.Body.Close()

	if err := msgpack.NewDecoder(r.Body).Decode(&res); err != nil {

		return err

	}

	return nil

}

// Metasploit API calls implementation

func (msf *Metasploit) Login() error {

	ctx := &loginReq{

		Method:   "auth.login",

		Username: msf.user,

		Password: msf.pass,

	}

	var res loginRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = res.Token

	return nil

}

func (msf *Metasploit) Logout() error {

	ctx := &logoutReq{

		Method:      "auth.logout",

		Token:       msf.token,

		LogoutToken: msf.token,

	}

	var res logoutRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = ""

	return nil

}

func (msf *Metasploit) SessionList() (map[uint32]SessionListRes, error) {

	req := &sessionListReq{

		Method:   "session.list",

		Token:    msf.token,

	}

	res := make(map[uint32]SessionListRes)

	if err := msf.send(req, &res); err != nil {

		return nil, err

	}

	for id, session := range res {

		session.ID = id

		res[id] = session

	}

	return res, nil

}

// Initializing the client with embedding Metasploit login

func New(host, user, pass string) (*Metasploit, error) {

	msf := &Metasploit{

		host:  host,

		user:  user,

		pass:  pass,

	}

	if err := msf.Login(); err != nil {

		return nil, err

	}

	return msf, nil

}

Client - main.go

package main

import (

	"fmt"

	"log"

	"metasploit-minimal/rpc"

	"os"

)

func main() {

	host := os.Getenv("MSFHOST")

	pass := os.Getenv("MSFPASS")

	user := "msf"

	if host == "" || pass == "" {

		log.Fatalln("Missing required environment variable MSFHOST or MSFPASS")

	}

	msf, err := rpc.New(host, user, pass)

	if err != nil {

		log.Panicln(err)

	}

	defer msf.Logout()

	sessions, err := msf.SessionList()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Println("Sessions:")

	for _, session := range sessions {

		fmt.Printf("%5d %s\n", session.ID, session.Info)

	}

} 

exploit the target windows before running this client code.

Run this metasploit-minimal client program successfully.

Go Pentester - HTTP CLIENTS(4)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  4. Go Pentester - HTTP CLIENTS(2)

    Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/)  is the world' ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. 漏洞复现 MS11-003

    0x01漏洞简介 ms11-003(windows7IE溢出攻击) 是利用IE8中对css的解析存在一个问题,导致任何访问包含非法css的页面将导致IE8崩溃重启的漏洞. 0x02环境准备 攻击机:k ...

  2. 一个老牌程序员说:做Java开发,怎么可以不会这 20 种类库和 API

  3. python高阶-Linux基础命令集

    声明: 1)仅作为个人学习,如有冒犯,告知速删! 2)不想误导,如有错误,不吝指教! 1: 查看文件信息:ls ls常用参数: 参数 含义 -a 显示指定目录下所有子目录与文件,包括隐藏文件 -l 以 ...

  4. 车辆运动控制算法——MPC

    MPC是模型预测控制算法,在车辆运动跟踪轨迹的控制中发挥很大的优势 基础的不多说,下面记录我对LQR/MPC/二次规划问题的理解 我们从LQR来引出MPC LQR的能量函数,目的是求函数J最小,即用最 ...

  5. 学习Java的Day04

    知识点 接口: 1.接口是功能的集合,同样可看做是一种数据类型,是比抽象类更为抽象的”类”. 2. 接口中只允许出现抽象方法,不能出现非抽象方法 3. 接口的源文件也是java文件,编译后的文件也是. ...

  6. ajax前后端交互原理(3)

    3.HTTP服务器 3.3.相关前置知识 1 什么是url? 统一资源定位符是对可以从互联网上得到的资源的位置和访问方法的一种简洁的表示,是互联网上标准资源的地址.互联网上的每个文件都有一个唯一的UR ...

  7. 玩转SpringBoot之捣鼓 Redis

    我们都知道,把首页数据放到Redis里,能够加快首页数据的访问速度.但是我们要如何准确又快速的将 Redis 整合到自己的 SpringBoot2.x 项目中呢?今天阿淼就带大家爬一爬其中的门门道道. ...

  8. asp.net Core依赖注入(自带的IOC容器)

    今天我们主要讲讲如何使用自带IOC容器,虽然自带的功能不是那么强大,但是胜在轻量级..而且..不用引用别的库. 在新的ASP.NET Core中,大量的采用了依赖注入的方式来编写代码. 比如,在我们的 ...

  9. 深入理解JVM(③)Java的模块化

    前言 JDK9引入的Java模块化系统(Java Platform Module System ,JPMS)是 对Java技术的一次重要升级,除了像之前JAR包那样充当代码的容器之外,还包括: 依赖其 ...

  10. hibernate快速入门示例

    hibernate概述 hibernate是一个java的全自动ORM框架,它可以自动生成SQL语句.自动建表.自动执行,使用者可以不使用SQL完成数据的CRUD操作,同时它也是基于JPA规则的一种实 ...