Interacting with Metasploit

msf.go

package rpc

import (

	"bytes"

	"fmt"

	"gopkg.in/vmihailenco/msgpack.v2"

	"net/http"

)

// Build the Go types to handle both the request and response data.

type sessionListReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Token    string

}

type SessionListRes struct {

	ID          uint32 `msgpack:",omitempty"`

	Type        string `msgpack:"type"`

	TunnelLocal string `msgpack:"tunnel_local"`

	TunnelPeer  string `msgpack:"tunnel_peer"`

	ViaExploit  string `msgpack:"via_exploit"`

	ViaPayload  string `msgpack:"via_payload"`

	Description string `msgpack:"desc"`

	Info        string `msgpack:"info"`

	Workspace   string `msgpack:"workspace"`

	SessionHost string `msgpack:"session_host"`

	SessionPort int    `msgpack:"session_port"`

	Username    string `msgpack:"username"`

	UUID        string `msgpack:"uuid"`

	ExploitUUID string `msgpack:"exploit_uuid"`

}

// Defining Request and Response Methods

type loginReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Username string

	Password string

}

type loginRes struct {

	Result       string `msgpack:"result"`

	Token        string `msgpack:"token"`

	Error        bool   `msgpack:"error"`

	ErrorClass   string `msgpack:"error_class"`

	ErrorMessage string `msgpack:"error_message"`

}

type logoutReq struct {

	_msgpack    struct{} `msgpack:",asArray"`

	Method      string

	Token       string

	LogoutToken string

}

type logoutRes struct {

	Result string `msgpack:"result"`

}

// Creating a configuration Struct and an RPC Method

type Metasploit struct {

	host  string

	user  string

	pass  string

	token string

}

// Performing Remote send using serialization, deserializatiion, and HTTP communication logic.

func (msf *Metasploit) send(req interface{}, res interface{}) error {

	buf := new(bytes.Buffer)

	msgpack.NewEncoder(buf).Encode(req)

	dest := fmt.Sprintf("http://%s/api", msf.host)

	r, err := http.Post(dest, "binary/message-pack", buf)

	if err != nil {

		return err

	}

	defer r.Body.Close()

	if err := msgpack.NewDecoder(r.Body).Decode(&res); err != nil {

		return err

	}

	return nil

}

// Metasploit API calls implementation

func (msf *Metasploit) Login() error {

	ctx := &loginReq{

		Method:   "auth.login",

		Username: msf.user,

		Password: msf.pass,

	}

	var res loginRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = res.Token

	return nil

}

func (msf *Metasploit) Logout() error {

	ctx := &logoutReq{

		Method:      "auth.logout",

		Token:       msf.token,

		LogoutToken: msf.token,

	}

	var res logoutRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = ""

	return nil

}

func (msf *Metasploit) SessionList() (map[uint32]SessionListRes, error) {

	req := &sessionListReq{

		Method:   "session.list",

		Token:    msf.token,

	}

	res := make(map[uint32]SessionListRes)

	if err := msf.send(req, &res); err != nil {

		return nil, err

	}

	for id, session := range res {

		session.ID = id

		res[id] = session

	}

	return res, nil

}

// Initializing the client with embedding Metasploit login

func New(host, user, pass string) (*Metasploit, error) {

	msf := &Metasploit{

		host:  host,

		user:  user,

		pass:  pass,

	}

	if err := msf.Login(); err != nil {

		return nil, err

	}

	return msf, nil

}

Client - main.go

package main

import (

	"fmt"

	"log"

	"metasploit-minimal/rpc"

	"os"

)

func main() {

	host := os.Getenv("MSFHOST")

	pass := os.Getenv("MSFPASS")

	user := "msf"

	if host == "" || pass == "" {

		log.Fatalln("Missing required environment variable MSFHOST or MSFPASS")

	}

	msf, err := rpc.New(host, user, pass)

	if err != nil {

		log.Panicln(err)

	}

	defer msf.Logout()

	sessions, err := msf.SessionList()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Println("Sessions:")

	for _, session := range sessions {

		fmt.Printf("%5d %s\n", session.ID, session.Info)

	}

} 

exploit the target windows before running this client code.

Run this metasploit-minimal client program successfully.

Go Pentester - HTTP CLIENTS(4)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  4. Go Pentester - HTTP CLIENTS(2)

    Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/)  is the world' ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. 数据库语言sql

    数据库语言SQL SQL的形式 交互式SQL 一般DBMS都提供联机交互工具 用户可直接键入SQL命令对数据库进行操作 由DBMS来进行解释 嵌入式SQL 能将SQL语句嵌入到高级语言(宿主语言) 使 ...

  2. 05.DRF-Django REST framework 简介

    一.明确REST接口开发的核心任务 分析一下上节的案例,可以发现,在开发REST API接口时,视图中做的最主要有三件事: 将请求的数据(如JSON格式)转换为模型类对象 操作数据库 将模型类对象转换 ...

  3. web scraper无法解决爬虫问题?通通可以交给python!

    今天一位粉丝的需求所涉及的问题值得和大家分享分享~~~ 背景问题 是这样的,他看了公号里的关于web scraper的系列文章后,希望用它来爬取一个网站搜索关键词后的文章标题和链接,如下图 按照教程, ...

  4. WeChair项目Alpha冲刺(10/10)

    团队项目进行情况 1.昨日进展    Alpha冲刺第十天 昨日进展: 前端:安排页面美化,设计实名认证 后端:更新dao层代码 数据库:修改数据表属性,与后端部署数据库交互 2.今日安排 前端:继续 ...

  5. VB.NET在基类中定义共享事件(类似于C#中的静态事件)

    基类: Public Class userFun Private Shared _PnlStatus As String ‘必须设为共享字段,如果不设为Shared,将不能传递字符串内容 Public ...

  6. JavaWeb网上图书商城完整项目--24.注册页面的css样式实现

    现在框架已经做好了,即下来我们要对页面进行装饰了,第一步给每一个元素添加id 1.最外面的div添加id为divMain 2.第二个div添加id为divTitle,里面的span对应的id为span ...

  7. 尚硅谷ajax视频教程2

    7.7. 尚硅谷_佟刚_Ajax_典型应用_验证用户名是否可用 整个项目的目录路径如下所示 我们首先新建立一个web工程,在webroot下面新建立一个script的文件夹,导入jquer文件 接下来 ...

  8. 代码静态测试(java)

    工欲善其事,必先利其器 环境 jdk1.8 IntelliJ IDEA 1.静态代码检查 1.1工具 阿里代码规范检测工具 安装教程:阿里代码规范检查工具 1.2规范等级 在 Snoar 中对代码规则 ...

  9. 51单片机入门1--与C语言的交接

    我们即将进入51单片机的编程学习,咱们今天就来讲解一下单片机中的C语言(你可以称作C51) 在说编程之前,要先说一些别的东西: 二进制,八进制,十六进制 二进制中只有数字0和1,在二进制中1+1为10 ...

  10. Spring设置启动时执行方法

    @PostConstruct方法 在实现类和方法上加注解,类上加bean注解,方法上加@PostConstruct注解. @PostConstruct//启动执行public void refresh ...