Interacting with Metasploit

msf.go

package rpc

import (

	"bytes"

	"fmt"

	"gopkg.in/vmihailenco/msgpack.v2"

	"net/http"

)

// Build the Go types to handle both the request and response data.

type sessionListReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Token    string

}

type SessionListRes struct {

	ID          uint32 `msgpack:",omitempty"`

	Type        string `msgpack:"type"`

	TunnelLocal string `msgpack:"tunnel_local"`

	TunnelPeer  string `msgpack:"tunnel_peer"`

	ViaExploit  string `msgpack:"via_exploit"`

	ViaPayload  string `msgpack:"via_payload"`

	Description string `msgpack:"desc"`

	Info        string `msgpack:"info"`

	Workspace   string `msgpack:"workspace"`

	SessionHost string `msgpack:"session_host"`

	SessionPort int    `msgpack:"session_port"`

	Username    string `msgpack:"username"`

	UUID        string `msgpack:"uuid"`

	ExploitUUID string `msgpack:"exploit_uuid"`

}

// Defining Request and Response Methods

type loginReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Username string

	Password string

}

type loginRes struct {

	Result       string `msgpack:"result"`

	Token        string `msgpack:"token"`

	Error        bool   `msgpack:"error"`

	ErrorClass   string `msgpack:"error_class"`

	ErrorMessage string `msgpack:"error_message"`

}

type logoutReq struct {

	_msgpack    struct{} `msgpack:",asArray"`

	Method      string

	Token       string

	LogoutToken string

}

type logoutRes struct {

	Result string `msgpack:"result"`

}

// Creating a configuration Struct and an RPC Method

type Metasploit struct {

	host  string

	user  string

	pass  string

	token string

}

// Performing Remote send using serialization, deserializatiion, and HTTP communication logic.

func (msf *Metasploit) send(req interface{}, res interface{}) error {

	buf := new(bytes.Buffer)

	msgpack.NewEncoder(buf).Encode(req)

	dest := fmt.Sprintf("http://%s/api", msf.host)

	r, err := http.Post(dest, "binary/message-pack", buf)

	if err != nil {

		return err

	}

	defer r.Body.Close()

	if err := msgpack.NewDecoder(r.Body).Decode(&res); err != nil {

		return err

	}

	return nil

}

// Metasploit API calls implementation

func (msf *Metasploit) Login() error {

	ctx := &loginReq{

		Method:   "auth.login",

		Username: msf.user,

		Password: msf.pass,

	}

	var res loginRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = res.Token

	return nil

}

func (msf *Metasploit) Logout() error {

	ctx := &logoutReq{

		Method:      "auth.logout",

		Token:       msf.token,

		LogoutToken: msf.token,

	}

	var res logoutRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = ""

	return nil

}

func (msf *Metasploit) SessionList() (map[uint32]SessionListRes, error) {

	req := &sessionListReq{

		Method:   "session.list",

		Token:    msf.token,

	}

	res := make(map[uint32]SessionListRes)

	if err := msf.send(req, &res); err != nil {

		return nil, err

	}

	for id, session := range res {

		session.ID = id

		res[id] = session

	}

	return res, nil

}

// Initializing the client with embedding Metasploit login

func New(host, user, pass string) (*Metasploit, error) {

	msf := &Metasploit{

		host:  host,

		user:  user,

		pass:  pass,

	}

	if err := msf.Login(); err != nil {

		return nil, err

	}

	return msf, nil

}

Client - main.go

package main

import (

	"fmt"

	"log"

	"metasploit-minimal/rpc"

	"os"

)

func main() {

	host := os.Getenv("MSFHOST")

	pass := os.Getenv("MSFPASS")

	user := "msf"

	if host == "" || pass == "" {

		log.Fatalln("Missing required environment variable MSFHOST or MSFPASS")

	}

	msf, err := rpc.New(host, user, pass)

	if err != nil {

		log.Panicln(err)

	}

	defer msf.Logout()

	sessions, err := msf.SessionList()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Println("Sessions:")

	for _, session := range sessions {

		fmt.Printf("%5d %s\n", session.ID, session.Info)

	}

} 

exploit the target windows before running this client code.

Run this metasploit-minimal client program successfully.

Go Pentester - HTTP CLIENTS(4)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  4. Go Pentester - HTTP CLIENTS(2)

    Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/)  is the world' ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. 百度文本编辑器的toolbars属性值描述

    toolbars: [    [        'anchor', //锚点        'undo', //撤销        'redo', //重做        'bold', //加粗   ...

  2. 手摸手带你理解Vue响应式原理

    前言 响应式原理作为 Vue 的核心,使用数据劫持实现数据驱动视图.在面试中是经常考查的知识点,也是面试加分项. 本文将会循序渐进的解析响应式原理的工作流程,主要以下面结构进行: 分析主要成员,了解它 ...

  3. 使用git畅游代码的海洋

    如果把互联网上的纷繁代码比作一片海洋,那么git就是在这片海洋上航行的船只,正所谓“水可载舟,亦可覆舟”,git使用恰当可以远征星辰,不然可能会坠入无穷无尽的代码海洋无法自拔.书回正传,我们的征途是星 ...

  4. Centos 7使用systemctl补全服务名称

    使用jsw将程序打包成服务后,发现不能使用service + 服务名前几个字母 + tab 快捷键补全服务名,但是tab键可以补全文件夹名,翻阅了各个文档后,最终还是找到了问题所在. 本人安装的是Ce ...

  5. skywalking面板功能介绍2

    场景: spring-user调用spring-order 1.spring-user部署了两个应用实例 2.spring-order部署了一个实例 应用详情信息在表 从上面表中可以看出spring- ...

  6. 黎活明8天快速掌握android视频教程--24_网络通信之网页源码查看器

    1 该项目的主要功能就是从将后台的html网页在Android的界面上显示出来 后台就是建立一个java web工程在工程尚建立一个html或者jsp文件就可以了,这里主要看Android客户端的程序 ...

  7. leetcode125. 验证回文串 python 简单

    125. 验证回文串 难度简单     给定一个字符串,验证它是否是回文串,只考虑字母和数字字符,可以忽略字母的大小写. 说明:本题中,我们将空字符串定义为有效的回文串. 示例 1: 输入: &quo ...

  8. WARN deploy.SparkSubmit$$anon$2: Failed to load org.apache.spark.examples.sql.streaming.StructuredNetworkWordCount.

    前言 今天运行Spark Structured Streaming官网的如下 ./bin/run-example org.apache.spark.examples.sql.streaming.Str ...

  9. 分享 HT 实用技巧:实现指南针和 3D 魔方导航

    前言 三维场景时常需要一个导航标识,用来确定场景所处的方位. 一般有两种表现形式:指南针.小方盒(方位魔方). 参考一下百度百科中的 maya 界面,可以看到右上角有一个标识方位的小盒子,说的就是它: ...

  10. JQuery UI - draggable参数中文详细说明

    概述 在任何DOM元素启用拖动功能.通过单击鼠标并拖动对象在窗口内的任何地方移动. 官方示例地址:http://jqueryui.com/demos/draggable/ 所有的事件回调函数都有两个参 ...