Interacting with Metasploit

msf.go

package rpc

import (

	"bytes"

	"fmt"

	"gopkg.in/vmihailenco/msgpack.v2"

	"net/http"

)

// Build the Go types to handle both the request and response data.

type sessionListReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Token    string

}

type SessionListRes struct {

	ID          uint32 `msgpack:",omitempty"`

	Type        string `msgpack:"type"`

	TunnelLocal string `msgpack:"tunnel_local"`

	TunnelPeer  string `msgpack:"tunnel_peer"`

	ViaExploit  string `msgpack:"via_exploit"`

	ViaPayload  string `msgpack:"via_payload"`

	Description string `msgpack:"desc"`

	Info        string `msgpack:"info"`

	Workspace   string `msgpack:"workspace"`

	SessionHost string `msgpack:"session_host"`

	SessionPort int    `msgpack:"session_port"`

	Username    string `msgpack:"username"`

	UUID        string `msgpack:"uuid"`

	ExploitUUID string `msgpack:"exploit_uuid"`

}

// Defining Request and Response Methods

type loginReq struct {

	_msgpack struct{} `msgpack:",asArray"`

	Method   string

	Username string

	Password string

}

type loginRes struct {

	Result       string `msgpack:"result"`

	Token        string `msgpack:"token"`

	Error        bool   `msgpack:"error"`

	ErrorClass   string `msgpack:"error_class"`

	ErrorMessage string `msgpack:"error_message"`

}

type logoutReq struct {

	_msgpack    struct{} `msgpack:",asArray"`

	Method      string

	Token       string

	LogoutToken string

}

type logoutRes struct {

	Result string `msgpack:"result"`

}

// Creating a configuration Struct and an RPC Method

type Metasploit struct {

	host  string

	user  string

	pass  string

	token string

}

// Performing Remote send using serialization, deserializatiion, and HTTP communication logic.

func (msf *Metasploit) send(req interface{}, res interface{}) error {

	buf := new(bytes.Buffer)

	msgpack.NewEncoder(buf).Encode(req)

	dest := fmt.Sprintf("http://%s/api", msf.host)

	r, err := http.Post(dest, "binary/message-pack", buf)

	if err != nil {

		return err

	}

	defer r.Body.Close()

	if err := msgpack.NewDecoder(r.Body).Decode(&res); err != nil {

		return err

	}

	return nil

}

// Metasploit API calls implementation

func (msf *Metasploit) Login() error {

	ctx := &loginReq{

		Method:   "auth.login",

		Username: msf.user,

		Password: msf.pass,

	}

	var res loginRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = res.Token

	return nil

}

func (msf *Metasploit) Logout() error {

	ctx := &logoutReq{

		Method:      "auth.logout",

		Token:       msf.token,

		LogoutToken: msf.token,

	}

	var res logoutRes

	if err := msf.send(ctx, &res); err != nil {

		return err

	}

	msf.token = ""

	return nil

}

func (msf *Metasploit) SessionList() (map[uint32]SessionListRes, error) {

	req := &sessionListReq{

		Method:   "session.list",

		Token:    msf.token,

	}

	res := make(map[uint32]SessionListRes)

	if err := msf.send(req, &res); err != nil {

		return nil, err

	}

	for id, session := range res {

		session.ID = id

		res[id] = session

	}

	return res, nil

}

// Initializing the client with embedding Metasploit login

func New(host, user, pass string) (*Metasploit, error) {

	msf := &Metasploit{

		host:  host,

		user:  user,

		pass:  pass,

	}

	if err := msf.Login(); err != nil {

		return nil, err

	}

	return msf, nil

}

Client - main.go

package main

import (

	"fmt"

	"log"

	"metasploit-minimal/rpc"

	"os"

)

func main() {

	host := os.Getenv("MSFHOST")

	pass := os.Getenv("MSFPASS")

	user := "msf"

	if host == "" || pass == "" {

		log.Fatalln("Missing required environment variable MSFHOST or MSFPASS")

	}

	msf, err := rpc.New(host, user, pass)

	if err != nil {

		log.Panicln(err)

	}

	defer msf.Logout()

	sessions, err := msf.SessionList()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Println("Sessions:")

	for _, session := range sessions {

		fmt.Printf("%5d %s\n", session.ID, session.Info)

	}

} 

exploit the target windows before running this client code.

Run this metasploit-minimal client program successfully.

Go Pentester - HTTP CLIENTS(4)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  4. Go Pentester - HTTP CLIENTS(2)

    Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/)  is the world' ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. 科学计算:Python 分析数据找问题,并图形化

    对于记录的数据,如何用 Python 进行分析.或图形化呢? 本文将介绍 numpy, matplotlib, pandas, scipy 几个包,进行数据分析.与图形化. 准备环境 Python 环 ...

  2. Android学习笔记数组资源文件

    在android中我们可以通过数组资源文件,定义数组元素. 数组资源文件是位于values目录下的 array.xml <?xml version="1.0" encodin ...

  3. 大众点评cat实时监控简介及部署

    简介 背景 CAT(Central Application Tracking)是由吴其敏(前大众点评首席架构师,现携程架构负责人)主导设计基于Java开发打造的实时应用监控平台,为大众点评网提供了全面 ...

  4. Linux下搭建mysql

    [准备环境] Linux   centos7 [mysql安装步骤] 1.首先确定centos版本 cat /etc/redhat-release 2.yum安装 yum -y install mar ...

  5. Spring Boot项目使用Swagger2文档教程

    [本文版权归微信公众号"代码艺术"(ID:onblog)所有,若是转载请务必保留本段原创声明,违者必究.若是文章有不足之处,欢迎关注微信公众号私信与我进行交流!] 前言 Sprin ...

  6. Spring中的JDBC API

    1 JdbcTemplate的诞生 JDBC作为Java平台访问关系数据库的标准API,其成功是有目共睹的.为了避免在JDBC API在使用中的种种尴尬局面(几乎程式一样的代码,繁琐的异常处理),Sp ...

  7. dart快速入门教程 (6)

    6.内置操作方法和属性 6.1.数字类型 1.isEven判断是否是偶数 int n = 10; print(n.isEven); // true 2.isOdd判断是否是奇数 int n = 101 ...

  8. SQL循环遍历,删除表里某一列是重复的数据,只保留一条。

    DECLARE @tempId NVARCHAR(Max), @tempIDD uniqueidentifier WHILE EXISTS ( SELECT UserId FROM Users Gro ...

  9. 恕我直言你可能真的不会java第12篇-如何使用Stream API对Map类型元素排序

    在这篇文章中,您将学习如何使用Java对Map进行排序.前几日有位朋友面试遇到了这个问题,看似很简单的问题,但是如果不仔细研究一下也是很容易让人懵圈的面试题.所以我决定写这样一篇文章.在Java中,有 ...

  10. kibana限制用户只具备读图的权限

    假设需求 因为业务需要将日志系统收集到的信息进行图表化展示并交付到用户进行业务交流. 解决方案 这个需求看着似乎蛮简单的,如何解决? 1.对需要的数据进行过滤制作图表 2.对用户的权限限制为只读级别, ...