Module: PWN::Plugins::Metasploit

Defined in:

lib/pwn/plugins/metasploit.rb

Overview

Plugin used to integrate Metasploit into PWN leveraging a listening MSFRPCD daemon.

Class Method Summary

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .connect(opts = {}) ⇒ Object

  Supported Method Parameters

  console_obj = PWN::Plugins::Metasploit.connect( yaml_conf: ‘optional - path to userland yaml (defaults to /pwn/etc/userland/PWN_PROVIDEDR/metasploit/vagrant.yaml)’ ).

• .console_exec(opts = {}) ⇒ Object

  Supported Method Parameters

  console_obj = PWN::Plugins::Metasploit.console_exec( console_obj: ‘required - console_obj object returned from #connect method’, cmd: ‘required - msfconsole command string or array of strings’ ).

• .disconnect(opts = {}) ⇒ Object

  Supported Method Parameters

  console_obj = PWN::Plugins::Metasploit.disconnect( console_obj: ‘required - console_obj returned from #console_exec method to terminate’ ).

• .help ⇒ Object

  Display Usage for this Module.

Class Method Details

.authors ⇒ Object

Author(s)

0day Inc. <support@0dayinc.com>

# File 'lib/pwn/plugins/metasploit.rb', line 123

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <support@0dayinc.com>
  "
end

.connect(opts = {}) ⇒ Object

Supported Method Parameters

console_obj = PWN::Plugins::Metasploit.connect(

yaml_conf: 'optional -  path to userland yaml (defaults to /pwn/etc/userland/PWN_PROVIDEDR/metasploit/vagrant.yaml)'

)

# File 'lib/pwn/plugins/metasploit.rb', line 16

public_class_method def self.connect(opts = {})
  if opts[:yaml_conf] && File.exist?(opts[:yaml_conf])
    yaml_conf = YAML.load_file(opts[:yaml_conf].to_s.strip.chomp.scrub)
  else
    pwn_root = ENV.fetch('PWN_ROOT') if ENV.fetch('PWN_ROOT')
    pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
    yaml_conf = YAML.load_file("#{pwn_root}/etc/userland/#{pwn_provider}/metasploit/vagrant.yaml")
  end

  msfrpcd_host = yaml_conf['msfrpcd_host'].to_s
  port = yaml_conf['port'].to_i
  username = yaml_conf['username'].to_s
  password = yaml_conf['password'].to_s

  msfrpcd_conn = Msf::RPC::Client.new
  msfrpcd_conn.info[:host] = msfrpcd_host
  msfrpcd_conn.info[:port] = port
  msfrpcd_conn.login(username, password)

  console_obj = {}
  console_obj[:msfrpcd_conn] = msfrpcd_conn
  msfrpcd_resp = msfrpcd_conn.call('console.create')
  session = JSON.parse(msfrpcd_resp.to_json, symbolize_names: true)
  console_obj[:session] = session

  console_obj
rescue StandardError => e
  raise "#{e}\nIs the msfrpcd daemon running on #{msfrpcd_host}?"
end

.console_exec(opts = {}) ⇒ Object

Supported Method Parameters

console_obj = PWN::Plugins::Metasploit.console_exec(

console_obj: 'required - console_obj object returned from #connect method',
cmd: 'required - msfconsole command string or array of strings'

)

# File 'lib/pwn/plugins/metasploit.rb', line 87

public_class_method def self.console_exec(opts = {})
  console_obj = opts[:console_obj]
  cmd = opts[:cmd]

  case cmd
  when String
    console_obj = queue_console_cmd(console_obj: console_obj, cmd: cmd)
  when Array
    cmd.each { |this_cmd| console_obj = queue_console_cmd(console_obj: console_obj, cmd: this_cmd) }
  else
    raise "ERROR: cmd parameter must be a String or Array object - object is currently #{cmd.class}"
  end

  console_obj
rescue StandardError => e
  raise e
end

.disconnect(opts = {}) ⇒ Object

Supported Method Parameters

console_obj = PWN::Plugins::Metasploit.disconnect(

console_obj: 'required - console_obj returned from #console_exec method to terminate'

)

# File 'lib/pwn/plugins/metasploit.rb', line 109

public_class_method def self.disconnect(opts = {})
  console_obj = opts[:console_obj]
  msfrpcd_conn = console_obj[:msfrpcd_conn]
  console_id = console_obj[:session][:id]
  msfrpcd_conn.call('console.destroy', console_id)
  msfrpcd_conn.call('auth.logout', msfrpcd_conn.token)

  console_obj = nil
rescue StandardError => e
  raise e
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/plugins/metasploit.rb', line 131

public_class_method def self.help
  puts "USAGE:
    console_obj = #{self}.connect(
      yaml_conf: 'optional -  path to userland yaml (defaults to $PWN_ROOT/etc/userland/$PWN_PROVIDER/metasploit/vagrant.yaml)'
    )

    console_obj = #{self}.console_exec(
      console_obj: 'required - msfrpcd_conn object returned from #connect method',
      cmd: 'required - msfconsole command string or array of strings'
    )

    console_obj = #{self}.disconnect(
      console_obj: 'required - msfrpcd_conn object returned from #connect method'
    )

    #{self}.authors
  "
end