Sign in to follow this  
Followers 0
RogFleming

MetaSploit Autoit Integration

5 posts in this topic

Do not flame or pass judgement on this idea, I work in Information Security, and really having a hard time selling the idea that our company needs to do Pen Testing on

New vendor procuts coming into our environment. I have demo the Metasploit Express and Pro versions and just wanted more control over what happens and it is costly, and do not what to have to type my brains out doing repetative tasks. So I figured maybe I could create a frontend myself, but so far interfacing with the MSFConsole has been trying at best. I can get the read from the console but not the write to the the console down correctly. What I looking to do at first is to start the msfconsole and wait for the msf> prompt then type the help command and read the console for the list of commands. Once I get there I will be off and running. Any help would be great.

#include <Constants.au3>
; Set Buffer
Dim $buffer

; Start CMD
$cmd = ShellExecute("C:\framework\ruby\bin\ruby.exe","msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD)

; Send Commands

; Read Outputed Data
While 1

    $cmdOut = StdoutRead($cmd)

    If $cmdOut <> $buffer Then
        $buffer = $cmdOut
        ;ConsoleWrite($buffer)
        MsgBox(1,"",$buffer)
        ExitLoop
    EndIf
    Sleep(10)
Wend < everythings works up to this point, just cannot get my head around the StdinWrite and StdoutRead and keep the interface going.
$command = "help"
StdinWrite($cmd, $command & @LF)
StdinWrite($cmd)
While 1

    $cmdOut = StdoutRead($cmd)

    If $cmdOut <> $buffer Then
        $buffer = $cmdOut
        ;ConsoleWrite($buffer)
        MsgBox(1,"",$buffer)
    EndIf
    Sleep(10)
Wend

Share this post


Link to post
Share on other sites



Do not flame or pass judgement on this idea, I work in Information Security, and really having a hard time selling the idea that our company needs to do Pen Testing on

New vendor procuts coming into our environment. I have demo the Metasploit Express and Pro versions and just wanted more control over what happens and it is costly, and do not what to have to type my brains out doing repetative tasks. So I figured maybe I could create a frontend myself, but so far interfacing with the MSFConsole has been trying at best. I can get the read from the console but not the write to the the console down correctly. What I looking to do at first is to start the msfconsole and wait for the msf> prompt then type the help command and read the console for the list of commands. Once I get there I will be off and running. Any help would be great.

#include <Constants.au3>
; Set Buffer
Dim $buffer

; Start CMD
$cmd = ShellExecute("C:\framework\ruby\bin\ruby.exe","msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD)

; Send Commands

; Read Outputed Data
While 1

    $cmdOut = StdoutRead($cmd)

    If $cmdOut <> $buffer Then
        $buffer = $cmdOut
        ;ConsoleWrite($buffer)
        MsgBox(1,"",$buffer)
        ExitLoop
    EndIf
    Sleep(10)
Wend < everythings works up to this point, just cannot get my head around the StdinWrite and StdoutRead and keep the interface going.
$command = "help"
StdinWrite($cmd, $command & @LF)
StdinWrite($cmd)
While 1

    $cmdOut = StdoutRead($cmd)

    If $cmdOut <> $buffer Then
        $buffer = $cmdOut
        ;ConsoleWrite($buffer)
        MsgBox(1,"",$buffer)
    EndIf
    Sleep(10)
Wend

Your ShellExecute is probably the problem. You have "@SW_HIDE" as the verb, and "$STDIN_CHILD + $STDOUT_CHILD" as the show flag. Try using Run instead and see if it makes a difference.

$cmd = Run('"C:\framework\ruby\bin\ruby.exe" msfconsole -e production -y %BASE%\config\database.yml',"C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD)

I would use @SW_SHOW and not use @SW_HIDE until I had got the thing working so I could see what was happening.

You also need to exit your while loop if @error after the StdOutRead line I think.


Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.

Share this post


Link to post
Share on other sites

Well not getting very far, I not able to send data and see the results

Global $iMemo, $cmd, $Input1
Main()
func Main()


$Form1 = GUICreate("MetaSploit for Autoit", 1024, 768,-1,-1)
$iMemo = GUICtrlCreateEdit("",517,5,502,758)
$Input1 = GUICtrlCreateInput("Command", 10,10, 200, 20)
$Button1 = GUICtrlCreateButton("Send", 220,10, 75, 25)
GUISetState(@SW_SHOW)
StartSploit()

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            ProcessClose("ruby.exe")
            Exit
        Case $Button1
            $sMsg = GUICtrlRead($Input1)
            WriteStdin($sMsg)
    EndSwitch
WEnd


EndFunc
Func WriteStdin($sMsg)
            MemoWrite("Sending: "&$sMsg)
            StdinWrite($cmd,$sMsg)
            If @error Then MemoWrite("StdInWrite Error: "&@error)
EndFunc

Func ReadSTDOUT()
                Dim $buffer
                While 1
                    $cmdOut = StdoutRead($cmd)
                    If @error Then MemoWrite("StdOutRead Error: "&@error)
                    If $cmdOut <> $buffer Then
                        $buffer = $cmdOut
                        MemoWrite($buffer)
                        ExitLoop
                    EndIf
                    Sleep(10)
                Wend
EndFunc



Func StartSploit()
                Dim $buffer
                $cmd = Run("C:\framework\ruby\bin\ruby.exe"&" "&"msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD)
                ReadSTDOUT()

EndFunc

Func MemoWrite($sMessage)
    GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
EndFunc   ;==>MemoWrite

Share this post


Link to post
Share on other sites

Howdy,

There are dozens of ways to automate the Metasploit products, most of which work for both the commercial and the open source versions. It looks like you are using the Win32 installation of Metasploit Framework 3.5.0 -- you have two simple options for automation here:

1. Create a resource file that contains the commands you want to automate in msfconsole. This can also include blocks of Ruby code that automate the internals of the framework, wait for sessions, etc. You can find more information at the following blog post: http://blog.metasploit.com/2010/03/automating-metasploit-console.html

2. Run a XMLRPC daemon, do this either by loading the xmlrpc plugin from msfconsole or running "ruby msfrpcd" with appropriate options from the command prompt. If you run this in Web mode, you can use any existing XMLRPC client to run modules and interact with the results. The following web page includes information on the RPC interface: http://www.metasploit.com/redmine/projects/framework/wiki/XMLRPC . The Metasploit Pro and Metasploit Express products actually use the standard XMLRPC interface to communicate between the backend Pro service and the web interface.

As far as interacting with ruby via stdin/stdout, this is not recommended. The reason is that if you run this from a CMD.exe prompt (or from AutoIT), then the background threads in Metasploit will hang while it reads input. This is why we had to ship Console2 with the latest release and Cygwin with the prior releases. Your best bet is automating through Ruby RC scripts or the XMLRPC interfaces.

Good luck and let us (msfdev[at]metasploit.com) know if you need anything.

-HD

Share this post


Link to post
Share on other sites

Thanks HD Moore,

I think I figured a workaround, I seem to be able to pass commands using the SEND command,

kinda like cut and paste. It works good and can capture the response using the stdin stream.

Thanks,

I will post an Example shortly!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0