RogFleming Posted November 6, 2010 Share Posted November 6, 2010 Do not flame or pass judgement on this idea, I work in Information Security, and really having a hard time selling the idea that our company needs to do Pen Testing on New vendor procuts coming into our environment. I have demo the Metasploit Express and Pro versions and just wanted more control over what happens and it is costly, and do not what to have to type my brains out doing repetative tasks. So I figured maybe I could create a frontend myself, but so far interfacing with the MSFConsole has been trying at best. I can get the read from the console but not the write to the the console down correctly. What I looking to do at first is to start the msfconsole and wait for the msf> prompt then type the help command and read the console for the list of commands. Once I get there I will be off and running. Any help would be great. #include <Constants.au3> ; Set Buffer Dim $buffer ; Start CMD $cmd = ShellExecute("C:\framework\ruby\bin\ruby.exe","msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD) ; Send Commands ; Read Outputed Data While 1 $cmdOut = StdoutRead($cmd) If $cmdOut <> $buffer Then $buffer = $cmdOut ;ConsoleWrite($buffer) MsgBox(1,"",$buffer) ExitLoop EndIf Sleep(10) Wend < everythings works up to this point, just cannot get my head around the StdinWrite and StdoutRead and keep the interface going. $command = "help" StdinWrite($cmd, $command & @LF) StdinWrite($cmd) While 1 $cmdOut = StdoutRead($cmd) If $cmdOut <> $buffer Then $buffer = $cmdOut ;ConsoleWrite($buffer) MsgBox(1,"",$buffer) EndIf Sleep(10) Wend Link to comment Share on other sites More sharing options...
martin Posted November 6, 2010 Share Posted November 6, 2010 Do not flame or pass judgement on this idea, I work in Information Security, and really having a hard time selling the idea that our company needs to do Pen Testing on New vendor procuts coming into our environment. I have demo the Metasploit Express and Pro versions and just wanted more control over what happens and it is costly, and do not what to have to type my brains out doing repetative tasks. So I figured maybe I could create a frontend myself, but so far interfacing with the MSFConsole has been trying at best. I can get the read from the console but not the write to the the console down correctly. What I looking to do at first is to start the msfconsole and wait for the msf> prompt then type the help command and read the console for the list of commands. Once I get there I will be off and running. Any help would be great. #include <Constants.au3> ; Set Buffer Dim $buffer ; Start CMD $cmd = ShellExecute("C:\framework\ruby\bin\ruby.exe","msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD) ; Send Commands ; Read Outputed Data While 1 $cmdOut = StdoutRead($cmd) If $cmdOut <> $buffer Then $buffer = $cmdOut ;ConsoleWrite($buffer) MsgBox(1,"",$buffer) ExitLoop EndIf Sleep(10) Wend < everythings works up to this point, just cannot get my head around the StdinWrite and StdoutRead and keep the interface going. $command = "help" StdinWrite($cmd, $command & @LF) StdinWrite($cmd) While 1 $cmdOut = StdoutRead($cmd) If $cmdOut <> $buffer Then $buffer = $cmdOut ;ConsoleWrite($buffer) MsgBox(1,"",$buffer) EndIf Sleep(10) Wend Your ShellExecute is probably the problem. You have "@SW_HIDE" as the verb, and "$STDIN_CHILD + $STDOUT_CHILD" as the show flag. Try using Run instead and see if it makes a difference. $cmd = Run('"C:\framework\ruby\bin\ruby.exe" msfconsole -e production -y %BASE%\config\database.yml',"C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD) I would use @SW_SHOW and not use @SW_HIDE until I had got the thing working so I could see what was happening. You also need to exit your while loop if @error after the StdOutRead line I think. Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script. Link to comment Share on other sites More sharing options...
RogFleming Posted November 6, 2010 Author Share Posted November 6, 2010 Well not getting very far, I not able to send data and see the results expandcollapse popupGlobal $iMemo, $cmd, $Input1 Main() func Main() $Form1 = GUICreate("MetaSploit for Autoit", 1024, 768,-1,-1) $iMemo = GUICtrlCreateEdit("",517,5,502,758) $Input1 = GUICtrlCreateInput("Command", 10,10, 200, 20) $Button1 = GUICtrlCreateButton("Send", 220,10, 75, 25) GUISetState(@SW_SHOW) StartSploit() While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE ProcessClose("ruby.exe") Exit Case $Button1 $sMsg = GUICtrlRead($Input1) WriteStdin($sMsg) EndSwitch WEnd EndFunc Func WriteStdin($sMsg) MemoWrite("Sending: "&$sMsg) StdinWrite($cmd,$sMsg) If @error Then MemoWrite("StdInWrite Error: "&@error) EndFunc Func ReadSTDOUT() Dim $buffer While 1 $cmdOut = StdoutRead($cmd) If @error Then MemoWrite("StdOutRead Error: "&@error) If $cmdOut <> $buffer Then $buffer = $cmdOut MemoWrite($buffer) ExitLoop EndIf Sleep(10) Wend EndFunc Func StartSploit() Dim $buffer $cmd = Run("C:\framework\ruby\bin\ruby.exe"&" "&"msfconsole -e production -y %BASE%\config\database.yml","C:\framework\msf3",@SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD) ReadSTDOUT() EndFunc Func MemoWrite($sMessage) GUICtrlSetData($iMemo, $sMessage & @CRLF, 1) EndFunc ;==>MemoWrite Link to comment Share on other sites More sharing options...
hdm Posted November 6, 2010 Share Posted November 6, 2010 Howdy, There are dozens of ways to automate the Metasploit products, most of which work for both the commercial and the open source versions. It looks like you are using the Win32 installation of Metasploit Framework 3.5.0 -- you have two simple options for automation here: 1. Create a resource file that contains the commands you want to automate in msfconsole. This can also include blocks of Ruby code that automate the internals of the framework, wait for sessions, etc. You can find more information at the following blog post: http://blog.metasploit.com/2010/03/automating-metasploit-console.html 2. Run a XMLRPC daemon, do this either by loading the xmlrpc plugin from msfconsole or running "ruby msfrpcd" with appropriate options from the command prompt. If you run this in Web mode, you can use any existing XMLRPC client to run modules and interact with the results. The following web page includes information on the RPC interface: http://www.metasploit.com/redmine/projects/framework/wiki/XMLRPC . The Metasploit Pro and Metasploit Express products actually use the standard XMLRPC interface to communicate between the backend Pro service and the web interface. As far as interacting with ruby via stdin/stdout, this is not recommended. The reason is that if you run this from a CMD.exe prompt (or from AutoIT), then the background threads in Metasploit will hang while it reads input. This is why we had to ship Console2 with the latest release and Cygwin with the prior releases. Your best bet is automating through Ruby RC scripts or the XMLRPC interfaces. Good luck and let us (msfdev[at]metasploit.com) know if you need anything. -HD Link to comment Share on other sites More sharing options...
RogFleming Posted November 19, 2010 Author Share Posted November 19, 2010 Thanks HD Moore, I think I figured a workaround, I seem to be able to pass commands using the SEND command, kinda like cut and paste. It works good and can capture the response using the stdin stream. Thanks, I will post an Example shortly! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now