public StartExploit ( object>.Dictionary |
||
options | object>.Dictionary | |
return | object>.Dictionary |
public static void Main(string[] args) { using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1")) { using (MetasploitProManager manager = new MetasploitProManager(session)) { // { // "workspace" => "Project1", // "DS_WHITELIST_HOSTS" => "192.168.0.0/24", // "DS_MinimumRank" => "great", // "DS_EXPLOIT_SPEED" => 5, // "DS_EXPLOIT_TIMEOUT" => 2, // "DS_LimitSessions" => true, // "DS_MATCH_VULNS" => true, // "DS_MATCH_PORTS" => true // } Dictionary<string, object> options = new Dictionary<string, object>(); options.Add("workspace", "default"); options.Add("DS_WHITELIST", "192.168.1.0/24"); options.Add("DS_MinimumRank", "great"); options.Add("DS_EXPLOIT_SPEED", 5); options.Add("DS_EXPLOIT_TIMEOUT", 2); options.Add("DS_LimitSessions", true); options.Add("DS_MATCH_VULNS", true); options.Add("DS_MATCH_PORTS", true); Dictionary<string, object> response = manager.StartExploit(options); foreach (var pair in response) Console.WriteLine(pair.Key + ": " + pair.Value); } } }
private string BeginMetasploitProAssessment(string workspace, string whitelist, bool bruteforce) { using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"], this.Configuration["metasploitPass"], "https://"+this.Configuration["metasploitHost"]+":3790/api/1.1")) { using (MetasploitProManager manager = new MetasploitProManager(session)) { Dictionary<string, object> options = new Dictionary<string, object> (); Dictionary<string, object> response; object hosts = csv.Split (','); options.Add ("ips", hosts); options.Add ("workspace", workspace); Console.WriteLine ("Discovering..."); response = manager.StartDiscover (options); Dictionary<string, object> taskResponse = manager.GetProTaskStatus (response ["task_id"] as string); taskResponse = taskResponse.First ().Value as Dictionary<string, object>; while (taskResponse["status"] as string == "running") { Console.WriteLine ("Waiting on metasploit discovery"); Thread.Sleep (new TimeSpan (0, 0, 60)); taskResponse = manager.GetProTaskStatus (response ["task_id"] as string); taskResponse = taskResponse.First ().Value as Dictionary<string, object>; } options = new Dictionary<string, object> (); if (true) {//if (bruteforce) string svcs = string.Empty; foreach (string service in services) { if (service == "postgresql") svcs = svcs + "Postgresql "; else if (service == "mysql") svcs = svcs + "MySQL "; else if (service == "mssql") svcs = svcs + "MSSQL "; else if (service == "oracle") svcs = svcs + "Oracle "; else if (service == "http") svcs = svcs + "HTTP "; else if (service == "https") svcs = svcs + "HTTPS "; else if (service == "ssh") svcs = svcs + "SSH "; else if (service == "telnet") svcs = svcs + "Telnet "; else if (service == "ftp") svcs = svcs + "FTP "; else if (service == "exec") svcs = svcs + "EXEC "; else if (service == "shell") svcs = svcs + "SHELL "; else if (service == "vnc") svcs = svcs + "VNC "; } Console.WriteLine ("Bruteforcing..."); options.Add ("workspace", workspace); options.Add ("DS_WHITELIST_HOSTS", whitelist); options.Add ("DS_BRUTEFORCE_SCOPE", "quick"); options.Add ("DS_BRUTEFORCE_SERVICES", svcs); options.Add ("DS_BRUTEFORCE_SPEED", "TURBO"); options.Add ("DS_INCLUDE_KNOWN", true); options.Add ("DS_BRUTEFORCE_GETSESSION", true); response = manager.StartBruteforce (options); taskResponse = manager.GetProTaskStatus (response ["task_id"] as string); taskResponse = taskResponse.First ().Value as Dictionary<string, object>; while (taskResponse["status"] as string == "running") { Console.WriteLine ("Waiting on metasploit bruteforce"); Thread.Sleep (new TimeSpan (0, 0, 30)); taskResponse = manager.GetProTaskStatus (response ["task_id"] as string); taskResponse = taskResponse.First ().Value as Dictionary<string, object>; } options = new Dictionary<string, object> (); } options.Add ("workspace", workspace); options.Add ("DS_WHITELIST", whitelist); options.Add ("DS_MinimumRank", "great"); options.Add ("DS_EXPLOIT_SPEED", 5); options.Add ("DS_EXPLOIT_TIMEOUT", 2); options.Add ("DS_LimitSessions", false); options.Add ("DS_MATCH_VULNS", true); options.Add ("DS_MATCH_PORTS", true); response = manager.StartExploit (options); foreach (var pair in response) Console.WriteLine (pair.Key + ": " + pair.Value); return response ["task_id"] as string; } } }