Python实现远程调用MetaSploit的方法

本文较为详细的讲述了Python实现远程调用MetaSploit的方法，对Python的学习来说有很好的参考价值。具体实现方法如下：

（1）安装Python的msgpack类库，MSF官方文档中的数据序列化标准就是参照msgpack。

root@kali:~#apt-getinstallpython-setuptools
root@kali:~#easy_installmsgpack-python

 
（2）创建createdb_sql.txt:

createdatabasemsf;
createusermsfwithpassword"msf123";
grantallprivilegesondatabasemsftomsf;

 
（3）在PostgreSQL执行上述文件：

root@kali:~#/etc/init.d/postgresqlstart
root@kali:~#sudo-upostgres/usr/bin/psql<createdb_sql.txt

 
（4）创建setup.rc文件

db_connectmsf:msf123@127.0.0.1/msf
loadmsgrpcUser=msfPass="abc123"

 
（5）启动MSF并执行载入文件

root@kali:~#msfconsole-rsetup.rc
*SNIP*
[*]Processingsetup.rcforERBdirectives.
resource(setup.rc)>db_connectmsf:msf123@127.0.0.1/msf
[*]Rebuildingthemodulecacheinthebackground...
resource(setup.rc)>loadmsgrpcUser=msfPass="abc123"
[*]MSGRPCService:127.0.0.1:55552
[*]MSGRPCUsername:msf
[*]MSGRPCPassword:abc123
[*]Successfullyloadedplugin:msgrpc

 
（6）Github上有一个Python的类库，不过很不好用

root@kali:~#gitclonegit://github.com/SpiderLabs/msfrpc.gitmsfrpc
root@kali:~#cdmsfrpc/python-msfrpc
root@kali:~#pythonsetup.pyinstall

测试代码如下：

#!/usr/bin/envpython
importmsgpack
importhttplib

classMsfrpc:
classMsfError(Exception):
def__init__(self,msg):
self.msg=msg
def__str__(self):
returnrepr(self.msg)

classMsfAuthError(MsfError):
def__init__(self,msg):
self.msg=msg

def__init__(self,opts=[]):
self.host=opts.get("host")or"127.0.0.1"
self.port=opts.get("port")or55552
self.uri=opts.get("uri")or"/api/"
self.ssl=opts.get("ssl")orFalse
self.authenticated=False
self.token=False
self.headers={"Content-type":"binary/message-pack"}
ifself.ssl:
self.client=httplib.HTTPSConnection(self.host,self.port)
else:
self.client=httplib.HTTPConnection(self.host,self.port)

defencode(self,data):
returnmsgpack.packb(data)
defdecode(self,data):
returnmsgpack.unpackb(data)

defcall(self,meth,opts=[]):
ifmeth!="auth.login":
ifnotself.authenticated:
raiseself.MsfAuthError("MsfRPC:NotAuthenticated")

ifmeth!="auth.login":
opts.insert(0,self.token)

opts.insert(0,meth)
params=self.encode(opts)
self.client.request("POST",self.uri,params,self.headers)
resp=self.client.getresponse()
returnself.decode(resp.read())

deflogin(self,user,password):
ret=self.call("auth.login",[user,password])
ifret.get("result")=="success":
self.authenticated=True
self.token=ret.get("token")
returnTrue
else:
raiseself.MsfAuthError("MsfRPC:Authenticationfailed")

if__name__=="__main__":

#CreateanewinstanceoftheMsfrpcclientwiththedefaultoptions
client=Msfrpc({})

#Logintothemsfmsgserverusingthepassword"abc123"
client.login("msf","abc123")

#Getalistoftheexploitsfromtheserver
mod=client.call("module.exploits")

#Grabthefirstitemfromthemodulesvalueofthereturneddict
print"Compatiblepayloadsfor:%s\n"%mod["modules"][0]

#Getthelistofcompatiblepayloadsforthefirstoption
ret=client.call("module.compatible_payloads",[mod["modules"][0]])
foriin(ret.get("payloads")):
print"\t%s"%i

相信本文所述方法对大家的Python学习可以起到一定的学习借鉴作用。