Wednesday, May 22, 2013

Metasploit MSGRPC with Python on Kali Linux

So this post is about setting up and using MSGRPC with Python on Kali Linux. It's more of a quick note for myself, but it might be useful for someone else too.

The steps are almost the same as in [1], but they are for Kali Linux, where you need to install even less stuff :)

Setup


First, we need to install the python dependencies (the msgpack module):

root@kali:~# apt-get install python-setuptools
root@kali:~# easy_install msgpack-python

Then we can create a file named createdb_sql.txt with the following content:

create database msf;
create user msf with password 'msf123';
grant all privileges on database msf to msf;

Next, we need to run these commands on the PostgreSQL instance. Start PostgreSQL first:

root@kali:~# /etc/init.d/postgresql start

This must be done as the postgres user, so we execute the command like this:

root@kali:~# sudo -u postgres /usr/bin/psql < createdb_sql.txt

Let's create a file and name it setup.rc with this content:

db_connect msf:msf123@127.0.0.1/msf
load msgrpc User=msf Pass='abc123'

Finally, we can start Metasploit using our rc file and verify that that everything loaded successfully:

root@kali:~# msfconsole -r setup.rc
* SNIP *
[*] Processing setup.rc for ERB directives.
resource (setup.rc)> db_connect msf:msf123@127.0.0.1/msf
[*] Rebuilding the module cache in the background...
resource (setup.rc)> load msgrpc User=msf Pass='abc123'
[*] MSGRPC Service:  127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: abc123
[*] Successfully loaded plugin: msgrpc

We can also get the latest version of the msfrpc Python module from the SpiderLabs git repository (scripting MSF is a bit easier with this module).

Downloading and Installing it:

root@kali:~# git clone git://github.com/SpiderLabs/msfrpc.git msfrpc
root@kali:~# cd msfrpc/python-msfrpc
root@kali:~# python setup.py install

Usage


Check out the references section on how to use the MSGRPC interface with Python!

References


[1] http://blog.spiderlabs.com/2012/01/scripting-metasploit-using-msgrpc-.html

[2] http://www.fishnetsecurity.com/6labs/blog/scripting-metasploit-python

[3] http://khr0x40sh.wordpress.com/2012/05/

[4] http://www.jeffbryner.com/blog/itsec/pythonmetasploitmsgpack.html

No comments :

Post a Comment