如何使用python3.x使用/验证msfrpc?

时间:2019-07-05 22:41:02

标签: python-3.x metasploit python-2to3 http.client

我正在尝试在python3中使用msfrpc(用python2编写),并且遇到身份验证错误。我正在使用的代码如下;请参阅代码中有关我所做更改的注释。

程序在python2中成功运行(使用httplib而不是http.client时),并且看起来与使用python3时的身份验证交换相同。

import msgpack
import http.client #Changed from httplib

class Msfrpc:
  class MsfError(Exception):
    def __init__(self,msg):
      self.msg = msg
    def __str__(self):
      return repr(self.msg)

  class MsfAuthError(MsfError):
    def __init__(self,msg):
      self.msg = msg

  def __init__(self,opts=[]):
    self.host = opts.get('host') or "127.0.0.1"
    self.port = opts.get('port') or 55552
    self.uri = opts.get('uri') or "/api/"
    self.ssl = opts.get('ssl') or False
    self.authenticated = False
    self.token = False
    self.headers = {"Content-type" : "binary/message-pack" }
    if self.ssl:
      self.client = http.client.HTTPSConnection(self.host,self.port)  #Changed httplib -> http.client
    else:
      self.client = http.client.HTTPConnection(self.host,self.port)        #Changed httplib -> http.client

  def encode(self,data):
    return msgpack.packb(data)
  def decode(self,data):
    return msgpack.unpackb(data)

   def call(self,meth,opts = []):
    if meth != "auth.login":
      if not self.authenticated:
        raise self.MsfAuthError("MsfRPC: Not Authenticated")

    if meth != "auth.login":
      opts.insert(0,self.token)

    opts.insert(0,meth)
    params = self.encode(opts)
    self.client.request("POST",self.uri,params,self.headers)
    resp = self.client.getresponse()
    return self.decode(resp.read()) 

  def login(self,user,password):
    ret = self.call('auth.login',[user,password])
    if ret.get('result') == 'success':
      self.authenticated = True
      self.token = ret.get('token')
      return True
    else:
      raise self.MsfAuthError("MsfRPC: Authentication failed")

if __name__ == '__main__':

  # Create a new instance of the Msfrpc client with the default options
  client = Msfrpc({})

  # Login to the msfmsg server using the password "abc123"
  client.login('msf','abc123')

  # Get a list of the exploits from the server
  mod = client.call('module.exploits')

  # Grab the first item from the modules value of the returned dict
  print ("Compatible payloads for : %s\n" % mod['modules'][0]) #Added ()

  # Get the list of compatible payloads for the first option
  ret = client.call('module.compatible_payloads',[mod['modules'][0]])
  for i in (ret.get('payloads')):
    print ("\t%s" % i)  #Added ()

运行程序时,结果为:

root@kali:~/Dropbox/PythonStuff/python-nmap-test# python3 test3.py
Traceback (most recent call last):
  File "test3.py", line 20, in <module>
    client.login('msf','abc123')
  File "/usr/local/lib/python3.7/dist-packages/msfrpc.py", line 64, in login  
    raise self.MsfAuthError("MsfRPC: Authentication failed")
msfrpc.MsfAuthError: 'MsfRPC: Authentication failed'

奇怪的是,在程序执行时运行tcpdump显示成功的身份验证和已授予的令牌:

enter image description here

当程序使用python2成功执行时,身份验证交换看起来是相同的,但是如果有人觉得发布程序的数据包捕获(在python2中运行)成功完成,将有助于回答我可以轻松添加的问题。

1 个答案:

答案 0 :(得分:0)

对此并没有太大的兴趣,但是如果其他人有问题,我会发布答案;该解决方案非常简单,我注意到了上面发布的代码中的更改。

问题是msfrpc最初是用Python 2编写的,因此忽略了来自Metasploit主机的msgpack RPC响应中的'b'前缀,但在Python 3中要求它表示文字应成为字节文字而不是字符串类型。

有关更多信息,请查看下面的链接;一旦我读了它,答案就很明显了: https://timothybramlett.com/Strings_Bytes_and_Unicode_in_Python_2_and_3.html

上面的代码可以正常工作,但实际上更好的解决方案是使用由Dan McInerney编写的msfrpc模块,而不是使用“ requests”包。

https://github.com/DanMcInerney/msfrpc

相关问题
最新问题