├── Assembly
├── MsgPack.dll
└── metasploit-sharp.dll
├── Posh-Metasploit.psd1
├── Format
├── Metasploit.Token.format.ps1xml
├── Metasploit.Action.format.ps1xml
├── Metasploit.Plugin.Load.format.ps1xml
├── Metasploit.Plugin.UnLoad.format.ps1xml
├── Metasploit.Default.Workspace.format.ps1xml
├── Metasploit.DBStatus.format.ps1xml
├── Metasploit.Invoked.Job.format.ps1xml
├── Metasploit.Removed.Hosts.format.ps1xml
├── Metasploit.Removed.Service.format.ps1xml
├── Metasploit.Plugin.format.ps1xml
├── Metasploit.Module.nop.format.ps1xml
├── Metasploit.Module.post.format.ps1xml
├── Metasploit.Module.Session.format.ps1xml
├── Metasploit.Module.auxiliary.format.ps1xml
├── Metasploit.Module.exploit.format.ps1xml
├── Metasploit.Module.payload.format.ps1xml
├── Metasploit.Job.format.ps1xml
└── Metasploit.Workspace.format.ps1xml
├── variables.psm1
├── plugin.psm1
├── README.md
├── jobs.psm1
├── console.psm1
└── Posh-Metasploit.psm1
/Assembly/MsgPack.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darkoperator/Posh-Metasploit/HEAD/Assembly/MsgPack.dll
--------------------------------------------------------------------------------
/Posh-Metasploit.psd1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darkoperator/Posh-Metasploit/HEAD/Posh-Metasploit.psd1
--------------------------------------------------------------------------------
/Assembly/metasploit-sharp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darkoperator/Posh-Metasploit/HEAD/Assembly/metasploit-sharp.dll
--------------------------------------------------------------------------------
/Format/Metasploit.Token.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Token
6 |
7 | Metasploit.Token
8 |
9 |
10 |
11 |
12 |
13 |
14 | Token
15 |
16 |
17 | MSHost
18 |
19 |
20 | MSSessionID
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/Format/Metasploit.Action.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Action
6 |
7 | Metasploit.Action
8 |
9 |
10 |
11 |
12 |
13 |
14 | Result
15 | result
16 |
17 |
18 | MSHost
19 |
20 |
21 | MSSessionID
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Format/Metasploit.Plugin.Load.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Plugin.Load
6 |
7 | Metasploit.Plugin.Load
8 |
9 |
10 |
11 |
12 |
13 |
14 | Result
15 | result
16 |
17 |
18 | MSHost
19 |
20 |
21 | MSSessionID
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Format/Metasploit.Plugin.UnLoad.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Plugin.UnLoad
6 |
7 | Metasploit.Plugin.UnLoad
8 |
9 |
10 |
11 |
12 |
13 |
14 | Result
15 | result
16 |
17 |
18 | MSHost
19 |
20 |
21 | MSSessionID
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Format/Metasploit.Default.Workspace.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Default.Workspace
6 |
7 | Metasploit.Default.Workspace
8 |
9 |
10 |
11 |
12 |
13 |
14 | Workspace
15 | workspace
16 |
17 |
18 | MSHost
19 |
20 |
21 | MSSessionID
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Format/Metasploit.DBStatus.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.DBStatus
6 |
7 | Metasploit.DBStatus
8 |
9 |
10 |
11 |
12 |
13 |
14 | Database
15 | db
16 |
17 |
18 | Driver
19 | driver
20 |
21 |
22 | MSHost
23 |
24 |
25 | MSSessionID
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Format/Metasploit.Invoked.Job.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Invoked.Job
6 |
7 | Metasploit.Invoked.Job
8 |
9 |
10 |
11 |
12 |
13 |
14 | JobId
15 | job_id
16 |
17 |
18 | UUID
19 | uuid
20 |
21 |
22 | MSHost
23 |
24 |
25 | MSSessionID
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Format/Metasploit.Removed.Hosts.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Removed.Hosts
6 |
7 | Metasploit.Removed.Hosts
8 |
9 |
10 |
11 |
12 |
13 |
14 | Result
15 | result
16 |
17 |
18 | Deleted
19 | deleted
20 |
21 |
22 | MSHost
23 |
24 |
25 | MSSessionID
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Format/Metasploit.Removed.Service.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Metasploit.Removed.Service
6 |
7 | Metasploit.Removed.Service
8 |
9 |
10 |
11 |
12 |
13 |
14 | Result
15 | result
16 |
17 |
18 | Deleted
19 | deleted
20 |
21 |
22 | MSHost
23 |
24 |
25 | MSSessionID
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Format/Metasploit.Plugin.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Plugin
6 |
7 | Metasploit.Plugin
8 |
9 |
10 |
11 |
12 | 40
13 |
14 |
15 | 18
16 |
17 |
18 | 12
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.nop.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | service
6 |
7 | Metasploit.Module.nop
8 |
9 |
10 |
11 |
12 | 18
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.post.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | post
6 |
7 | Metasploit.Module.post
8 |
9 |
10 |
11 |
12 | 60
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.Session.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | session
6 |
7 | Metasploit.Module.Session
8 |
9 |
10 |
11 |
12 | 8
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Session
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.auxiliary.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | service
6 |
7 | Metasploit.Module.auxiliary
8 |
9 |
10 |
11 |
12 | 68
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.exploit.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | service
6 |
7 | Metasploit.Module.exploit
8 |
9 |
10 |
11 |
12 | 68
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Module.payload.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | service
6 |
7 | Metasploit.Module.payload
8 |
9 |
10 |
11 |
12 | 68
13 |
14 |
15 | 18
16 |
17 |
18 | 6
19 |
20 |
21 |
22 |
23 |
24 |
25 | Name
26 |
27 |
28 | MSHost
29 |
30 |
31 | MSSessionID
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Format/Metasploit.Job.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | service
6 |
7 | Metasploit.job
8 |
9 |
10 |
11 |
12 | 8
13 |
14 |
15 | 60
16 |
17 |
18 | 18
19 |
20 |
21 | 12
22 |
23 |
24 |
25 |
26 |
27 |
28 | JobID
29 |
30 |
31 | Name
32 |
33 |
34 | MSHost
35 |
36 |
37 | MSSessionID
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/Format/Metasploit.Workspace.format.ps1xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | post
6 |
7 | Metasploit.Workspace
8 |
9 |
10 |
11 |
12 | 30
13 |
14 |
15 | 24
16 |
17 |
18 | 24
19 |
20 |
21 | 18
22 |
23 |
24 | 18
25 |
26 |
27 |
28 |
29 |
30 |
31 | Name
32 |
33 |
34 | Created
35 |
36 |
37 | Updated
38 |
39 |
40 | MSHost
41 |
42 |
43 | MSSessionID
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
--------------------------------------------------------------------------------
/variables.psm1:
--------------------------------------------------------------------------------
1 |
2 | <#
3 | .Synopsis
4 | Sets a Global Datastore Variable on the Metasploit Server.
5 | .DESCRIPTION
6 | Sets a Global Datastore Variable on the Metasploit Server.
7 | .EXAMPLE
8 | Set-MSFGlobalVariable -Id 0 -Name LHOST -Value 192.168.1.104 | fl
9 |
10 |
11 | result : success
12 | MSHost : 192.168.1.104
13 | MSSessionID : 0
14 |
15 | #>
16 | function Set-MSFGlobalVariable
17 | {
18 | [CmdletBinding(DefaultParameterSetName = 'Index')]
19 | param(
20 |
21 | # Metasploit session Id
22 | [Parameter(Mandatory=$true,
23 | ParameterSetName = "Index",
24 | Position=0,
25 | ValueFromPipeline=$true,
26 | ValueFromPipelineByPropertyName=$true)]
27 | [Alias("Index","MSSessionID")]
28 | [int32]$Id,
29 |
30 | # Metasploit session object
31 | [Parameter(Mandatory=$true,
32 | ParameterSetName = "Session",
33 | ValueFromPipeline=$true,
34 | ValueFromPipelineByPropertyName=$true,
35 | Position=0)]
36 | [psobject]$Session,
37 |
38 | # Variable name
39 | [Parameter(Mandatory=$true,
40 | ValueFromPipelineByPropertyName=$true,
41 | Position=1)]
42 | [string]$Name,
43 |
44 | # Variable Value
45 | [Parameter(Mandatory=$true,
46 | ValueFromPipelineByPropertyName=$true,
47 | Position=2)]
48 | [string]$Value
49 |
50 |
51 | )
52 | BEGIN
53 | {
54 |
55 | }
56 | PROCESS
57 | {
58 | if ($Id -ge 0)
59 | {
60 | foreach($conn in $Global:MetasploitConn)
61 | {
62 | if ($conn.Id -eq $Id)
63 | {
64 | $MSession = $conn
65 | }
66 | }
67 | }
68 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
69 | {
70 | if ($Global:MetasploitConn.Contains($Session))
71 | {
72 | $MSession = $Session
73 | }
74 | else
75 | {
76 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
77 | }
78 | }
79 | else
80 | {
81 | throw "No Metasploit server session was provided"
82 | }
83 |
84 | if ($MSession -eq $null)
85 | {
86 | throw "Specified session was not found"
87 | }
88 |
89 | $request_reply = $MSession.Manager.SetCoreGlobalVariable($Name,$Value)
90 |
91 | if ($request_reply.ContainsKey("error_code"))
92 | {
93 | if ($request_reply.error_code -eq 401)
94 | {
95 | write-verbose "The session has expired, Re-authenticating"
96 |
97 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
98 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
99 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
100 | if ($msfsess)
101 | {
102 | Write-Verbose "Authentication successful."
103 | # Select the correct session manager for the existing session
104 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
105 | {
106 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
107 | }
108 | else
109 | {
110 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
111 | }
112 |
113 | # Build the session object
114 | $SessionProps.Add('Manager',$msfmng)
115 | $SessionProps.Add('URI',$MSession.URI)
116 | $SessionProps.add('Host',$MSession.host)
117 | $SessionProps.add('Session',$msfsess)
118 | $SessionProps.Add('Credentials',$MSession.Credentials)
119 | $SessionProps.Add('Id', $MSession.Id)
120 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
121 | $sessionobj.pstypenames[0] = "Metasploit.Session"
122 |
123 | # Update the session with the new information
124 | Write-Verbose "Updating session with new authentication token"
125 | [void]$Global:MetasploitConn.Remove($MSession)
126 | [void]$Global:MetasploitConn.Add($sessionobj)
127 |
128 | # Get again the information
129 | $request_reply = $sessionobj.Manager.SetCoreGlobalVariable($Name,$Value)
130 | if ($request_reply.ContainsKey('result'))
131 | {
132 | $request_reply.add('MSHost', $MSession.Host)
133 | $request_reply.Add("MSSessionID", $MSession.Id)
134 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
135 | $consoleobj.pstypenames[0] = "Metasploit.Action"
136 | $consoleobj
137 | }
138 | }
139 | }
140 | else
141 | {
142 | Write-Error -Message "$($request_reply.error_message)"
143 | }
144 | }
145 | elseif ($request_reply.ContainsKey("error_message"))
146 | {
147 | Write-Error -Message "$($request_reply.error_message)"
148 | }
149 | else
150 | {
151 | if ($request_reply.ContainsKey('result'))
152 | {
153 | $request_reply.add('MSHost', $MSession.Host)
154 | $request_reply.Add("MSSessionID", $MSession.Id)
155 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
156 | $consoleobj.pstypenames[0] = "Metasploit.Action"
157 | $consoleobj
158 | }
159 | }
160 | }
161 | }
162 |
163 |
164 | <#
165 | .Synopsis
166 | Removes a Global Datastore Variable on the Metasploit Server.
167 | .DESCRIPTION
168 | Removes a Global Datastore Variable on the Metasploit Server.
169 | .EXAMPLE
170 | Remove-MSFGlobalVariable -Id 0 -Name LHOST
171 |
172 | result : success
173 | MSHost : 192.168.1.104
174 | MSSessionID : 0
175 | #>
176 | function Remove-MSFGlobalVariable
177 | {
178 | [CmdletBinding(DefaultParameterSetName = 'Index')]
179 | param(
180 |
181 | # Metasploit session Id
182 | [Parameter(Mandatory=$true,
183 | ParameterSetName = "Index",
184 | Position=0,
185 | ValueFromPipeline=$true,
186 | ValueFromPipelineByPropertyName=$true)]
187 | [Alias("Index","MSSessionID")]
188 | [int32]$Id,
189 |
190 | # Metasploit session object
191 | [Parameter(Mandatory=$true,
192 | ParameterSetName = "Session",
193 | ValueFromPipeline=$true,
194 | ValueFromPipelineByPropertyName=$true,
195 | Position=0)]
196 | [psobject]$Session,
197 |
198 | # Variable name
199 | [Parameter(Mandatory=$true,
200 | ValueFromPipelineByPropertyName=$true,
201 | Position=1)]
202 | [string]$Name
203 |
204 | )
205 | BEGIN
206 | {
207 |
208 | }
209 | PROCESS
210 | {
211 | if ($Id -ge 0)
212 | {
213 | foreach($conn in $Global:MetasploitConn)
214 | {
215 | if ($conn.Id -eq $Id)
216 | {
217 | $MSession = $conn
218 | }
219 | }
220 | }
221 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
222 | {
223 | if ($Global:MetasploitConn.Contains($Session))
224 | {
225 | $MSession = $Session
226 | }
227 | else
228 | {
229 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
230 | }
231 | }
232 | else
233 | {
234 | throw "No Metasploit server session was provided"
235 | }
236 |
237 | if ($MSession -eq $null)
238 | {
239 | throw "Specified session was not found"
240 | }
241 |
242 | $request_reply = $MSession.Manager.UnsetCoreGlobalVariable($Name)
243 |
244 | if ($request_reply.ContainsKey("error_code"))
245 | {
246 | if ($request_reply.error_code -eq 401)
247 | {
248 | write-verbose "The session has expired, Re-authenticating"
249 |
250 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
251 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
252 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
253 | if ($msfsess)
254 | {
255 | Write-Verbose "Authentication successful."
256 | # Select the correct session manager for the existing session
257 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
258 | {
259 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
260 | }
261 | else
262 | {
263 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
264 | }
265 |
266 | # Build the session object
267 | $SessionProps.Add('Manager',$msfmng)
268 | $SessionProps.Add('URI',$MSession.URI)
269 | $SessionProps.add('Host',$MSession.host)
270 | $SessionProps.add('Session',$msfsess)
271 | $SessionProps.Add('Credentials',$MSession.Credentials)
272 | $SessionProps.Add('Id', $MSession.Id)
273 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
274 | $sessionobj.pstypenames[0] = "Metasploit.Session"
275 |
276 | # Update the session with the new information
277 | Write-Verbose "Updating session with new authentication token"
278 | [void]$Global:MetasploitConn.Remove($MSession)
279 | [void]$Global:MetasploitConn.Add($sessionobj)
280 |
281 | # Get again the information
282 | $request_reply = $sessionobj.Manager.UnsetCoreGlobalVariable($Name)
283 | if ($request_reply.ContainsKey('result'))
284 | {
285 | $request_reply.add('MSHost', $MSession.Host)
286 | $request_reply.Add("MSSessionID", $MSession.Id)
287 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
288 | $consoleobj.pstypenames[0] = "Metasploit.Action"
289 | $consoleobj
290 | }
291 | }
292 | }
293 | else
294 | {
295 | Write-Error -Message "$($request_reply.error_message)"
296 | }
297 | }
298 | elseif ($request_reply.ContainsKey("error_message"))
299 | {
300 | Write-Error -Message "$($request_reply.error_message)"
301 | }
302 | else
303 | {
304 | if ($request_reply.ContainsKey('result'))
305 | {
306 | $request_reply.add('MSHost', $MSession.Host)
307 | $request_reply.Add("MSSessionID", $MSession.Id)
308 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
309 | $consoleobj.pstypenames[0] = "Metasploit.Action"
310 | $consoleobj
311 | }
312 | }
313 | }
314 | }
315 |
316 |
317 | <#
318 | .Synopsis
319 | Saves the active Datastore to config file for the Metasploit Server.
320 | .DESCRIPTION
321 | Saves the active Datastore to config file at .msf4/config for the Metasploit Server.
322 | .EXAMPLE
323 | Save-MSFConfig -Id 0 | fl
324 |
325 |
326 | result : success
327 | MSHost : 192.168.1.104
328 | MSSessionID : 0
329 | #>
330 | function Save-MSFConfig
331 | {
332 | [CmdletBinding(DefaultParameterSetName = 'Index')]
333 | param(
334 |
335 | # Metasploit session Id
336 | [Parameter(Mandatory=$true,
337 | ParameterSetName = "Index",
338 | Position=0,
339 | ValueFromPipeline=$true,
340 | ValueFromPipelineByPropertyName=$true)]
341 | [Alias("Index","MSSessionID")]
342 | [int32]$Id,
343 |
344 | # Metasploit session object
345 | [Parameter(Mandatory=$true,
346 | ParameterSetName = "Session",
347 | ValueFromPipeline=$true,
348 | ValueFromPipelineByPropertyName=$true,
349 | Position=0)]
350 | [psobject]$Session
351 | )
352 | BEGIN
353 | {
354 |
355 | }
356 | PROCESS
357 | {
358 | if ($Id -ge 0)
359 | {
360 | foreach($conn in $Global:MetasploitConn)
361 | {
362 | if ($conn.Id -eq $Id)
363 | {
364 | $MSession = $conn
365 | }
366 | }
367 | }
368 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
369 | {
370 | if ($Global:MetasploitConn.Contains($Session))
371 | {
372 | $MSession = $Session
373 | }
374 | else
375 | {
376 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
377 | }
378 | }
379 | else
380 | {
381 | throw "No Metasploit server session was provided"
382 | }
383 |
384 | if ($MSession -eq $null)
385 | {
386 | throw "Specified session was not found"
387 | }
388 |
389 | $request_reply = $MSession.Manager.SaveCore()
390 |
391 | if ($request_reply.ContainsKey("error_code"))
392 | {
393 | if ($request_reply.error_code -eq 401)
394 | {
395 | write-verbose "The session has expired, Re-authenticating"
396 |
397 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
398 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
399 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
400 | if ($msfsess)
401 | {
402 | Write-Verbose "Authentication successful."
403 | # Select the correct session manager for the existing session
404 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
405 | {
406 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
407 | }
408 | else
409 | {
410 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
411 | }
412 |
413 | # Build the session object
414 | $SessionProps.Add('Manager',$msfmng)
415 | $SessionProps.Add('URI',$MSession.URI)
416 | $SessionProps.add('Host',$MSession.host)
417 | $SessionProps.add('Session',$msfsess)
418 | $SessionProps.Add('Credentials',$MSession.Credentials)
419 | $SessionProps.Add('Id', $MSession.Id)
420 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
421 | $sessionobj.pstypenames[0] = "Metasploit.Session"
422 |
423 | # Update the session with the new information
424 | Write-Verbose "Updating session with new authentication token"
425 | [void]$Global:MetasploitConn.Remove($MSession)
426 | [void]$Global:MetasploitConn.Add($sessionobj)
427 |
428 | # Get again the information
429 | $request_reply = $sessionobj.Manager.SaveCore()
430 | if ($request_reply.ContainsKey('result'))
431 | {
432 | $request_reply.add('MSHost', $MSession.Host)
433 | $request_reply.Add("MSSessionID", $MSession.Id)
434 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
435 | $consoleobj.pstypenames[0] = "Metasploit.Action"
436 | $consoleobj
437 | }
438 | }
439 | }
440 | else
441 | {
442 | Write-Error -Message "$($request_reply.error_message)"
443 | }
444 | }
445 | elseif ($request_reply.ContainsKey("error_message"))
446 | {
447 | Write-Error -Message "$($request_reply.error_message)"
448 | }
449 | else
450 | {
451 | if ($request_reply.ContainsKey('result'))
452 | {
453 | $request_reply.add('MSHost', $MSession.Host)
454 | $request_reply.Add("MSSessionID", $MSession.Id)
455 | $consoleobj = New-Object -TypeName psobject -Property $request_reply
456 | $consoleobj.pstypenames[0] = "Metasploit.Action"
457 | $consoleobj
458 | }
459 | }
460 | }
461 | }
462 |
--------------------------------------------------------------------------------
/plugin.psm1:
--------------------------------------------------------------------------------
1 | # Plugin
2 | #########################################################################################
3 |
4 | #region plugin
5 | <#
6 | .Synopsis
7 | Lists loaded plugins on a Metasploit server.
8 | .DESCRIPTION
9 | Lists loaded plugins on a Metasploit server.
10 | .EXAMPLE
11 | Get-MSFLoadedPlugin -Id 0 | fl *
12 |
13 |
14 | MSHost : 192.168.1.104
15 | Name : nessus
16 | MSSessionID : 0
17 |
18 | MSHost : 192.168.1.104
19 | Name : msgrpc
20 | MSSessionID : 0
21 |
22 | #>
23 | function Get-MSFLoadedPlugin
24 | {
25 | [CmdletBinding(DefaultParameterSetName = 'Index')]
26 | param(
27 |
28 | # Metasploit session Id
29 | [Parameter(Mandatory=$true,
30 | ParameterSetName = "Index",
31 | Position=0)]
32 | [Alias("Index")]
33 | [int32]$Id,
34 |
35 | # Metasploit session object
36 | [Parameter(Mandatory=$true,
37 | ParameterSetName = "Session",
38 | ValueFromPipeline=$true,
39 | Position=0)]
40 | [psobject]$Session
41 | )
42 | BEGIN
43 | {
44 |
45 | }
46 | PROCESS
47 | {
48 | if ($Id -ge 0)
49 | {
50 | foreach($conn in $Global:MetasploitConn)
51 | {
52 | if ($conn.Id -eq $Id)
53 | {
54 | $MSession = $conn
55 | }
56 | }
57 | }
58 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
59 | {
60 | if ($Global:MetasploitConn.Contains($Session))
61 | {
62 | $MSession = $Session
63 | }
64 | else
65 | {
66 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
67 | }
68 | }
69 | else
70 | {
71 | throw "No Metasploit server session was provided"
72 | }
73 |
74 | if ($MSession -eq $null)
75 | {
76 | throw "Specified session was not found"
77 | }
78 |
79 | $request_reply = $MSession.Manager.ListLoadedPlugins()
80 |
81 | if ($request_reply.ContainsKey("error_code"))
82 | {
83 | if ($request_reply.error_code -eq 401)
84 | {
85 | write-verbose "The session has expired, Re-authenticating"
86 |
87 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
88 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
89 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
90 | if ($msfsess)
91 | {
92 | Write-Verbose "Authentication successful."
93 | # Select the correct session manager for the existing session
94 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
95 | {
96 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
97 | }
98 | else
99 | {
100 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
101 | }
102 |
103 | # Build the session object
104 | $SessionProps.Add('Manager',$msfmng)
105 | $SessionProps.Add('URI',$MSession.URI)
106 | $SessionProps.add('Host',$MSession.host)
107 | $SessionProps.add('Session',$msfsess)
108 | $SessionProps.Add('Credentials',$MSession.Credentials)
109 | $SessionProps.Add('Id', $MSession.Id)
110 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
111 | $sessionobj.pstypenames[0] = "Metasploit.Session"
112 |
113 | # Update the session with the new information
114 | Write-Verbose "Updating session with new authentication token"
115 | [void]$Global:MetasploitConn.Remove($MSession)
116 | [void]$Global:MetasploitConn.Add($sessionobj)
117 |
118 | # Get again the information
119 | $request_reply = $sessionobj.Manager.ListLoadedPlugins()
120 | if ($request_reply.ContainsKey('plugins'))
121 | {
122 | foreach ($plugin in $request_reply['plugins'])
123 | {
124 | $pluginopt = New-Object System.Collections.Specialized.OrderedDictionary
125 | $pluginopt.add('MSHost', $MSession.Host)
126 | $pluginopt.add('Name',$plugin)
127 | $pluginopt.Add("MSSessionID", $MSession.Id)
128 | $pluginobj = New-Object -TypeName psobject -Property $pluginopt
129 | $pluginobj.pstypenames[0] = "Metasploit.Plugin"
130 | $pluginobj
131 | }
132 | }
133 | }
134 | }
135 | else
136 | {
137 | Write-Error -Message "$($request_reply.error_message)"
138 | }
139 | }
140 | elseif ($request_reply.ContainsKey("error_message"))
141 | {
142 | Write-Error -Message "$($request_reply.error_message)"
143 | }
144 | else
145 | {
146 | if ($request_reply.ContainsKey('plugins'))
147 | {
148 | foreach ($plugin in $request_reply['plugins'])
149 | {
150 | $pluginopt = New-Object System.Collections.Specialized.OrderedDictionary
151 | $pluginopt.add('MSHost', $MSession.Host)
152 | $pluginopt.add('Name',$plugin)
153 | $pluginopt.Add("MSSessionID", $MSession.Id)
154 | $pluginobj = New-Object -TypeName psobject -Property $pluginopt
155 | $pluginobj.pstypenames[0] = "Metasploit.Plugin"
156 | $pluginobj
157 | }
158 | }
159 | }
160 | }
161 | }
162 |
163 |
164 | <#
165 | .Synopsis
166 | Load a plugin on a Metasploit server.
167 | .DESCRIPTION
168 | Load a plugin on a Metasploit server.
169 | .EXAMPLE
170 | Register-MSFPlugin -Id 0 -Name nessus | fl *
171 |
172 |
173 | result : success
174 | MSHost : 192.168.1.104
175 | Name : nessus
176 | MSSessionID : 0
177 |
178 |
179 |
180 |
181 | PS C:\> Get-MSFLoadedPlugin -Id 0 | fl *
182 |
183 |
184 | MSHost : 192.168.1.104
185 | Name : nessus
186 | MSSessionID : 0
187 |
188 | MSHost : 192.168.1.104
189 | Name : msgrpc
190 | MSSessionID : 0
191 |
192 | #>
193 | function Register-MSFPlugin
194 | {
195 | [CmdletBinding(DefaultParameterSetName = 'Index')]
196 | param(
197 |
198 | # Metasploit session Id
199 | [Parameter(Mandatory=$true,
200 | ParameterSetName = "Index",
201 | Position=0,
202 | ValueFromPipeline=$true,
203 | ValueFromPipelineByPropertyName=$true)]
204 | [Alias("Index","MSSessionID")]
205 | [int32]$Id,
206 |
207 | # Metasploit session object
208 | [Parameter(Mandatory=$true,
209 | ParameterSetName = "Session",
210 | ValueFromPipeline=$true,
211 | ValueFromPipelineByPropertyName=$true,
212 | Position=0)]
213 | [psobject]$Session,
214 |
215 | # Plugin Name
216 | [Parameter(Mandatory=$true,
217 | ValueFromPipelineByPropertyName=$true,
218 | Position=1)]
219 | [string]$Name,
220 |
221 | # Plugin Options
222 | [Parameter(Mandatory=$false,
223 | ValueFromPipelineByPropertyName=$true,
224 | Position=2)]
225 | [hashtable]$Options = @{}
226 | )
227 | BEGIN
228 | {
229 |
230 | }
231 | PROCESS
232 | {
233 | if ($Id -ge 0)
234 | {
235 | foreach($conn in $Global:MetasploitConn)
236 | {
237 | if ($conn.Id -eq $Id)
238 | {
239 | $MSession = $conn
240 | }
241 | }
242 | }
243 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
244 | {
245 | if ($Global:MetasploitConn.Contains($Session))
246 | {
247 | $MSession = $Session
248 | }
249 | else
250 | {
251 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
252 | }
253 | }
254 | else
255 | {
256 | throw "No Metasploit server session was provided"
257 | }
258 |
259 | if ($MSession -eq $null)
260 | {
261 | throw "Specified session was not found"
262 | }
263 |
264 | $request_reply = $MSession.Manager.LoadPlugin($Name, $Options)
265 |
266 | if ($request_reply.ContainsKey("error_code"))
267 | {
268 | if ($request_reply.error_code -eq 401)
269 | {
270 | write-verbose "The session has expired, Re-authenticating"
271 |
272 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
273 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
274 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
275 | if ($msfsess)
276 | {
277 | Write-Verbose "Authentication successful."
278 | # Select the correct session manager for the existing session
279 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
280 | {
281 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
282 | }
283 | else
284 | {
285 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
286 | }
287 |
288 | # Build the session object
289 | $SessionProps.Add('Manager',$msfmng)
290 | $SessionProps.Add('URI',$MSession.URI)
291 | $SessionProps.add('Host',$MSession.host)
292 | $SessionProps.add('Session',$msfsess)
293 | $SessionProps.Add('Credentials',$MSession.Credentials)
294 | $SessionProps.Add('Id', $MSession.Id)
295 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
296 | $sessionobj.pstypenames[0] = "Metasploit.Session"
297 |
298 | # Update the session with the new information
299 | Write-Verbose "Updating session with new authentication token"
300 | [void]$Global:MetasploitConn.Remove($MSession)
301 | [void]$Global:MetasploitConn.Add($sessionobj)
302 |
303 | # Get again the information
304 | $request_reply = $sessionobj.Manager.LoadPlugin($Name, $Options)
305 | if ($request_reply.ContainsKey('result'))
306 | {
307 | $request_reply.add('MSHost', $MSession.Host)
308 | $request_reply.add('Name', $name)
309 | $request_reply.Add("MSSessionID", $MSession.Id)
310 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
311 | $pluginobj.pstypenames[0] = "Metasploit.Plugin.Load"
312 | $pluginobj
313 | }
314 | }
315 | }
316 | else
317 | {
318 | Write-Error -Message "$($request_reply.error_message)"
319 | }
320 | }
321 | elseif ($request_reply.ContainsKey("error_message"))
322 | {
323 | Write-Error -Message "$($request_reply.error_message)"
324 | }
325 | else
326 | {
327 | if ($request_reply.ContainsKey('result'))
328 | {
329 | $request_reply.add('MSHost', $MSession.Host)
330 | $request_reply.add('Name', $name)
331 | $request_reply.Add("MSSessionID", $MSession.Id)
332 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
333 | $pluginobj.pstypenames[0] = "Metasploit.Plugin.Load"
334 | $pluginobj
335 | }
336 | }
337 | }
338 | }
339 |
340 |
341 | <#
342 | .Synopsis
343 | Unloads a plugin from a Metasploit server.
344 | .DESCRIPTION
345 | Unloads a plugin from a Metasploit server.
346 | .EXAMPLE
347 | UnRegister-MSFPlugin 0 -Name nessus
348 |
349 |
350 | result : success
351 | MSHost : 192.168.1.104
352 | Name : nessus
353 | MSSessionID : 0
354 | #>
355 | function UnRegister-MSFPlugin
356 | {
357 | [CmdletBinding(DefaultParameterSetName = 'Index')]
358 | param(
359 |
360 | # Metasploit session Id
361 | [Parameter(Mandatory=$true,
362 | ParameterSetName = "Index",
363 | Position=0,
364 | ValueFromPipeline=$true,
365 | ValueFromPipelineByPropertyName=$true)]
366 | [Alias("Index","MSSessionID")]
367 | [int32]$Id,
368 |
369 | # Metasploit session object
370 | [Parameter(Mandatory=$true,
371 | ParameterSetName = "Session",
372 | ValueFromPipeline=$true,
373 | ValueFromPipelineByPropertyName=$true,
374 | Position=0)]
375 | [psobject]$Session,
376 |
377 | # Plugin Name
378 | [Parameter(Mandatory=$true,
379 | ValueFromPipelineByPropertyName=$true,
380 | Position=1)]
381 | [string]$Name
382 | )
383 | BEGIN
384 | {
385 |
386 | }
387 | PROCESS
388 | {
389 | if ($Id -ge 0)
390 | {
391 | foreach($conn in $Global:MetasploitConn)
392 | {
393 | if ($conn.Id -eq $Id)
394 | {
395 | $MSession = $conn
396 | }
397 | }
398 | }
399 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
400 | {
401 | if ($Global:MetasploitConn.Contains($Session))
402 | {
403 | $MSession = $Session
404 | }
405 | else
406 | {
407 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
408 | }
409 | }
410 | else
411 | {
412 | throw "No Metasploit server session was provided"
413 | }
414 |
415 | if ($MSession -eq $null)
416 | {
417 | throw "Specified session was not found"
418 | }
419 |
420 | $request_reply = $MSession.Manager.UnloadPlugin($Name)
421 |
422 | if ($request_reply.ContainsKey("error_code"))
423 | {
424 | if ($request_reply.error_code -eq 401)
425 | {
426 | write-verbose "The session has expired, Re-authenticating"
427 |
428 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
429 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
430 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
431 | if ($msfsess)
432 | {
433 | Write-Verbose "Authentication successful."
434 | # Select the correct session manager for the existing session
435 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
436 | {
437 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
438 | }
439 | else
440 | {
441 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
442 | }
443 |
444 | # Build the session object
445 | $SessionProps.Add('Manager',$msfmng)
446 | $SessionProps.Add('URI',$MSession.URI)
447 | $SessionProps.add('Host',$MSession.host)
448 | $SessionProps.add('Session',$msfsess)
449 | $SessionProps.Add('Credentials',$MSession.Credentials)
450 | $SessionProps.Add('Id', $MSession.Id)
451 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
452 | $sessionobj.pstypenames[0] = "Metasploit.Session"
453 |
454 | # Update the session with the new information
455 | Write-Verbose "Updating session with new authentication token"
456 | [void]$Global:MetasploitConn.Remove($MSession)
457 | [void]$Global:MetasploitConn.Add($sessionobj)
458 |
459 | # Get again the information
460 | $request_reply = $sessionobj.Manager.UnloadPlugin($Name)
461 | if ($request_reply.ContainsKey('result'))
462 | {
463 | $request_reply.add('MSHost', $MSession.Host)
464 | $request_reply.add('Name', $name)
465 | $request_reply.Add("MSSessionID", $MSession.Id)
466 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
467 | $pluginobj.pstypenames[0] = "Metasploit.Plugin.UnLoad"
468 | $pluginobj
469 | }
470 | }
471 | }
472 | else
473 | {
474 | Write-Error -Message "$($request_reply.error_message)"
475 | }
476 | }
477 | elseif ($request_reply.ContainsKey("error_message"))
478 | {
479 | Write-Error -Message "$($request_reply.error_message)"
480 | }
481 | else
482 | {
483 | if ($request_reply.ContainsKey('result'))
484 | {
485 | $request_reply.add('MSHost', $MSession.Host)
486 | $request_reply.add('Name', $name)
487 | $request_reply.Add("MSSessionID", $MSession.Id)
488 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
489 | $pluginobj.pstypenames[0] = "Metasploit.Plugin.UnLoad"
490 | $pluginobj
491 | }
492 | }
493 | }
494 | }
495 |
496 | #endregion
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Posh-Metasploit
2 | ===============
3 |
4 | PowerShell module to automate via XMLRPC a remote Metasploit server.
5 |
6 |
7 | ##Commands
8 |
9 | CommandType Name ModuleName
10 | ----------- ---- ----------
11 | Function Connect-MSFDB Posh-Metasploit
12 | Function Disconnect-MSFDB Posh-Metasploit
13 | Function Get-MSFAuthToken Posh-Metasploit
14 | Function Get-MSFAuxiliaryModule Posh-Metasploit
15 | Function Get-MSFConsole Posh-Metasploit
16 | Function Get-MSFCoreInfo Posh-Metasploit
17 | Function Get-MSFDBCred Posh-Metasploit
18 | Function Get-MSFDBCurrentWorspace Posh-Metasploit
19 | Function Get-MSFDBEvent Posh-Metasploit
20 | Function Get-MSFDBHost Posh-Metasploit
21 | Function Get-MSFDBLoot Posh-Metasploit
22 | Function Get-MSFDBNote Posh-Metasploit
23 | Function Get-MSFDBServcie Posh-Metasploit
24 | Function Get-MSFDBStatus Posh-Metasploit
25 | Function Get-MSFDBVuln Posh-Metasploit
26 | Function Get-MSFDBWorspace Posh-Metasploit
27 | Function Get-MSFExploitCompatiblePayload Posh-Metasploit
28 | Function Get-MSFExploitModule Posh-Metasploit
29 | Function Get-MSFJob Posh-Metasploit
30 | Function Get-MSFJobInfo Posh-Metasploit
31 | Function Get-MSFLoadedPlugin Posh-Metasploit
32 | Function Get-MSFModuleInfo Posh-Metasploit
33 | Function Get-MSFModuleOptions Posh-Metasploit
34 | Function Get-MSFModuleStats Posh-Metasploit
35 | Function Get-MSFNOPS Posh-Metasploit
36 | Function Get-MSFPayloadModule Posh-Metasploit
37 | Function Get-MSFPostCompatibleSession Posh-Metasploit
38 | Function Get-MSFPostModule Posh-Metasploit
39 | Function Get-MSFServerSession Posh-Metasploit
40 | Function Get-MSFSession Posh-Metasploit
41 | Function Get-MSFSessionCompatPostModule Posh-Metasploit
42 | Function Get-MSFThread Posh-Metasploit
43 | Function Get-PoshMSFersion Posh-Metasploit
44 | Function Import-MSFDBData Posh-Metasploit
45 | Function Invoke-MSFConsoleCommand Posh-Metasploit
46 | Function Invoke-MSFMeterpreterCommand Posh-Metasploit
47 | Function Invoke-MSFModule Posh-Metasploit
48 | Function Invoke-MSFModuleReload Posh-Metasploit
49 | Function New-MSFAuthToken Posh-Metasploit
50 | Function New-MSFConsole Posh-Metasploit
51 | Function New-MSFDBWorkspace Posh-Metasploit
52 | Function New-MSFServerSession Posh-Metasploit
53 | Function Read-MSFConsole Posh-Metasploit
54 | Function Read-MSFMeterpreterConsole Posh-Metasploit
55 | Function Read-MSFShellConsole Posh-Metasploit
56 | Function Register-MSFPlugin Posh-Metasploit
57 | Function Remove-MSFAuthToken Posh-Metasploit
58 | Function Remove-MSFConsole Posh-Metasploit
59 | Function Remove-MSFDBHost Posh-Metasploit
60 | Function Remove-MSFDBNote Posh-Metasploit
61 | Function Remove-MSFDBServcie Posh-Metasploit
62 | Function Remove-MSFDBVuln Posh-Metasploit
63 | Function Remove-MSFDBWorkspace Posh-Metasploit
64 | Function Remove-MSFGlobalVariable Posh-Metasploit
65 | Function Remove-MSFJob Posh-Metasploit
66 | Function Remove-MSFServerSession Posh-Metasploit
67 | Function Remove-MSFSession Posh-Metasploit
68 | Function Remove-MSFThread Posh-Metasploit
69 | Function Save-MSFConfig Posh-Metasploit
70 | Function Set-MSFAuthToken Posh-Metasploit
71 | Function Set-MSFDBCred Posh-Metasploit
72 | Function Set-MSFDBHost Posh-Metasploit
73 | Function Set-MSFDBNote Posh-Metasploit
74 | Function Set-MSFDBServcie Posh-Metasploit
75 | Function Set-MSFDBVuln Posh-Metasploit
76 | Function Set-MSFDBWorkspace Posh-Metasploit
77 | Function Set-MSFGlobalVariable Posh-Metasploit
78 | Function UnRegister-MSFPlugin Posh-Metasploit
79 | Function Write-MSFConsole Posh-Metasploit
80 | Function Write-MSFMeterpreterConsole Posh-Metasploit
81 | Function Write-MSFShellConsole Posh-Metasploit
82 |
83 |
84 | #Install
85 | To install the module including all source code you can just run in a PowerShell v3 or higher session the following command:
86 |
87 | iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9379735/raw/4a651c122700b5002b6a60f291663c8e742f4f98/PoshMetasploit.ps1")
88 |
89 |
90 | The process should look like:
91 |
92 | PS C:\> iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9379735/raw/4a651c122700b5002b6a60f291663c8e742f4f98/PoshMetasploit.ps1")
93 | Downloading latest version of Posh-Metasploit from https://github.com/darkoperator/Posh-Metasploit/archive/master.zip
94 | File saved to C:\Users\Carlos\AppData\Local\Temp\Posh-Metasploit.zip
95 | Uncompressing the Zip file to C:\Users\Carlos\Documents\WindowsPowerShell\Modules
96 | Renaming folder
97 | Module has been installed
98 |
99 | CommandType Name ModuleName
100 | ----------- ---- ----------
101 | Function Connect-MSFDB Posh-Metasploit
102 | Function Disconnect-MSFDB Posh-Metasploit
103 | Function Get-MSFAuthToken Posh-Metasploit
104 | Function Get-MSFAuxiliaryModule Posh-Metasploit
105 | Function Get-MSFConsole Posh-Metasploit
106 | Function Get-MSFCoreInfo Posh-Metasploit
107 | Function Get-MSFDBCred Posh-Metasploit
108 | Function Get-MSFDBCurrentWorspace Posh-Metasploit
109 | Function Get-MSFDBEvent Posh-Metasploit
110 | Function Get-MSFDBHost Posh-Metasploit
111 | Function Get-MSFDBLoot Posh-Metasploit
112 | Function Get-MSFDBNote Posh-Metasploit
113 | Function Get-MSFDBServcie Posh-Metasploit
114 | Function Get-MSFDBStatus Posh-Metasploit
115 | Function Get-MSFDBVuln Posh-Metasploit
116 | Function Get-MSFDBWorspace Posh-Metasploit
117 | Function Get-MSFExploitCompatiblePayload Posh-Metasploit
118 | Function Get-MSFExploitModule Posh-Metasploit
119 | Function Get-MSFJob Posh-Metasploit
120 | Function Get-MSFJobInfo Posh-Metasploit
121 | Function Get-MSFLoadedPlugin Posh-Metasploit
122 | Function Get-MSFModuleInfo Posh-Metasploit
123 | Function Get-MSFModuleOptions Posh-Metasploit
124 | Function Get-MSFModuleStats Posh-Metasploit
125 | Function Get-MSFNOPS Posh-Metasploit
126 | Function Get-MSFPayloadModule Posh-Metasploit
127 | Function Get-MSFPostCompatibleSession Posh-Metasploit
128 | Function Get-MSFPostModule Posh-Metasploit
129 | Function Get-MSFServerSession Posh-Metasploit
130 | Function Get-MSFSession Posh-Metasploit
131 | Function Get-MSFSessionCompatPostModule Posh-Metasploit
132 | Function Get-MSFThread Posh-Metasploit
133 | Function Get-PoshMSFersion Posh-Metasploit
134 | Function Import-MSFDBData Posh-Metasploit
135 | Function Invoke-MSFConsoleCommand Posh-Metasploit
136 | Function Invoke-MSFMeterpreterCommand Posh-Metasploit
137 | Function Invoke-MSFModule Posh-Metasploit
138 | Function Invoke-MSFModuleReload Posh-Metasploit
139 | Function New-MSFAuthToken Posh-Metasploit
140 | Function New-MSFConsole Posh-Metasploit
141 | Function New-MSFDBWorkspace Posh-Metasploit
142 | Function New-MSFServerSession Posh-Metasploit
143 | Function Read-MSFConsole Posh-Metasploit
144 | Function Read-MSFMeterpreterConsole Posh-Metasploit
145 | Function Read-MSFShellConsole Posh-Metasploit
146 | Function Register-MSFPlugin Posh-Metasploit
147 | Function Remove-MSFAuthToken Posh-Metasploit
148 | Function Remove-MSFConsole Posh-Metasploit
149 | Function Remove-MSFDBHost Posh-Metasploit
150 | Function Remove-MSFDBNote Posh-Metasploit
151 | Function Remove-MSFDBServcie Posh-Metasploit
152 | Function Remove-MSFDBVuln Posh-Metasploit
153 | Function Remove-MSFDBWorkspace Posh-Metasploit
154 | Function Remove-MSFGlobalVariable Posh-Metasploit
155 | Function Remove-MSFJob Posh-Metasploit
156 | Function Remove-MSFServerSession Posh-Metasploit
157 | Function Remove-MSFSession Posh-Metasploit
158 | Function Remove-MSFThread Posh-Metasploit
159 | Function Save-MSFConfig Posh-Metasploit
160 | Function Set-MSFAuthToken Posh-Metasploit
161 | Function Set-MSFDBCred Posh-Metasploit
162 | Function Set-MSFDBHost Posh-Metasploit
163 | Function Set-MSFDBNote Posh-Metasploit
164 | Function Set-MSFDBServcie Posh-Metasploit
165 | Function Set-MSFDBVuln Posh-Metasploit
166 | Function Set-MSFDBWorkspace Posh-Metasploit
167 | Function Set-MSFGlobalVariable Posh-Metasploit
168 | Function UnRegister-MSFPlugin Posh-Metasploit
169 | Function Write-MSFConsole Posh-Metasploit
170 | Function Write-MSFMeterpreterConsole Posh-Metasploit
171 | Function Write-MSFShellConsole Posh-Metasploit
172 |
--------------------------------------------------------------------------------
/jobs.psm1:
--------------------------------------------------------------------------------
1 | <#
2 | .Synopsis
3 | Enumerates current jobs running on a Metasploit server.
4 | .DESCRIPTION
5 | Enumerates current jobs running on a Metasploit server.
6 | .EXAMPLE
7 | Get-MSFJob -Id 0 | fl *
8 |
9 |
10 | JobId : 1
11 | Name : Exploit: multi/handler
12 | MSHost : 192.168.1.104
13 | MSSessionID : 0
14 | #>
15 | function Get-MSFJob
16 | {
17 | [CmdletBinding(DefaultParameterSetName = 'Index')]
18 | param(
19 |
20 | # Metasploit session Id
21 | [Parameter(Mandatory=$true,
22 | ParameterSetName = "Index",
23 | Position=0,
24 | ValueFromPipeline=$true,
25 | ValueFromPipelineByPropertyName=$true)]
26 | [Alias("Index","MSSessionID")]
27 | [int32]$Id,
28 |
29 | # Metasploit session object
30 | [Parameter(Mandatory=$true,
31 | ParameterSetName = "Session",
32 | ValueFromPipeline=$true,
33 | ValueFromPipelineByPropertyName=$true,
34 | Position=0)]
35 | [psobject]$Session
36 | )
37 | BEGIN
38 | {
39 |
40 | }
41 | PROCESS
42 | {
43 |
44 | if ($Id -ge 0)
45 | {
46 | foreach($conn in $Global:MetasploitConn)
47 | {
48 | if ($conn.Id -eq $Id)
49 | {
50 | Write-Verbose "Using session $($conn.id)"
51 | $MSession = $conn
52 | }
53 | }
54 | }
55 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
56 | {
57 | if ($Global:MetasploitConn.Contains($Session))
58 | {
59 | $MSession = $Session
60 | }
61 | else
62 | {
63 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
64 | }
65 | }
66 | else
67 | {
68 | throw "No Metasploit server session was provided"
69 | }
70 |
71 | if ($MSession -eq $null)
72 | {
73 | throw "Specified session was not found"
74 | }
75 | Write-Verbose "Enumerating list of hosts."
76 | $request_reply = $MSession.Session.Execute("job.list")
77 | if (!($request_reply))
78 | {
79 | Write-Warning "No Jobs where found."
80 | return
81 | }
82 |
83 | if ($request_reply.ContainsKey("error_code"))
84 | {
85 | if ($request_reply.error_code -eq 401)
86 | {
87 | write-verbose "The session has expired, Re-authenticating"
88 |
89 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
90 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
91 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
92 | if ($msfsess)
93 | {
94 | Write-Verbose "Authentication successful."
95 | # Select the correct session manager for the existing session
96 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
97 | {
98 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
99 | }
100 | else
101 | {
102 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
103 | }
104 |
105 | # Build the session object
106 | $SessionProps.Add('Manager',$msfmng)
107 | $SessionProps.Add('URI',$MSession.URI)
108 | $SessionProps.add('Host',$MSession.host)
109 | $SessionProps.add('Session',$msfsess)
110 | $SessionProps.Add('Credentials',$MSession.Credentials)
111 | $SessionProps.Add('Id', $MSession.Id)
112 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
113 | $sessionobj.pstypenames[0] = "Metasploit.Session"
114 |
115 | # Update the session with the new information
116 | Write-Verbose "Updating session with new authentication token"
117 | [void]$Global:MetasploitConn.Remove($MSession)
118 | [void]$Global:MetasploitConn.Add($sessionobj)
119 |
120 | # Get again the information
121 | $request_reply = $sessionobj.Session.Execute("job.list")
122 | if ($request_reply)
123 | {
124 | foreach ($job in $request_reply.keys)
125 | {
126 | $jobprops = [ordered]@{}
127 | $jobprops.add("JobId", $job)
128 | $jobprops.add("Name", $request_reply[$job])
129 | $jobprops.add('MSHost', $MSession.Host)
130 | $jobprops.Add("MSSessionID", $MSession.Id)
131 | $jobobj = New-Object -TypeName psobject -Property $jobprops
132 | $jobobj.pstypenames[0] = "Metasploit.Job"
133 | $jobobj
134 | }
135 | }
136 | }
137 | }
138 | else
139 | {
140 | Write-Error -Message "$($request_reply.error_message)"
141 | }
142 | }
143 | elseif ($request_reply.ContainsKey("error_message"))
144 | {
145 | Write-Error -Message "$($request_reply.error_message)"
146 | }
147 | else
148 | {
149 | if ($request_reply)
150 | {
151 | foreach ($job in $request_reply.keys)
152 | {
153 |
154 | $jobprops = [ordered]@{}
155 | $jobprops.add("JobId", $job)
156 | $jobprops.add("Name", $request_reply[$job])
157 | $jobprops.add('MSHost', $MSession.Host)
158 | $jobprops.Add("MSSessionID", $MSession.Id)
159 | $jobobj = New-Object -TypeName psobject -Property $jobprops
160 | $jobobj.pstypenames[0] = "Metasploit.Job"
161 | $jobobj
162 | }
163 | }
164 | else
165 | {
166 | Write-Warning "No Jobs where found"
167 | }
168 | }
169 | }
170 | }
171 |
172 | <#
173 | .Synopsis
174 | Gets more detailed information about a running jon on a Metasploit server.
175 | .DESCRIPTION
176 | Gets more detailed information about a running jon on a Metasploit server.
177 | It will also get all the Datastore parameters used to launch the module running
178 | as a job.
179 | .EXAMPLE
180 | Get-MSFJobInfo -Id 0 -JobId 1
181 |
182 |
183 | JobId : 1
184 | Name : Exploit: multi/handler
185 | StartTime : 8/24/2013 5:25:15 PM
186 | Datastore : @{VERBOSE=False; WfsDelay=0; EnableContextEncoding=False; DisablePayloadHandler=False; ExitOnSession=True;
187 | ListenerTimeout=0; LPORT=8080; LHOST=192.168.1.104; PAYLOAD=windows/meterpreter/reverse_tcp; ReverseConnectRetries=5;
188 | ReverseAllowProxy=False; EnableStageEncoding=False; PrependMigrate=False; EXITFUNC=process; AutoLoadStdapi=True;
189 | InitialAutoRunScript=; AutoRunScript=; AutoSystemInfo=True; EnableUnicodeEncoding=True; TARGET=0}
190 | MSHost : 192.168.1.104
191 | MSSessionID : 0
192 | #>
193 | function Get-MSFJobInfo
194 | {
195 | [CmdletBinding(DefaultParameterSetName = 'Index')]
196 | param(
197 |
198 | # Metasploit session Id
199 | [Parameter(Mandatory=$true,
200 | ParameterSetName = "Index",
201 | Position=0,
202 | ValueFromPipeline=$true,
203 | ValueFromPipelineByPropertyName=$true)]
204 | [Alias("Index","MSSessionID")]
205 | [int32]$Id,
206 |
207 | # Metasploit session object
208 | [Parameter(Mandatory=$true,
209 | ParameterSetName = "Session",
210 | ValueFromPipeline=$true,
211 | ValueFromPipelineByPropertyName=$true,
212 | Position=0)]
213 | [psobject]$Session,
214 |
215 | [Parameter(Mandatory=$true,
216 | ValueFromPipelineByPropertyName=$true,
217 | Position=1)]
218 | [Int]$JobId
219 | )
220 | BEGIN
221 | {
222 | # Epoch time
223 | [datetime]$origin = '1970-01-01 00:00:00'
224 | }
225 | PROCESS
226 | {
227 | if ($Id -ge 0)
228 | {
229 | foreach($conn in $Global:MetasploitConn)
230 | {
231 | if ($conn.Id -eq $Id)
232 | {
233 | $MSession = $conn
234 | }
235 | }
236 | }
237 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
238 | {
239 | if ($Global:MetasploitConn.Contains($Session))
240 | {
241 | $MSession = $Session
242 | }
243 | else
244 | {
245 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
246 | }
247 | }
248 | else
249 | {
250 | throw "No Metasploit server session was provided"
251 | }
252 |
253 | if ($MSession -eq $null)
254 | {
255 | throw "Specified session was not found"
256 | }
257 |
258 | $current_jobs = Get-MSFJob -Session $MSession
259 | if ($current_jobs)
260 | {
261 | $found = $true
262 | foreach ($cjob in $current_jobs)
263 | {
264 | if ($cjob.JobId -eq $JobId)
265 | {
266 | $found = $false
267 | }
268 | }
269 | if ($found)
270 | {
271 | Write-Warning "Job Id $($JobId) does not exist in server session $($MSession.Id)."
272 | return
273 | }
274 | }
275 | else
276 | {
277 | Write-Warning "No jobs where found for the server session."
278 | return
279 | }
280 | $request_reply = $MSession.Session.Execute("job.info", $JobId)
281 |
282 | if ($request_reply.ContainsKey("error_code"))
283 | {
284 | if ($request_reply.error_code -eq 401)
285 | {
286 | write-verbose "The session has expired, Re-authenticating"
287 |
288 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
289 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
290 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
291 | if ($msfsess)
292 | {
293 | Write-Verbose "Authentication successful."
294 | # Select the correct session manager for the existing session
295 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
296 | {
297 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
298 | }
299 | else
300 | {
301 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
302 | }
303 |
304 | # Build the session object
305 | $SessionProps.Add('Manager',$msfmng)
306 | $SessionProps.Add('URI',$MSession.URI)
307 | $SessionProps.add('Host',$MSession.host)
308 | $SessionProps.add('Session',$msfsess)
309 | $SessionProps.Add('Credentials',$MSession.Credentials)
310 | $SessionProps.Add('Id', $MSession.Id)
311 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
312 | $sessionobj.pstypenames[0] = "Metasploit.Session"
313 |
314 | # Update the session with the new information
315 | Write-Verbose "Updating session with new authentication token"
316 | [void]$Global:MetasploitConn.Remove($MSession)
317 | [void]$Global:MetasploitConn.Add($sessionobj)
318 |
319 | # Get again the information
320 | $request_reply = $sessionobj.Session.Execute("job.info", $JobId)
321 | if ($request_reply)
322 | {
323 | $jobprops = [ordered]@{}
324 | $jobprops.add("JobId", $request_reply.jid)
325 | $jobprops.add("Name", $request_reply.name)
326 | $jobprops.add("URI", $request_reply.uripath)
327 | $jobprops.add("StartTime", $origin.AddSeconds($request_reply.start_time))
328 | $jobprops.add("Datastore", (New-Object -TypeName psobject -Property $request_reply.datastore))
329 | $jobprops.add('MSHost', $MSession.Host)
330 | $jobprops.Add("MSSessionID", $MSession.Id)
331 | $jobobj = New-Object -TypeName psobject -Property $jobprops
332 | $jobobj.pstypenames[0] = "Metasploit.Job"
333 | $jobobj
334 | }
335 | }
336 | }
337 | else
338 | {
339 | Write-Error -Message "$($request_reply.error_message)"
340 | }
341 | }
342 | elseif ($request_reply.ContainsKey("error_message"))
343 | {
344 | Write-Error -Message "$($request_reply.error_message)"
345 | }
346 | else
347 | {
348 | if ($request_reply)
349 | {
350 | $jobprops = [ordered]@{}
351 | $jobprops.add("JobId", $request_reply.jid)
352 | $jobprops.add("Name", $request_reply.name)
353 | $jobprops.add("URI", $request_reply.uripath)
354 | $jobprops.add("StartTime", $origin.AddSeconds($request_reply.start_time))
355 | $jobprops.add("Datastore", (New-Object -TypeName psobject -Property $request_reply.datastore))
356 | $jobprops.add('MSHost', $MSession.Host)
357 | $jobprops.Add("MSSessionID", $MSession.Id)
358 | $jobobj = New-Object -TypeName psobject -Property $jobprops
359 | $jobobj.pstypenames[0] = "Metasploit.Job"
360 | $jobobj
361 | }
362 | }
363 | }
364 | }
365 |
366 |
367 | <#
368 | .Synopsis
369 | Stops and removes a running job on a Metasploit server.
370 | .DESCRIPTION
371 | Stops and removes a running job on a Metasploit server.
372 | #>
373 | function Remove-MSFJob
374 | {
375 | [CmdletBinding(DefaultParameterSetName = 'Index')]
376 | param(
377 |
378 | # Metasploit session Id
379 | [Parameter(Mandatory=$true,
380 | ParameterSetName = "Index",
381 | Position=0,
382 | ValueFromPipeline=$true,
383 | ValueFromPipelineByPropertyName=$true)]
384 | [Alias("Index","MSSessionID")]
385 | [int32]$Id,
386 |
387 | # Metasploit session object
388 | [Parameter(Mandatory=$true,
389 | ParameterSetName = "Session",
390 | ValueFromPipeline=$true,
391 | ValueFromPipelineByPropertyName=$true,
392 | Position=0)]
393 | [psobject]$Session,
394 |
395 | [Parameter(Mandatory=$true,
396 | ValueFromPipelineByPropertyName=$true,
397 | Position=1)]
398 | [Int]$JobId
399 | )
400 | BEGIN
401 | {
402 |
403 | }
404 | PROCESS
405 | {
406 | if ($Id -ge 0)
407 | {
408 | foreach($conn in $Global:MetasploitConn)
409 | {
410 | if ($conn.Id -eq $Id)
411 | {
412 | $MSession = $conn
413 | }
414 | }
415 | }
416 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq "Metasploit.Session")
417 | {
418 | if ($Global:MetasploitConn.Contains($Session))
419 | {
420 | $MSession = $Session
421 | }
422 | else
423 | {
424 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
425 | }
426 | }
427 | else
428 | {
429 | throw "No Metasploit server session was provided"
430 | }
431 |
432 | if ($MSession -eq $null)
433 | {
434 | throw "Specified session was not found"
435 | }
436 |
437 | $request_reply = $MSession.Session.Execute("job.stop", $JobId)
438 |
439 | if ($request_reply.ContainsKey("error_code"))
440 | {
441 | if ($request_reply.error_code -eq 401)
442 | {
443 | write-verbose "The session has expired, Re-authenticating"
444 |
445 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
446 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
447 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
448 | if ($msfsess)
449 | {
450 | Write-Verbose "Authentication successful."
451 | # Select the correct session manager for the existing session
452 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
453 | {
454 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
455 | }
456 | else
457 | {
458 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
459 | }
460 |
461 | # Build the session object
462 | $SessionProps.Add('Manager',$msfmng)
463 | $SessionProps.Add('URI',$MSession.URI)
464 | $SessionProps.add('Host',$MSession.host)
465 | $SessionProps.add('Session',$msfsess)
466 | $SessionProps.Add('Credentials',$MSession.Credentials)
467 | $SessionProps.Add('Id', $MSession.Id)
468 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
469 | $sessionobj.pstypenames[0] = "Metasploit.Session"
470 |
471 | # Update the session with the new information
472 | Write-Verbose "Updating session with new authentication token"
473 | [void]$Global:MetasploitConn.Remove($MSession)
474 | [void]$Global:MetasploitConn.Add($sessionobj)
475 |
476 | # Get again the information
477 | $request_reply = $sessionobj.Session.Execute("job.stop", $JobId)
478 | if ($request_reply.ContainsKey('result'))
479 | {
480 | $request_reply.add('MSHost', $MSession.Host)
481 | $jobprops.Add("MSSessionID", $MSession.Id)
482 | $connectobj = New-Object -TypeName psobject -Property $request_reply
483 | $connectobj.pstypenames[0] = "Metasploit.Action"
484 | $connectobj
485 | }
486 | }
487 | }
488 | else
489 | {
490 | Write-Error -Message "$($request_reply.error_message)"
491 | }
492 | }
493 | elseif ($request_reply.ContainsKey("error_message"))
494 | {
495 | Write-Error -Message "$($request_reply.error_message)"
496 | }
497 | else
498 | {
499 | if ($request_reply.ContainsKey('result'))
500 | {
501 | $request_reply.add('MSHost', $MSession.Host)
502 | $jobprops.Add("MSSessionID", $MSession.Id)
503 | $connectobj = New-Object -TypeName psobject -Property $request_reply
504 | $connectobj.pstypenames[0] = "Metasploit.Action"
505 | $connectobj
506 | }
507 | }
508 | }
509 | }
--------------------------------------------------------------------------------
/console.psm1:
--------------------------------------------------------------------------------
1 |
2 | <#
3 | .Synopsis
4 | Gets active consoles on a Metasploit server.
5 | .DESCRIPTION
6 | Gets active consoles on a Metasploit server.
7 | .EXAMPLE
8 | Get-MSFConsole -Id 0
9 |
10 |
11 | Propmpt : msf >
12 | Busy : False
13 | MSHost : 192.168.1.104
14 | ConsoleId : 0
15 | MSSessionID : 0
16 | #>
17 | function Get-MSFConsole
18 | {
19 | [CmdletBinding(DefaultParameterSetName = 'Index')]
20 | param(
21 |
22 | # Metasploit session Id
23 | [Parameter(Mandatory=$true,
24 | ParameterSetName = 'Index',
25 | Position=0,
26 | ValueFromPipeline=$true,
27 | ValueFromPipelineByPropertyName=$true)]
28 | [Alias('Index','MSSessionID')]
29 | [int32]$Id,
30 |
31 | # Metasploit session object
32 | [Parameter(Mandatory=$true,
33 | ParameterSetName = 'Session',
34 | ValueFromPipeline=$true,
35 | ValueFromPipelineByPropertyName=$true,
36 | Position=0)]
37 | [psobject]$Session
38 | )
39 | BEGIN
40 | {
41 |
42 | }
43 | PROCESS
44 | {
45 | if ($Id -ge 0)
46 | {
47 | foreach($conn in $Global:MetasploitConn)
48 | {
49 | if ($conn.Id -eq $Id)
50 | {
51 | $MSession = $conn
52 | }
53 | }
54 | }
55 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
56 | {
57 | if ($Global:MetasploitConn.Contains($Session))
58 | {
59 | $MSession = $Session
60 | }
61 | else
62 | {
63 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
64 | }
65 | }
66 | else
67 | {
68 | throw 'No Metasploit server session was provided'
69 | }
70 |
71 | if ($MSession -eq $null)
72 | {
73 | throw 'Specified session was not found'
74 | }
75 |
76 | $request_reply = $MSession.Manager.ListConsoles()
77 |
78 | if ($request_reply.ContainsKey('error_code'))
79 | {
80 | if ($request_reply.error_code -eq 401)
81 | {
82 | write-verbose 'The session has expired, Re-authenticating'
83 |
84 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
85 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
86 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
87 | if ($msfsess)
88 | {
89 | Write-Verbose 'Authentication successful.'
90 | # Select the correct session manager for the existing session
91 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
92 | {
93 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
94 | }
95 | else
96 | {
97 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
98 | }
99 |
100 | # Build the session object
101 | $SessionProps.Add('Manager',$msfmng)
102 | $SessionProps.Add('URI',$MSession.URI)
103 | $SessionProps.add('Host',$MSession.host)
104 | $SessionProps.add('Session',$msfsess)
105 | $SessionProps.Add('Credentials',$MSession.Credentials)
106 | $SessionProps.Add('Id', $MSession.Id)
107 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
108 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
109 |
110 | # Update the session with the new information
111 | Write-Verbose 'Updating session with new authentication token'
112 | [void]$Global:MetasploitConn.Remove($MSession)
113 | [void]$Global:MetasploitConn.Add($sessionobj)
114 |
115 | # Get again the information
116 | $request_reply = $sessionobj.Manager.ListConsoles()
117 | if ($request_reply.ContainsKey('consoles'))
118 | {
119 | foreach ($console in $request_reply['consoles'])
120 | {
121 | $consoleprops = @{}
122 | $consoleprops.add('MSHost', $MSession.Host)
123 | $consoleprops.Add('Prompt', $console.prompt)
124 | $consoleprops.Add('ConsoleId', $console.id)
125 | $consoleprops.Add('Busy', $console.busy)
126 | $consoleprops.Add('MSSessionID', $MSession.Id)
127 | $consoleobj = New-Object -TypeName psobject -Property $consoleprops
128 | $consoleobj.pstypenames[0] = 'Metasploit.Console'
129 | $consoleobj
130 | }
131 | }
132 | }
133 | }
134 | else
135 | {
136 | Write-Error -Message "$($request_reply.error_message)"
137 | }
138 | }
139 | else
140 | {
141 | if ($request_reply.ContainsKey('consoles'))
142 | {
143 | foreach ($console in $request_reply['consoles'])
144 | {
145 | $consoleprops = @{}
146 | $consoleprops.add('MSHost', $MSession.Host)
147 | $consoleprops.Add('Propmpt', $console.prompt)
148 | $consoleprops.Add('ConsoleId', $console.id)
149 | $consoleprops.Add('Busy', $console.busy)
150 | $consoleprops.Add('MSSessionID', $MSession.Id)
151 | $consoleobj = New-Object -TypeName psobject -Property $consoleprops
152 | $consoleobj.pstypenames[0] = 'Metasploit.Console'
153 | $consoleobj
154 | }
155 | }
156 | }
157 | }
158 | }
159 |
160 |
161 | <#
162 | .Synopsis
163 | Creates a new console on a Metasploit server.
164 | .DESCRIPTION
165 | Creates a new console on a Metasploit server.
166 | .EXAMPLE
167 | New-MSFConsole -Id 0 | fl
168 |
169 |
170 | Propmpt : msf >
171 | Busy : False
172 | MSHost : 192.168.1.104
173 | ConsoleId : 0
174 | MSSessionID : 0
175 | #>
176 | function New-MSFConsole
177 | {
178 | [CmdletBinding(DefaultParameterSetName = 'Index')]
179 | param(
180 |
181 | # Metasploit session Id
182 | [Parameter(Mandatory=$true,
183 | ParameterSetName = 'Index',
184 | Position=0,
185 | ValueFromPipeline=$true,
186 | ValueFromPipelineByPropertyName=$true)]
187 | [Alias('Index','MSSessionID')]
188 | [int32]$Id,
189 |
190 | # Metasploit session object
191 | [Parameter(Mandatory=$true,
192 | ParameterSetName = 'Session',
193 | ValueFromPipeline=$true,
194 | ValueFromPipelineByPropertyName=$true,
195 | Position=0)]
196 | [psobject]$Session
197 | )
198 | BEGIN
199 | {
200 |
201 | }
202 | PROCESS
203 | {
204 | if ($Id -ge 0)
205 | {
206 | foreach($conn in $Global:MetasploitConn)
207 | {
208 | if ($conn.Id -eq $Id)
209 | {
210 | $MSession = $conn
211 | }
212 | }
213 | }
214 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
215 | {
216 | if ($Global:MetasploitConn.Contains($Session))
217 | {
218 | $MSession = $Session
219 | }
220 | else
221 | {
222 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
223 | }
224 | }
225 | else
226 | {
227 | throw 'No Metasploit server session was provided'
228 | }
229 |
230 | if ($MSession -eq $null)
231 | {
232 | throw 'Specified session was not found'
233 | }
234 |
235 | $request_reply = $MSession.Manager.CreateConsole()
236 |
237 | if ($request_reply.ContainsKey('error_code'))
238 | {
239 | if ($request_reply.error_code -eq 401)
240 | {
241 | write-verbose 'The session has expired, Re-authenticating'
242 |
243 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
244 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
245 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
246 | if ($msfsess)
247 | {
248 | Write-Verbose 'Authentication successful.'
249 | # Select the correct session manager for the existing session
250 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
251 | {
252 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
253 | }
254 | else
255 | {
256 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
257 | }
258 |
259 | # Build the session object
260 | $SessionProps.Add('Manager',$msfmng)
261 | $SessionProps.Add('URI',$MSession.URI)
262 | $SessionProps.add('Host',$MSession.host)
263 | $SessionProps.add('Session',$msfsess)
264 | $SessionProps.Add('Credentials',$MSession.Credentials)
265 | $SessionProps.Add('Id', $MSession.Id)
266 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
267 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
268 |
269 | # Update the session with the new information
270 | Write-Verbose 'Updating session with new authentication token'
271 | [void]$Global:MetasploitConn.Remove($MSession)
272 | [void]$Global:MetasploitConn.Add($sessionobj)
273 |
274 | # Get again the information
275 | $request_reply = $sessionobj.Manager.CreateConsole()
276 | if ($request_reply.ContainsKey('id'))
277 | {
278 | $consoleprops = @{}
279 | $consoleprops.add('MSHost', $MSession.Host)
280 | $consoleprops.Add('Propmpt', $request_reply.prompt)
281 | $consoleprops.Add('ConsoleId', $request_reply.id)
282 | $consoleprops.Add('Busy', $request_reply.busy)
283 | $consoleprops.Add('MSSessionID', $MSession.Id)
284 | $consoleobj = New-Object -TypeName psobject -Property $consoleprops
285 | $consoleobj.pstypenames[0] = 'Metasploit.Console'
286 | $consoleobj
287 | }
288 | }
289 | }
290 | else
291 | {
292 | Write-Error -Message "$($request_reply.error_message)"
293 | }
294 | }
295 | else
296 | {
297 | if ($request_reply.ContainsKey('id'))
298 | {
299 | $consoleprops = @{}
300 | $consoleprops.add('MSHost', $MSession.Host)
301 | $consoleprops.Add('Propmpt', $request_reply.prompt)
302 | $consoleprops.Add('ConsoleId', $request_reply.id)
303 | $consoleprops.Add('Busy', $request_reply.busy)
304 | $consoleprops.Add('MSSessionID', $MSession.Id)
305 | $consoleobj = New-Object -TypeName psobject -Property $consoleprops
306 | $consoleobj.pstypenames[0] = 'Metasploit.Console'
307 | $consoleobj
308 | }
309 | }
310 | }
311 | }
312 |
313 |
314 | <#
315 | .Synopsis
316 | Removes an active console from a Metasploit server.
317 | .DESCRIPTION
318 | Removes an active console from a Metasploit server.
319 | .EXAMPLE
320 | Remove-MSFConsole -Id 0 -ConsoleId 1 | fl
321 |
322 |
323 | result : success
324 | MSHost : 192.168.1.104
325 | MSSessionID : 0
326 | #>
327 | function Remove-MSFConsole
328 | {
329 | [CmdletBinding(DefaultParameterSetName = 'Index')]
330 | param(
331 |
332 | # Metasploit session Id
333 | [Parameter(Mandatory=$true,
334 | ParameterSetName = 'Index',
335 | Position=0,
336 | ValueFromPipeline=$true,
337 | ValueFromPipelineByPropertyName=$true)]
338 | [Alias('Index','MSSessionID')]
339 | [int32]$Id,
340 |
341 | # Metasploit session object
342 | [Parameter(Mandatory=$true,
343 | ParameterSetName = 'Session',
344 | ValueFromPipeline=$true,
345 | ValueFromPipelineByPropertyName=$true,
346 | Position=0)]
347 | [psobject]$Session,
348 |
349 | # Console Id
350 | [Parameter(Mandatory=$true,
351 | ParameterSetName = 'Session',
352 | Position=1,
353 | ValueFromPipelineByPropertyName=$true)]
354 | [Parameter(Mandatory=$true,
355 | ParameterSetName = 'Index',
356 | Position=1,
357 | ValueFromPipelineByPropertyName=$true)]
358 | [int]$ConsoleId
359 | )
360 | BEGIN
361 | {
362 |
363 | }
364 | PROCESS
365 | {
366 | if ($Id -ge 0)
367 | {
368 | foreach($conn in $Global:MetasploitConn)
369 | {
370 | if ($conn.Id -eq $Id)
371 | {
372 | $MSession = $conn
373 | }
374 | }
375 | }
376 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
377 | {
378 | if ($Global:MetasploitConn.Contains($Session))
379 | {
380 | $MSession = $Session
381 | }
382 | else
383 | {
384 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
385 | }
386 | }
387 | else
388 | {
389 | throw 'No Metasploit server session was provided'
390 | }
391 |
392 | if ($MSession -eq $null)
393 | {
394 | throw 'Specified session was not found'
395 | }
396 | Write-Verbose 'Checking existing consoles'
397 |
398 | $current_consoles = Get-MSFConsole -Session $MSession
399 |
400 | if ($current_consoles)
401 | {
402 | $present = $false
403 | foreach ($con in $current_consoles)
404 | {
405 | if ($con.ConsoleId -eq $ConsoleId)
406 | {
407 | $present = $true
408 | }
409 | }
410 | if (!($present))
411 | {
412 | Write-Warning "A console with ID $($ConsoleId) is not present."
413 | return
414 | }
415 | }
416 | else
417 | {
418 | Write-Warning 'There are no consoles to interact with.'
419 | return
420 | }
421 |
422 | $request_reply = $MSession.Manager.DestroyConsole($Id)
423 |
424 | if ($request_reply.ContainsKey('error_code'))
425 | {
426 | if ($request_reply.error_code -eq 401)
427 | {
428 | write-verbose 'The session has expired, Re-authenticating'
429 |
430 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
431 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
432 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
433 | if ($msfsess)
434 | {
435 | Write-Verbose 'Authentication successful.'
436 | # Select the correct session manager for the existing session
437 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
438 | {
439 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
440 | }
441 | else
442 | {
443 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
444 | }
445 |
446 | # Build the session object
447 | $SessionProps.Add('Manager',$msfmng)
448 | $SessionProps.Add('URI',$MSession.URI)
449 | $SessionProps.add('Host',$MSession.host)
450 | $SessionProps.add('Session',$msfsess)
451 | $SessionProps.Add('Credentials',$MSession.Credentials)
452 | $SessionProps.Add('Id', $MSession.Id)
453 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
454 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
455 |
456 | # Update the session with the new information
457 | Write-Verbose 'Updating session with new authentication token'
458 | [void]$Global:MetasploitConn.Remove($MSession)
459 | [void]$Global:MetasploitConn.Add($sessionobj)
460 |
461 | # Get again the information
462 | $request_reply = $sessionobj.Manager.DestroyConsole($Id)
463 | if ($request_reply.ContainsKey('result'))
464 | {
465 | $request_reply.add('MSHost', $MSession.Host)
466 | $request_reply.Add('MSSessionID', $MSession.Id)
467 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
468 | $pluginobj.pstypenames[0] = 'Metasploit.Action'
469 | $pluginobj
470 | }
471 | }
472 | }
473 | else
474 | {
475 | Write-Error -Message "$($request_reply.error_message)"
476 | }
477 | }
478 | else
479 | {
480 | if ($request_reply.ContainsKey('result'))
481 | {
482 | $request_reply.add('MSHost', $MSession.Host)
483 | $request_reply.Add('MSSessionID', $MSession.Id)
484 | $pluginobj = New-Object -TypeName psobject -Property $request_reply
485 | $pluginobj.pstypenames[0] = 'Metasploit.Action'
486 | $pluginobj
487 | }
488 | }
489 | }
490 | }
491 |
492 |
493 | <#
494 | .Synopsis
495 | Writes text to a selected Metasploir console.
496 | .DESCRIPTION
497 | Writes text to a selected Metasploir console.
498 | .EXAMPLE
499 | Write-MSFConsole -Id 0 -ConsoleId 0 -Text "version`n" | fl *
500 |
501 |
502 | wrote : 8
503 | MSHost : 192.168.1.104
504 | Command :
505 | MSSessionID : 0
506 | #>
507 | function Write-MSFConsole
508 | {
509 | [CmdletBinding(DefaultParameterSetName = 'Index')]
510 | param(
511 |
512 | # Metasploit session Id
513 | [Parameter(Mandatory=$true,
514 | ParameterSetName = 'Index',
515 | Position=0,
516 | ValueFromPipeline=$true,
517 | ValueFromPipelineByPropertyName=$true)]
518 | [Alias('Index','MSSessionID')]
519 | [int32]$Id,
520 |
521 | # Metasploit session object
522 | [Parameter(Mandatory=$true,
523 | ParameterSetName = 'Session',
524 | ValueFromPipeline=$true,
525 | ValueFromPipelineByPropertyName=$true,
526 | Position=0)]
527 | [psobject]$Session,
528 |
529 | # Console Id
530 | [Parameter(Mandatory=$true,
531 | Position=1,
532 | ValueFromPipelineByPropertyName=$true)]
533 | [int]$ConsoleId,
534 |
535 | # Console Id
536 | [Parameter(Mandatory=$true,
537 | Position=2,
538 | ValueFromPipelineByPropertyName=$true)]
539 | [string]$Text
540 | )
541 | BEGIN
542 | {
543 |
544 | }
545 | PROCESS
546 | {
547 | if ($Id -ge 0)
548 | {
549 | foreach($conn in $Global:MetasploitConn)
550 | {
551 | if ($conn.Id -eq $Id)
552 | {
553 | $MSession = $conn
554 | }
555 | }
556 | }
557 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
558 | {
559 | if ($Global:MetasploitConn.Contains($Session))
560 | {
561 | $MSession = $Session
562 | }
563 | else
564 | {
565 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
566 | }
567 | }
568 | else
569 | {
570 | throw 'No Metasploit server session was provided'
571 | }
572 |
573 | if ($MSession -eq $null)
574 | {
575 | throw 'Specified session was not found'
576 | }
577 |
578 | $current_consoles = Get-MSFConsole -Session $MSession
579 |
580 | if ($current_consoles)
581 | {
582 | $present = $false
583 | foreach ($con in $current_consoles)
584 | {
585 | if ($con.consoleid -eq $ConsoleId)
586 | {
587 | $present = $true
588 | }
589 | }
590 | if (!($present))
591 | {
592 | Write-Warning "A console with ID $($ConsoleId) is not present."
593 | return
594 | }
595 | }
596 | else
597 | {
598 | Write-Warning 'There are no consoles to interact with.'
599 | return
600 | }
601 |
602 | Write-Verbose 'Writing text to the console.'
603 | $request_reply = $MSession.Manager.WriteToConsole($ConsoleId, $Text)
604 |
605 | if ($request_reply.ContainsKey('error_code'))
606 | {
607 | if ($request_reply.error_code -eq 401)
608 | {
609 | write-verbose 'The session has expired, Re-authenticating'
610 |
611 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
612 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
613 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
614 | if ($msfsess)
615 | {
616 | Write-Verbose 'Authentication successful.'
617 | # Select the correct session manager for the existing session
618 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
619 | {
620 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
621 | }
622 | else
623 | {
624 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
625 | }
626 |
627 | # Build the session object
628 | $SessionProps.Add('Manager',$msfmng)
629 | $SessionProps.Add('URI',$MSession.URI)
630 | $SessionProps.add('Host',$MSession.host)
631 | $SessionProps.add('Session',$msfsess)
632 | $SessionProps.Add('Credentials',$MSession.Credentials)
633 | $SessionProps.Add('Id', $MSession.Id)
634 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
635 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
636 |
637 | # Update the session with the new information
638 | Write-Verbose 'Updating session with new authentication token'
639 | [void]$Global:MetasploitConn.Remove($MSession)
640 | [void]$Global:MetasploitConn.Add($sessionobj)
641 |
642 | # Get again the information
643 | $request_reply = $sessionobj.Manager.WriteToConsole($ConsoleId, $Text)
644 | if ($request_reply.ContainsKey('wrote'))
645 | {
646 | $request_reply.add('MSHost', $MSession.Host)
647 | $request_reply.add('Command', $Command)
648 | $request_reply.Add('MSSessionID', $MSession.Id)
649 | $writeobj = New-Object -TypeName psobject -Property $request_reply
650 | $writeobj.pstypenames[0] = 'Metasploit.Console.Write'
651 | $writeobj
652 | }
653 | }
654 | }
655 | else
656 | {
657 | Write-Error -Message "$($request_reply.error_message)"
658 | }
659 | }
660 | else
661 | {
662 | if ($request_reply.ContainsKey('wrote'))
663 | {
664 | $request_reply.add('MSHost', $MSession.Host)
665 | $request_reply.add('Text', $Text.TrimEnd())
666 | $request_reply.Add('MSSessionID', $MSession.Id)
667 | $writeobj = New-Object -TypeName psobject -Property $request_reply
668 | $writeobj.pstypenames[0] = 'Metasploit.Console.write'
669 | $writeobj
670 | }
671 | }
672 | }
673 | }
674 |
675 |
676 | <#
677 | .Synopsis
678 | Invokes a console command on a specific console on the Metasploit server.
679 | .DESCRIPTION
680 | Invokes a console command on a specific console on the Metasploit server.
681 | .EXAMPLE
682 | Invoke-MSFConsoleCommand -Id 0 -ConsoleId 0 -Command "jobs" | fl *
683 |
684 |
685 | wrote : 5
686 | MSHost : 192.168.1.104
687 | Command : jobs
688 |
689 | MSSessionID : 0
690 |
691 |
692 |
693 |
694 | PS C:\> Read-MSFConsole -Id 0 -ConsoleId 0
695 |
696 |
697 | data : Framework: 4.8.0-dev
698 | Console : 4.8.0-dev.15168
699 |
700 | Jobs
701 | ====
702 |
703 | Id Name
704 | -- ----
705 | 1 Exploit: multi/handler
706 | 2 Exploit: multi/handler
707 |
708 |
709 | prompt : msf >
710 | busy : False
711 | MSHost : 192.168.1.104
712 | MSSessionID : 0
713 |
714 | #>
715 | function Invoke-MSFConsoleCommand
716 | {
717 | [CmdletBinding(DefaultParameterSetName = 'Index')]
718 | param(
719 |
720 | # Metasploit session Id
721 | [Parameter(Mandatory=$true,
722 | ParameterSetName = 'Index',
723 | Position=0,
724 | ValueFromPipeline=$true,
725 | ValueFromPipelineByPropertyName=$true)]
726 | [Alias('Index','MSSessionID')]
727 | [int32]$Id,
728 |
729 | # Metasploit session object
730 | [Parameter(Mandatory=$true,
731 | ParameterSetName = 'Session',
732 | ValueFromPipeline=$true,
733 | ValueFromPipelineByPropertyName=$true,
734 | Position=0)]
735 | [psobject]$Session,
736 |
737 | # Console Id
738 | [Parameter(Mandatory=$true,
739 | Position=1,
740 | ValueFromPipelineByPropertyName=$true)]
741 | [int]$ConsoleId,
742 |
743 | # Console Id
744 | [Parameter(Mandatory=$true,
745 | Position=2,
746 | ValueFromPipelineByPropertyName=$true)]
747 | [string]$Command
748 | )
749 | BEGIN
750 | {
751 | $Command = $Command + "`n"
752 |
753 | }
754 | PROCESS
755 | {
756 | if ($Id -ge 0)
757 | {
758 | foreach($conn in $Global:MetasploitConn)
759 | {
760 | if ($conn.Id -eq $Id)
761 | {
762 | $MSession = $conn
763 | }
764 | }
765 | }
766 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
767 | {
768 | if ($Global:MetasploitConn.Contains($Session))
769 | {
770 | $MSession = $Session
771 | }
772 | else
773 | {
774 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
775 | }
776 | }
777 | else
778 | {
779 | throw 'No Metasploit server session was provided'
780 | }
781 |
782 | if ($MSession -eq $null)
783 | {
784 | throw 'Specified session was not found'
785 | }
786 |
787 | $current_consoles = Get-MSFConsole -Session $MSession
788 |
789 | if ($current_consoles)
790 | {
791 | $present = $false
792 | foreach ($con in $current_consoles)
793 | {
794 | if ($con.consoleid -eq $ConsoleId)
795 | {
796 | $present = $true
797 | }
798 | }
799 | if (!($present))
800 | {
801 | Write-Warning "A console with ID $($ConsoleId) is not present."
802 | return
803 | }
804 | }
805 | else
806 | {
807 | Write-Warning 'There are no consoles to interact with.'
808 | return
809 | }
810 |
811 | Write-Verbose "Executing command $command"
812 | $request_reply = $MSession.Manager.WriteToConsole($ConsoleId, $Command)
813 |
814 | if ($request_reply.ContainsKey('error_code'))
815 | {
816 | if ($request_reply.error_code -eq 401)
817 | {
818 | write-verbose 'The session has expired, Re-authenticating'
819 |
820 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
821 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
822 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
823 | if ($msfsess)
824 | {
825 | Write-Verbose 'Authentication successful.'
826 | # Select the correct session manager for the existing session
827 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
828 | {
829 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
830 | }
831 | else
832 | {
833 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
834 | }
835 |
836 | # Build the session object
837 | $SessionProps.Add('Manager',$msfmng)
838 | $SessionProps.Add('URI',$MSession.URI)
839 | $SessionProps.add('Host',$MSession.host)
840 | $SessionProps.add('Session',$msfsess)
841 | $SessionProps.Add('Credentials',$MSession.Credentials)
842 | $SessionProps.Add('Id', $MSession.Id)
843 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
844 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
845 |
846 | # Update the session with the new information
847 | Write-Verbose 'Updating session with new authentication token'
848 | [void]$Global:MetasploitConn.Remove($MSession)
849 | [void]$Global:MetasploitConn.Add($sessionobj)
850 |
851 | # Get again the information
852 | $request_reply = $sessionobj.Manager.WriteToConsole($ConsoleId, $Command)
853 | if ($request_reply.ContainsKey('wrote'))
854 | {
855 | $request_reply.add('MSHost', $MSession.Host)
856 | $request_reply.add('Command', $Command)
857 | $request_reply.Add('MSSessionID', $MSession.Id)
858 | $writeobj = New-Object -TypeName psobject -Property $request_reply
859 | $writeobj.pstypenames[0] = 'Metasploit.Console.Write'
860 | $writeobj
861 | }
862 | }
863 | }
864 | else
865 | {
866 | Write-Error -Message "$($request_reply.error_message)"
867 | }
868 | }
869 | elseif ($request_reply.ContainsKey('error_message'))
870 | {
871 | Write-Error -Message "$($request_reply.error_message)"
872 | }
873 | else
874 | {
875 | if ($request_reply.ContainsKey('wrote'))
876 | {
877 | $request_reply.add('MSHost', $MSession.Host)
878 | $request_reply.add('Command', $Command)
879 | $request_reply.Add('MSSessionID', $MSession.Id)
880 | $writeobj = New-Object -TypeName psobject -Property $request_reply
881 | $writeobj.pstypenames[0] = 'Metasploit.Console.write'
882 | $writeobj
883 | }
884 | }
885 | }
886 | }
887 |
888 |
889 | <#
890 | .Synopsis
891 | Reads the current data in the buffer of a console on a Metasploit server.
892 | .DESCRIPTION
893 | Reads the current data in the buffer of a console on a Metasploit server.
894 | .EXAMPLE
895 | Write-MSFConsole -Id 0 -ConsoleId 0 -Text "version`n" | fl *
896 |
897 |
898 | wrote : 8
899 | MSHost : 192.168.1.104
900 | Command :
901 | MSSessionID : 0
902 |
903 |
904 |
905 |
906 | PS C:\> Read-MSFConsole -Id 0 -ConsoleId 0
907 |
908 |
909 | data : Framework: 4.8.0-dev
910 | Console : 4.8.0-dev.15168
911 |
912 | prompt : msf >
913 | busy : False
914 | MSHost : 192.168.1.104
915 | MSSessionID : 0
916 |
917 | #>
918 | function Read-MSFConsole
919 | {
920 | [CmdletBinding(DefaultParameterSetName = 'Index')]
921 | param(
922 |
923 | # Metasploit session Id
924 | [Parameter(Mandatory=$true,
925 | ParameterSetName = 'Index',
926 | Position=0,
927 | ValueFromPipeline=$true,
928 | ValueFromPipelineByPropertyName=$true)]
929 | [Alias('Index','MSSessionID')]
930 | [int32]$Id,
931 |
932 | # Metasploit session object
933 | [Parameter(Mandatory=$true,
934 | ParameterSetName = 'Session',
935 | ValueFromPipeline=$true,
936 | ValueFromPipelineByPropertyName=$true,
937 | Position=0)]
938 | [psobject]$Session,
939 |
940 | # Console Id
941 | [Parameter(Mandatory=$true,
942 | Position=1,
943 | ValueFromPipelineByPropertyName=$true)]
944 | [int]$ConsoleId
945 | )
946 | BEGIN
947 | {
948 |
949 | }
950 | PROCESS
951 | {
952 | if ($Id -ge 0)
953 | {
954 | foreach($conn in $Global:MetasploitConn)
955 | {
956 | if ($conn.Id -eq $Id)
957 | {
958 | $MSession = $conn
959 | }
960 | }
961 | }
962 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
963 | {
964 | if ($Global:MetasploitConn.Contains($Session))
965 | {
966 | $MSession = $Session
967 | }
968 | else
969 | {
970 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
971 | }
972 | }
973 | else
974 | {
975 | throw 'No Metasploit server session was provided'
976 | }
977 |
978 | if ($MSession -eq $null)
979 | {
980 | throw 'Specified session was not found'
981 | }
982 |
983 | $current_consoles = Get-MSFConsole -Session $MSession
984 |
985 | if ($current_consoles)
986 | {
987 | $present = $false
988 | foreach ($con in $current_consoles)
989 | {
990 | if ($con.ConsoleId -eq $ConsoleId)
991 | {
992 | $present = $true
993 | }
994 | }
995 | if (!($present))
996 | {
997 | Write-Warning "A console with ID $($ConsoleId) is not present."
998 | return
999 | }
1000 | }
1001 | else
1002 | {
1003 | Write-Warning 'There are no consoles to interact with.'
1004 | return
1005 | }
1006 |
1007 | $request_reply = $MSession.Manager.ReadConsole($ConsoleId)
1008 |
1009 | if ($request_reply.ContainsKey('error_code'))
1010 | {
1011 | if ($request_reply.error_code -eq 401)
1012 | {
1013 | write-verbose 'The session has expired, Re-authenticating'
1014 |
1015 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
1016 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
1017 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
1018 | if ($msfsess)
1019 | {
1020 | Write-Verbose 'Authentication successful.'
1021 | # Select the correct session manager for the existing session
1022 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
1023 | {
1024 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
1025 | }
1026 | else
1027 | {
1028 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
1029 | }
1030 |
1031 | # Build the session object
1032 | $SessionProps.Add('Manager',$msfmng)
1033 | $SessionProps.Add('URI',$MSession.URI)
1034 | $SessionProps.add('Host',$MSession.host)
1035 | $SessionProps.add('Session',$msfsess)
1036 | $SessionProps.Add('Credentials',$MSession.Credentials)
1037 | $SessionProps.Add('Id', $MSession.Id)
1038 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
1039 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
1040 |
1041 | # Update the session with the new information
1042 | Write-Verbose 'Updating session with new authentication token'
1043 | [void]$Global:MetasploitConn.Remove($MSession)
1044 | [void]$Global:MetasploitConn.Add($sessionobj)
1045 |
1046 | # Get again the information
1047 | $request_reply = $sessionobj.Manager.ReadConsole($ConsoleId)
1048 | if ($request_reply.ContainsKey('data'))
1049 | {
1050 | $request_reply.add('MSHost', $MSession.Host)
1051 | $request_reply.Add('MSSessionID', $MSession.Id)
1052 | $writeobj = New-Object -TypeName psobject -Property $request_reply
1053 | $writeobj.pstypenames[0] = 'Metasploit.Console.Write'
1054 | $writeobj
1055 | }
1056 | }
1057 | }
1058 | else
1059 | {
1060 | Write-Error -Message "$($request_reply.error_message)"
1061 | }
1062 | }
1063 | elseif ($request_reply.ContainsKey('error_message'))
1064 | {
1065 | Write-Error -Message "$($request_reply.error_message)"
1066 | }
1067 | else
1068 | {
1069 | if ($request_reply.ContainsKey('data'))
1070 | {
1071 | $request_reply.add('MSHost', $MSession.Host)
1072 | $request_reply.Add('MSSessionID', $MSession.Id)
1073 | $writeobj = New-Object -TypeName psobject -Property $request_reply
1074 | $writeobj.pstypenames[0] = 'Metasploit.Console.write'
1075 | $writeobj
1076 | }
1077 | }
1078 | }
1079 | }
1080 |
--------------------------------------------------------------------------------
/Posh-Metasploit.psm1:
--------------------------------------------------------------------------------
1 | if (!(Test-Path variable:Global:MetasploitConn ))
2 | {
3 | $Global:MetasploitConn = New-Object System.Collections.ArrayList
4 | }
5 |
6 |
7 | <#
8 | .Synopsis
9 | Create a new Metasploit Server Session to a given MSFRPCD Server.
10 | .DESCRIPTION
11 | Create a new Metasploit Server Session to a given MSFRPCD Server. The Metasploit server
12 | can be a Framework server running msfrpcd or the commercial version of Metasploit from
13 | Rapid7. Authentication can be done with Username and Password or using an existing permanent
14 | token.
15 | .EXAMPLE
16 | New-MSFServerSession -ComputerName 192.168.1.104 -Port 55553 -Credentials (Get-Credential msf)
17 |
18 |
19 | Manager : metasploitsharp.MetasploitManager
20 | URI : https://192.168.1.104:55553/api/1.1
21 | Host : 192.168.1.104
22 | Credentials : System.Management.Automation.PSCredential
23 | Session : metasploitsharp.MetasploitSession
24 | Id : 1
25 |
26 | .EXAMPLE
27 | New-MSFServerSession -ComputerName 192.168.1.104 -Port 55553 -Token TEMP2996258342382165380499920035
28 |
29 |
30 | Manager : metasploitsharp.MetasploitManager
31 | URI : https://192.168.1.104:55553/api/1.1
32 | Host : 192.168.1.104
33 | Credentials :
34 | Session : metasploitsharp.MetasploitSession
35 | Id : 0
36 | #>
37 | function New-MSFServerSession
38 | {
39 | [CmdletBinding(DefaultParameterSetName = 'Credential')]
40 | Param
41 | (
42 | # Metasploit Server FQDN or IP.
43 | [Parameter(Mandatory=$true,
44 | Position=0)]
45 | [Parameter(ParameterSetName = 'Credential')]
46 | [Parameter(ParameterSetName = 'Token')]
47 | [string[]]$ComputerName,
48 |
49 | # Credentials for connecting to the Metasploit RPC Server
50 | [Parameter(Mandatory=$true,
51 | Position=1,
52 | ParameterSetName = 'Credential')]
53 | [Management.Automation.PSCredential]$Credentials,
54 |
55 | # Port of the Metasploit RPC server. Use 55553 for Framework and 3790 for commercial versions.
56 | [Parameter(Mandatory=$false,
57 | Position=2)]
58 | [Int32]$Port = 55553,
59 |
60 | # Version of API to use depending on target server.
61 | [validateset('Pro','Framework')]
62 | [string]$Version = 'Framework',
63 |
64 | [validateset('Pro','Framework')]
65 | [switch]$DisableSSL,
66 |
67 | # Specify a existing permanent token to use.
68 | [Parameter(Mandatory=$false, ParameterSetName = 'Token')]
69 | [ValidateScript({ $_.Length -eq 32})]
70 | [string]$Token
71 | )
72 |
73 | Begin
74 | {
75 | }
76 | Process
77 | {
78 | foreach ($Computer in $ComputerName)
79 | {
80 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
81 | if ($DisableSSL)
82 | {
83 | $proto = 'http'
84 | }
85 | else
86 | {
87 | $proto = 'https'
88 | }
89 | switch ($PSCmdlet.ParameterSetName)
90 | {
91 | 'Credential'
92 | {
93 | $sessparams = $Credentials.GetNetworkCredential().UserName,$Credentials.GetNetworkCredential().Password,"$($proto)://$($ComputerName):$($Port)/api/1.1"
94 | }
95 |
96 | 'Token'
97 | {
98 | $sessparams = $Token,"$($proto)://$($ComputerName):$($Port)/api/1.1"
99 | }
100 | Default {}
101 | }
102 |
103 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
104 | if ($msfsess)
105 | {
106 | if ($Version -eq 'Framework')
107 | {
108 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
109 | }
110 | else
111 | {
112 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
113 | }
114 |
115 | $SessionProps.Add('Manager',$msfmng)
116 | $SessionProps.Add('URI',"https://$($ComputerName):$($Port)/api/1.1")
117 | $SessionProps.add('Host', $computer)
118 | $SessionProps.Add('Credentials',$Credentials)
119 | $SessionProps.add('Session',$msfsess)
120 | $SessionIndex = $Global:MetasploitConn.Count
121 | $SessionProps.Add('Id', $SessionIndex)
122 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
123 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
124 |
125 | [void]$Global:MetasploitConn.Add($sessionobj)
126 |
127 | $sessionobj
128 | }
129 | }
130 | }
131 | End
132 | {
133 | }
134 | }
135 |
136 |
137 | <#
138 | .Synopsis
139 | Sets on a existing MSF Server Session a Authentication Token.
140 | .DESCRIPTION
141 | Sets on a existing MSF Server Session a existing authentication token is already present on the server
142 | or has been generated wit New-MSFAuthToken function.
143 | .EXAMPLE
144 | $Global:MetasploitConn[1].Session
145 |
146 | Token
147 | -----
148 | TEMPJ69aGNgFEMURvkl9Z1IjwjrDSL7b
149 |
150 |
151 |
152 | C:\PS> Set-MSFAuthToken -Id 1 -Token TEMP2996258342382165380499920035 -Verbose
153 | VERBOSE: The session has expired, Re-authenticating
154 | VERBOSE: Authentication successful.
155 | VERBOSE: Updating session with new authentication token
156 |
157 |
158 | Manager : metasploitsharp.MetasploitManager
159 | URI : https://192.168.1.104:55553/api/1.1
160 | Host : 192.168.1.104
161 | Session : metasploitsharp.MetasploitSession
162 | Credentials : System.Management.Automation.PSCredential
163 | Id : 1
164 |
165 |
166 |
167 |
168 | C:\PS> $Global:MetasploitConn[1].Session
169 |
170 | Token
171 | -----
172 | TEMP2996258342382165380499920035
173 | #>
174 | function Set-MSFAuthToken
175 | {
176 | [CmdletBinding()]
177 | [OutputType([int])]
178 | Param
179 | (
180 | # Metasploit session Id
181 | [Parameter(Mandatory=$true,
182 | ParameterSetName = 'Index',
183 | Position=0,
184 | ValueFromPipeline=$true,
185 | ValueFromPipelineByPropertyName=$true)]
186 | [Alias('Index','MSSessionID')]
187 | [int32]$Id,
188 |
189 | # Metasploit session object
190 | [Parameter(Mandatory=$true,
191 | ParameterSetName = 'Session',
192 | ValueFromPipeline=$true,
193 | ValueFromPipelineByPropertyName=$true,
194 | Position=0)]
195 | [psobject]$Session,
196 |
197 |
198 | [Parameter(Mandatory=$true,
199 | ValueFromPipelineByPropertyName=$true,
200 | Position=1)]
201 | [string]$Token
202 | )
203 |
204 | Begin
205 | {
206 | }
207 | Process
208 | {
209 | if ($Id -ge 0)
210 | {
211 | foreach($conn in $Global:MetasploitConn)
212 | {
213 | if ($conn.Id -eq $Id)
214 | {
215 | $MSession = $conn
216 | }
217 | }
218 | }
219 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
220 | {
221 | if ($Global:MetasploitConn.Contains($Session))
222 | {
223 | $MSession = $Session
224 | }
225 | else
226 | {
227 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
228 | }
229 | }
230 | else
231 | {
232 | throw 'No Metasploit server session was provided'
233 | }
234 |
235 | if ($MSession -eq $null)
236 | {
237 | throw 'Specified session was not found'
238 | }
239 |
240 | $request_reply = $MSession.Manager.ListConsoles()
241 |
242 | if ($request_reply.ContainsKey('error_code'))
243 | {
244 | if ($request_reply.error_code -eq 401)
245 | {
246 | write-verbose 'The session has expired, Re-authenticating'
247 |
248 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
249 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
250 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
251 | if ($msfsess)
252 | {
253 | Write-Verbose 'Authentication successful.'
254 | # Select the correct session manager for the existing session
255 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
256 | {
257 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
258 | }
259 | else
260 | {
261 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
262 | }
263 |
264 | # Build the session object
265 | $SessionProps.Add('Manager',$msfmng)
266 | $SessionProps.Add('URI',$MSession.URI)
267 | $SessionProps.add('Host',$MSession.host)
268 | $SessionProps.add('Session',$msfsess)
269 | $SessionProps.Add('Credentials',$MSession.Credentials)
270 | $SessionProps.Add('Id', $MSession.Id)
271 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
272 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
273 | $sessionobj.session.token = $Token
274 | # Update the session with the new information
275 | Write-Verbose 'Updating session with new authentication token'
276 | [void]$Global:MetasploitConn.Remove($MSession)
277 | [void]$Global:MetasploitConn.Add($sessionobj)
278 |
279 | # Now that the object has been updated return it
280 | $sessionobj
281 |
282 | }
283 | }
284 | else
285 | {
286 | Write-Error -Message "$($request_reply.error_message)"
287 | }
288 | }
289 | else
290 | {
291 | $MSession.session.token = $Token
292 | # Update the session with the new information
293 | Write-Verbose 'Updating session with new authentication token'
294 | [void]$Global:MetasploitConn.Remove($MSession)
295 | [void]$Global:MetasploitConn.Add($MSession)
296 | }
297 |
298 | }
299 | End
300 | {
301 | }
302 | }
303 |
304 |
305 | <#
306 | .Synopsis
307 | Retrives a specified Metasploit server session or all sessions.
308 | .DESCRIPTION
309 | Retrives a specified Metasploit server session or list of sessions given the Id for each session from
310 | the variable $Global:MetasploitConn if none is specified it retrieves all sessions.
311 | .EXAMPLE
312 | Get-MSFServerSession
313 |
314 |
315 | Manager : metasploitsharp.MetasploitManager
316 | URI : https://192.168.1.104:55553/api/1.1
317 | Host : 192.168.1.104
318 | Credentials :
319 | Session : metasploitsharp.MetasploitSession
320 | Id : 0
321 |
322 | Manager : metasploitsharp.MetasploitManager
323 | URI : https://192.168.1.104:55553/api/1.1
324 | Host : 192.168.1.104
325 | Session : metasploitsharp.MetasploitSession
326 | Credentials : System.Management.Automation.PSCredential
327 | Id : 1
328 |
329 | #>
330 | function Get-MSFServerSession
331 | {
332 | [CmdletBinding()]
333 | param(
334 |
335 | # Metasploit session Id
336 | [Parameter(Mandatory=$false,
337 | ParameterSetName = 'Index',
338 | Position=0)]
339 | [Alias('Index')]
340 | [int32[]]$Id = @()
341 | )
342 |
343 | Begin{}
344 | Process
345 | {
346 | if ($Index.Count -gt 0)
347 | {
348 | foreach($i in $Id)
349 | {
350 | foreach($Connection in $Global:MetasploitConn)
351 | {
352 | if ($Connection.Index -eq $i)
353 | {
354 | $Connection
355 | }
356 | }
357 | }
358 | }
359 | else
360 | {
361 | # Return all database connections.
362 | $return_sessions = @()
363 | foreach($s in $Global:MetasploitConn){$return_sessions += $s}
364 | $return_sessions
365 | }
366 | }
367 | End{}
368 | }
369 |
370 |
371 | <#
372 | .Synopsis
373 | Removes an existing Metasploit server session.
374 | .DESCRIPTION
375 | Removes an existing Metasploit server session give the session Id by unloging the user removing
376 | the temporary Token if it was created with one and removes the session from $Global:MetasploitConn.
377 | .EXAMPLE
378 | Remove-MSFServerSession -Id 1 -Verbose
379 | VERBOSE: Removing server session 1
380 | VERBOSE: Disposing of connection
381 | VERBOSE: Removing session from $Global:MetasploitConn
382 | #>
383 | function Remove-MSFServerSession
384 | {
385 | [CmdletBinding()]
386 | param(
387 |
388 | # Metasploit session Id
389 | [Parameter(Mandatory=$true,
390 | Position=0,
391 | ValueFromPipelineByPropertyName=$true)]
392 | [Alias('Index','MSSessionID')]
393 | [int32[]]$Id = @()
394 | )
395 |
396 | Begin{}
397 | Process
398 | {
399 | $connections = $Global:MetasploitConn
400 | $toremove = @()
401 |
402 | if ($Id.Count -gt 0)
403 | {
404 |
405 | foreach($i in $Id)
406 | {
407 | Write-Verbose "Removing server session $($i)"
408 |
409 | foreach($Connection in $connections)
410 | {
411 | if ($Connection.Id -eq $i)
412 | {
413 | Write-Verbose 'Disposing of connection'
414 | $Connection.Manager.Dispose()
415 | Write-Verbose "Removing session from `$Global:MetasploitConn"
416 | $toremove += $Connection
417 |
418 | }
419 | }
420 | }
421 |
422 | foreach ($conn in $toremove)
423 | {
424 | $Global:MetasploitConn.Remove($conn)
425 | }
426 | }
427 | }
428 | End{}
429 | }
430 |
431 |
432 | <#
433 | .Synopsis
434 | Get the Core Version information for a given Metasploit session
435 | .DESCRIPTION
436 | Get the Core Version information for a given Metasploit session. Gets the Metasploit version,
437 | Ruby version and API version being used.
438 | .EXAMPLE
439 | Get-MSFCoreInfo -Id 0
440 |
441 |
442 | version : 4.8.0-dev
443 | ruby : 1.9.3 x86_64-darwin12.4.0 2013-06-27
444 | api : 1.0
445 | MSHost : 192.168.1.104
446 | MSSessionID : 0
447 | #>
448 | function Get-MSFCoreInfo
449 | {
450 | [CmdletBinding(DefaultParameterSetName = 'Index')]
451 | param(
452 |
453 | # Metasploit session Id
454 | [Parameter(Mandatory=$true,
455 | ParameterSetName = 'Index',
456 | Position=0)]
457 | [Alias('Index','MSSessionID')]
458 | [int32]$Id,
459 |
460 | # Metasploit session object
461 | [Parameter(Mandatory=$true,
462 | ParameterSetName = 'Session',
463 | ValueFromPipeline=$true,
464 | Position=0)]
465 | [psobject]$Session
466 | )
467 | BEGIN{}
468 | PROCESS
469 | {
470 | if ($Id -ge 0)
471 | {
472 | foreach($conn in $Global:MetasploitConn)
473 | {
474 | if ($conn.Id -eq $Id)
475 | {
476 | $MSession = $conn
477 | }
478 | }
479 | }
480 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
481 | {
482 | if ($Global:MetasploitConn.Contains($Session))
483 | {
484 | $MSession = $Session
485 | }
486 | else
487 | {
488 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
489 | }
490 | }
491 | else
492 | {
493 | throw 'No Metasploit server session was provided'
494 | }
495 |
496 | if ($MSession -eq $null)
497 | {
498 | throw 'Specified session was not found'
499 | }
500 |
501 | $request_reply = $MSession.Manager.GetCoreVersionInformation()
502 |
503 | if ($request_reply.ContainsKey('error_code'))
504 | {
505 | if ($request_reply.error_code -eq 401)
506 | {
507 | write-verbose 'The session has expired, Re-authenticating'
508 |
509 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
510 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
511 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
512 | if ($msfsess)
513 | {
514 | Write-Verbose 'Authentication successful.'
515 | # Select the correct session manager for the existing session
516 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
517 | {
518 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
519 | }
520 | else
521 | {
522 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
523 | }
524 |
525 | # Build the session object
526 | $SessionProps.Add('Manager',$msfmng)
527 | $SessionProps.Add('URI',$MSession.URI)
528 | $SessionProps.add('Host',$MSession.host)
529 | $SessionProps.add('Session',$msfsess)
530 | $SessionProps.Add('Credentials',$MSession.Credentials)
531 | $SessionProps.Add('Id', $MSession.Id)
532 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
533 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
534 |
535 | # Update the session with the new information
536 | Write-Verbose 'Updating session with new authentication token'
537 | [void]$Global:MetasploitConn.Remove($MSession)
538 | [void]$Global:MetasploitConn.Add($sessionobj)
539 |
540 | # Get again the information
541 | $request_reply = $sessionobj.Manager.GetCoreVersionInformation()
542 | $request_reply.add('MSHost', $MSession.Host)
543 | $request_reply.add('MSSessionID', $Id)
544 | $versionobj = New-Object -TypeName psobject -Property $request_reply
545 | $versionobj.pstypenames[0] = 'Metasploit.VersionInfo'
546 | $versionobj
547 | }
548 | }
549 | else
550 | {
551 | Write-Error -Message "$($request_reply.error_message)"
552 | }
553 | }
554 | elseif ($request_reply.ContainsKey('error_message'))
555 | {
556 | Write-Error -Message "$($request_reply.error_message)"
557 | }
558 | else
559 | {
560 | $request_reply.add('MSHost', $MSession.Host)
561 | $request_reply.add('MSSessionID', $Id)
562 | $versionobj = New-Object -TypeName psobject -Property $request_reply
563 | $versionobj.pstypenames[0] = 'Metasploit.VersionInfo'
564 | $versionobj
565 | }
566 | }
567 | }
568 |
569 |
570 | <#
571 | .Synopsis
572 | Gets existing Authentication Token for a given Metasploit session.
573 | .DESCRIPTION
574 | Gets existing Authentication Token from memory or the database for a given Metasploit session.
575 | .EXAMPLE
576 | Get-MSFAuthToken -Id 0 | fl *
577 |
578 |
579 | Token : TEMP2996258342382165380499920035
580 | MSHost : 192.168.1.104
581 | MSSessionID : 0
582 | #>
583 | function Get-MSFAuthToken
584 | {
585 | [CmdletBinding(DefaultParameterSetName = 'Index')]
586 | param(
587 |
588 | # Metasploit session Id
589 | [Parameter(Mandatory=$true,
590 | ParameterSetName = 'Index',
591 | Position = 0)]
592 | [Alias('Index','MSSessionID')]
593 | [int32]$Id,
594 |
595 | # Metasploit session object
596 | [Parameter(Mandatory=$true,
597 | ParameterSetName = 'Session',
598 | ValueFromPipeline = $true,
599 | Position=0)]
600 | [psobject]$Session
601 | )
602 | BEGIN{}
603 | PROCESS
604 | {
605 | if ($Id -ge 0)
606 | {
607 | foreach($conn in $Global:MetasploitConn)
608 | {
609 | if ($conn.Id -eq $Id)
610 | {
611 | $MSession = $conn
612 | }
613 | }
614 | }
615 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
616 | {
617 | if ($Global:MetasploitConn.Contains($Session))
618 | {
619 | $MSession = $Session
620 | }
621 | else
622 | {
623 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
624 | }
625 | }
626 | else
627 | {
628 | throw 'No Metasploit server session was provided'
629 | }
630 |
631 | if ($MSession -eq $null)
632 | {
633 | throw 'Specified session was not found'
634 | }
635 |
636 | $request_reply = $MSession.Session.Execute('auth.token_list')
637 |
638 | if ($request_reply.ContainsKey('error_code'))
639 | {
640 | if ($request_reply.error_code -eq 401)
641 | {
642 | write-verbose 'The session has expired, Re-authenticating'
643 |
644 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
645 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
646 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
647 | if ($msfsess)
648 | {
649 | Write-Verbose 'Authentication successful.'
650 | # Select the correct session manager for the existing session
651 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
652 | {
653 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
654 | }
655 | else
656 | {
657 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
658 | }
659 |
660 | # Build the session object
661 | $SessionProps.Add('Manager',$msfmng)
662 | $SessionProps.Add('URI',$MSession.URI)
663 | $SessionProps.add('Host',$MSession.host)
664 | $SessionProps.add('Session',$msfsess)
665 | $SessionProps.Add('Credentials',$MSession.Credentials)
666 | $SessionProps.Add('Id', $MSession.Id)
667 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
668 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
669 |
670 | # Update the session with the new information
671 | Write-Verbose 'Updating session with new authentication token'
672 | [void]$Global:MetasploitConn.Remove($MSession)
673 | [void]$Global:MetasploitConn.Add($sessionobj)
674 |
675 | # Get again the information
676 | $request_reply = $sessionobj.Session.Execute('auth.token_list')
677 | foreach ($tkn in $request_reply['tokens'])
678 | {
679 | $tokenprops = @{}
680 | $tokenprops.add('MSHost', $MSession.Host)
681 | $tokenprops.add('MSSessionID', $Id)
682 | $tokenprops.add('Token', $tkn)
683 | $tokenobj = New-Object -TypeName psobject -Property $tokenprops
684 | $tokenobj.pstypenames[0] = 'Metasploit.Token'
685 | $tokenobj
686 | }
687 | }
688 | }
689 | else
690 | {
691 | Write-Error -Message "$($request_reply.error_message)"
692 | }
693 | }
694 | elseif ($request_reply.ContainsKey('error_message'))
695 | {
696 | Write-Error -Message "$($request_reply.error_message)"
697 | }
698 | else
699 | {
700 | foreach ($tkn in $request_reply['tokens'])
701 | {
702 | $tokenprops = @{}
703 | $tokenprops.add('MSHost', $MSession.Host)
704 | $tokenprops.add('MSSessionID', $Id)
705 | $tokenprops.add('Token', $tkn)
706 | $tokenobj = New-Object -TypeName psobject -Property $tokenprops
707 | $tokenobj.pstypenames[0] = 'Metasploit.Token'
708 | $tokenobj
709 | }
710 | }
711 | }
712 | }
713 |
714 |
715 | <#
716 | .Synopsis
717 | Genetates a new permanent Metasploit authentication token.
718 | .DESCRIPTION
719 | Genetates a new permanent Metasploit authentication token and if a database is
720 | connected it saves the token to the database.
721 | .EXAMPLE
722 | New-MSFAuthToken -Id 0
723 |
724 |
725 | result : success
726 | token : TEMP5453191165387926134603279826
727 | MSHost : 192.168.1.104
728 | MSSessionID : 0
729 | #>
730 | function New-MSFAuthToken
731 | {
732 | [CmdletBinding(DefaultParameterSetName = 'Index')]
733 | param(
734 |
735 | # Metasploit session Id.
736 | [Parameter(Mandatory=$true,
737 | ParameterSetName = 'Index',
738 | Position=0)]
739 | [Alias('Index','MSSessionID')]
740 | [int32]$Id,
741 |
742 | # Metasploit session object.
743 | [Parameter(Mandatory=$true,
744 | ParameterSetName = 'Session',
745 | ValueFromPipeline=$true,
746 | Position=0)]
747 | [psobject]$Session,
748 |
749 | # Set the newly created token to the Metasploit session.
750 | [Parameter(Mandatory=$false)]
751 | [switch]$SetSession
752 |
753 | )
754 | BEGIN{}
755 | PROCESS
756 | {
757 | if ($Id -ge 0)
758 | {
759 | foreach($conn in $Global:MetasploitConn)
760 | {
761 | if ($conn.Id -eq $Id)
762 | {
763 | $MSession = $conn
764 | }
765 | }
766 | }
767 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
768 | {
769 | if ($Global:MetasploitConn.Contains($Session))
770 | {
771 | $MSession = $Session
772 | }
773 | else
774 | {
775 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
776 | }
777 | }
778 | else
779 | {
780 | throw 'No Metasploit server session was provided'
781 | }
782 |
783 | if ($MSession -eq $null)
784 | {
785 | throw 'Specified session was not found'
786 | }
787 |
788 | $request_reply = $MSession.Session.Execute('auth.token_generate')
789 |
790 | if ($request_reply.ContainsKey('error_code'))
791 | {
792 | if ($request_reply.error_code -eq 401)
793 | {
794 | write-verbose 'The session has expired, Re-authenticating'
795 |
796 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
797 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
798 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
799 | if ($msfsess)
800 | {
801 | Write-Verbose 'Authentication successful.'
802 | # Select the correct session manager for the existing session
803 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
804 | {
805 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
806 | }
807 | else
808 | {
809 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
810 | }
811 |
812 | # Build the session object
813 | $SessionProps.Add('Manager',$msfmng)
814 | $SessionProps.Add('URI',$MSession.URI)
815 | $SessionProps.add('Host',$MSession.host)
816 | $SessionProps.add('Session',$msfsess)
817 | $SessionProps.Add('Credentials',$MSession.Credentials)
818 | $SessionProps.Add('Id', $MSession.Id)
819 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
820 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
821 |
822 | # Update the session with the new information
823 | Write-Verbose 'Updating session with new authentication token'
824 | [void]$Global:MetasploitConn.Remove($MSession)
825 | [void]$Global:MetasploitConn.Add($sessionobj)
826 |
827 | # Get again the information
828 | $request_reply = $sessionobj.Session.Execute('auth.token_generate')
829 | if ($request_reply.containskey('token'))
830 | {
831 | $request_reply.add('MSHost', $MSession.Host)
832 | $request_reply.add('MSSessionID', $Id)
833 | $tokenobj = New-Object -TypeName psobject -Property $request_reply
834 | $tokenobj.pstypenames[0] = 'Metasploit.Token'
835 | $tokenobj
836 | }
837 | }
838 | }
839 | else
840 | {
841 | Write-Error -Message "$($request_reply.error_message)"
842 | }
843 | }
844 | elseif ($request_reply.ContainsKey('error_message'))
845 | {
846 | Write-Error -Message "$($request_reply.error_message)"
847 | }
848 | else
849 | {
850 | if ($request_reply.containskey('token'))
851 | {
852 | $request_reply.add('MSHost', $MSession.Host)
853 | $request_reply.add('MSSessionID', $Id)
854 | $tokenobj = New-Object -TypeName psobject -Property $request_reply
855 | $tokenobj.pstypenames[0] = 'Metasploit.Token'
856 | $tokenobj
857 | }
858 | }
859 |
860 | if ($SetSession)
861 | {
862 | $tempsession = $MSession
863 | $Global:MetasploitConn.Remove($MSession)
864 | Write-Verbose "Setting session at index $($MSession.index) to token $($tokenobj.Token)."
865 | $tempsession.session.token = $tokenobj.Token
866 | [void]$Global:MetasploitConn.add($tempsession)
867 | }
868 | }
869 | }
870 |
871 |
872 | <#
873 | .Synopsis
874 | Removes a known Metasploit Authentication Token from a Metasploit session.
875 | .DESCRIPTION
876 | Removes a known Metasploit Authentication Token from a Metasploit session.
877 | .EXAMPLE
878 | Remove-MSFAuthToken -Id 0 -Token TEMP5453191165387926134603279826 | fl *
879 |
880 |
881 | result : success
882 | MSHost : 192.168.1.104
883 | MSSessionID : 0
884 | #>
885 | function Remove-MSFAuthToken
886 | {
887 | [CmdletBinding(DefaultParameterSetName = 'Index')]
888 | param(
889 |
890 | # Metasploit session Id
891 | [Parameter(Mandatory=$true,
892 | ParameterSetName = 'Index',
893 | Position=0,
894 | ValueFromPipelineByPropertyName=$true)]
895 | [Alias('Index','MSSessionID')]
896 | [int32]$Id,
897 |
898 | # Metasploit session object
899 | [Parameter(Mandatory=$true,
900 | ParameterSetName = 'Session',
901 | ValueFromPipeline=$true,
902 | Position=0)]
903 | [psobject]$Session,
904 |
905 | # Existing token to remove.
906 | [Parameter(Mandatory=$true)]
907 | [ValidateScript({ $_.Length -eq 32})]
908 | [string]$Token
909 |
910 | )
911 | BEGIN {}
912 | PROCESS
913 | {
914 | if ($Id -ge 0)
915 | {
916 | foreach($conn in $Global:MetasploitConn)
917 | {
918 | if ($conn.Id -eq $Id)
919 | {
920 | $MSession = $conn
921 | }
922 | }
923 | }
924 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
925 | {
926 | if ($Global:MetasploitConn.Contains($Session))
927 | {
928 | $MSession = $Session
929 | }
930 | else
931 | {
932 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
933 | }
934 | }
935 | else
936 | {
937 | throw 'No Metasploit server session was provided'
938 | }
939 |
940 | if ($MSession -eq $null)
941 | {
942 | throw 'Specified session was not found'
943 | }
944 |
945 | if ($MSession.session.token -eq $Token)
946 | {
947 | Write-Error 'You are tying to remove the same token in use by the session.' -ErrorAction Stop
948 | }
949 | $request_reply = $MSession.Session.Execute('auth.token_remove', $Token)
950 |
951 | if ($request_reply.ContainsKey('error_code'))
952 | {
953 | if ($request_reply.error_code -eq 401)
954 | {
955 | write-verbose 'The session has expired, Re-authenticating'
956 |
957 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
958 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
959 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
960 | if ($msfsess)
961 | {
962 | Write-Verbose 'Authentication successful.'
963 | # Select the correct session manager for the existing session
964 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
965 | {
966 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
967 | }
968 | else
969 | {
970 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
971 | }
972 |
973 | # Build the session object
974 | $SessionProps.Add('Manager',$msfmng)
975 | $SessionProps.Add('URI',$MSession.URI)
976 | $SessionProps.add('Host',$MSession.host)
977 | $SessionProps.add('Session',$msfsess)
978 | $SessionProps.Add('Credentials',$MSession.Credentials)
979 | $SessionProps.Add('Id', $MSession.Id)
980 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
981 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
982 |
983 | # Update the session with the new information
984 | Write-Verbose 'Updating session with new authentication token'
985 | [void]$Global:MetasploitConn.Remove($MSession)
986 | [void]$Global:MetasploitConn.Add($sessionobj)
987 |
988 | # Get again the information
989 | $request_reply = $sessionobj.Session.Execute('auth.token_remove', $Token)
990 |
991 | if ($request_reply.ContainsKey('result'))
992 | {
993 | $request_reply.add('MSHost', $MSession.Host)
994 | $request_reply.add('MSSessionID', $Id)
995 | $actionobj = New-Object -TypeName psobject -Property $request_reply
996 | $actionobj.pstypenames[0] = 'Metasploit.Action'
997 | $actionobj
998 | }
999 | }
1000 | }
1001 | else
1002 | {
1003 | Write-Error -Message "$($request_reply.error_message)"
1004 | }
1005 | }
1006 | else
1007 | {
1008 | if ($request_reply.ContainsKey('result'))
1009 | {
1010 | $request_reply.add('MSHost', $MSession.Host)
1011 | $request_reply.add('MSSessionID', $Id)
1012 | $actionobj = New-Object -TypeName psobject -Property $request_reply
1013 | $actionobj.pstypenames[0] = 'Metasploit.Action'
1014 | $actionobj
1015 | }
1016 | }
1017 | }
1018 | }
1019 |
1020 |
1021 | <#
1022 | .Synopsis
1023 | Enumerates all current Metasploit server threads.
1024 | .DESCRIPTION
1025 | Enumerates all current Metasploit server threads including detailed information on each one of them.
1026 | #>
1027 | function Get-MSFThread
1028 | {
1029 | [CmdletBinding(DefaultParameterSetName = 'Index')]
1030 | param(
1031 |
1032 | # Metasploit session Id
1033 | [Parameter(Mandatory=$true,
1034 | ParameterSetName = 'Index',
1035 | Position=0,
1036 | ValueFromPipeline=$true,
1037 | ValueFromPipelineByPropertyName=$true)]
1038 | [Alias('Index','MSSessionID')]
1039 | [int32]$Id,
1040 |
1041 | # Metasploit session object
1042 | [Parameter(Mandatory=$true,
1043 | ParameterSetName = 'Session',
1044 | ValueFromPipeline=$true,
1045 | ValueFromPipelineByPropertyName=$true,
1046 | Position=0)]
1047 | [psobject]$Session
1048 | )
1049 | BEGIN {}
1050 | PROCESS
1051 | {
1052 | if ($Id -ge 0)
1053 | {
1054 | foreach($conn in $Global:MetasploitConn)
1055 | {
1056 | if ($conn.Id -eq $Id)
1057 | {
1058 | $MSession = $conn
1059 | }
1060 | }
1061 | }
1062 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
1063 | {
1064 | if ($Global:MetasploitConn.Contains($Session))
1065 | {
1066 | $MSession = $Session
1067 | }
1068 | else
1069 | {
1070 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
1071 | }
1072 | }
1073 | else
1074 | {
1075 | throw 'No Metasploit server session was provided'
1076 | }
1077 |
1078 | if ($MSession -eq $null)
1079 | {
1080 | throw 'Specified session was not found'
1081 | }
1082 |
1083 | $reply = $MSession.Session.Execute('core.thread_list')
1084 |
1085 | if ($reply.ContainsKey('error_code'))
1086 | {
1087 | if ($reply.error_code -eq 401)
1088 | {
1089 | write-verbose 'The session has expired, Re-authenticating'
1090 |
1091 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
1092 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
1093 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
1094 | if ($msfsess)
1095 | {
1096 | Write-Verbose 'Authentication successful.'
1097 | # Select the correct session manager for the existing session
1098 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
1099 | {
1100 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
1101 | }
1102 | else
1103 | {
1104 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
1105 | }
1106 |
1107 | # Build the session object
1108 | $SessionProps.Add('Manager',$msfmng)
1109 | $SessionProps.Add('URI',$MSession.URI)
1110 | $SessionProps.add('Host',$MSession.host)
1111 | $SessionProps.add('Session',$msfsess)
1112 | $SessionProps.Add('Credentials',$MSession.Credentials)
1113 | $SessionProps.Add('Id', $MSession.Id)
1114 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
1115 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
1116 |
1117 | # Update the session with the new information
1118 | Write-Verbose 'Updating session with new authentication token'
1119 | [void]$Global:MetasploitConn.Remove($MSession)
1120 | [void]$Global:MetasploitConn.Add($sessionobj)
1121 |
1122 | # Get again the information
1123 | $reply = $sessionobj.Session.Execute('core.thread_list')
1124 | if ($reply)
1125 | {
1126 | foreach ($ThreadID in $reply.Keys)
1127 | {
1128 | $Threadprops = [ordered]@{}
1129 | $Threadprops.Add('ThreadID',$ThreadID)
1130 | foreach ($singleprop in $reply[$ThreadID])
1131 | {
1132 | foreach ($prop in $singleprop.keys)
1133 | {
1134 | $Threadprops.Add($prop,$singleprop[$prop])
1135 | }
1136 | }
1137 | $Threadprops.Add('MSSessionID',$sessionobj.Id)
1138 | $Threadobj = New-Object -TypeName psobject -Property $Threadprops
1139 | $Threadobj.pstypenames[0] = 'Metasploit.Thread'
1140 | $Threadobj
1141 | }
1142 | }
1143 | else
1144 | {
1145 | Write-Verbose 'No session where found'
1146 | }
1147 | }
1148 | }
1149 | else
1150 | {
1151 | Write-Error -Message "$($reply.error_message)"
1152 | }
1153 | }
1154 | elseif ($request_reply.ContainsKey('error_message'))
1155 | {
1156 | Write-Error -Message "$($request_reply.error_message)"
1157 | }
1158 | else
1159 | {
1160 | if ($reply)
1161 | {
1162 | foreach ($SessionID in $reply.Keys)
1163 | {
1164 | $Threadprops = [ordered]@{}
1165 | $Threadprops.Add('ThreadID',$ThreadID)
1166 | foreach ($singleprop in $reply[$ThreadID])
1167 | {
1168 | foreach ($prop in $singleprop.keys)
1169 | {
1170 | $Threadprops.Add($prop,$singleprop[$prop])
1171 | }
1172 | }
1173 | $Threadprops.Add('MSSessionID',$Id)
1174 | $Threadobj = New-Object -TypeName psobject -Property $Threadprops
1175 | $Threadobj.pstypenames[0] = 'Metasploit.Thread'
1176 | $Threadobj
1177 | }
1178 | }
1179 | else
1180 | {
1181 | Write-Verbose 'No session where found'
1182 | }
1183 | }
1184 | }
1185 | }
1186 |
1187 |
1188 | <#
1189 | .Synopsis
1190 | Terminates a current thread in the Metasploit server.
1191 | .DESCRIPTION
1192 | Terminates a current thread in the Metasploit server given the ThreadID.
1193 | #>
1194 | function Remove-MSFThread
1195 | {
1196 | [CmdletBinding(DefaultParameterSetName = 'Index')]
1197 | param(
1198 |
1199 | # Metasploit session Id
1200 | [Parameter(Mandatory=$true,
1201 | ParameterSetName = 'Index',
1202 | Position=0,
1203 | ValueFromPipeline=$true,
1204 | ValueFromPipelineByPropertyName=$true)]
1205 | [Alias('Index','MSSessionID')]
1206 | [int32]$Id,
1207 |
1208 | # Metasploit session object
1209 | [Parameter(Mandatory=$true,
1210 | ParameterSetName = 'Session',
1211 | ValueFromPipeline=$true,
1212 | ValueFromPipelineByPropertyName=$true,
1213 | Position=0)]
1214 | [psobject]$Session,
1215 |
1216 | [Parameter(Mandatory=$true,
1217 | ValueFromPipelineByPropertyName=$true,
1218 | Position=1)]
1219 | [Int]$ThreadId
1220 | )
1221 | BEGIN {}
1222 | PROCESS
1223 | {
1224 | if ($Id -ge 0)
1225 | {
1226 | foreach($conn in $Global:MetasploitConn)
1227 | {
1228 | if ($conn.Id -eq $Id)
1229 | {
1230 | $MSession = $conn
1231 | }
1232 | }
1233 | }
1234 | elseif ($Session -ne $null -and $Session.pstypenames[0] -eq 'Metasploit.Session')
1235 | {
1236 | if ($Global:MetasploitConn.Contains($Session))
1237 | {
1238 | $MSession = $Session
1239 | }
1240 | else
1241 | {
1242 | throw "The session object that was passed does not exists in `$Global:MetasploitConn"
1243 | }
1244 | }
1245 | else
1246 | {
1247 | throw 'No Metasploit server session was provided'
1248 | }
1249 |
1250 | if ($MSession -eq $null)
1251 | {
1252 | throw 'Specified session was not found'
1253 | }
1254 |
1255 | $reply = $MSession.Session.Execute('core.thread_list')
1256 | if ($reply.ContainsKey('error_code'))
1257 | {
1258 | if ($reply.error_code -eq 401)
1259 | {
1260 | write-verbose 'The session has expired, Re-authenticating'
1261 |
1262 | $SessionProps = New-Object System.Collections.Specialized.OrderedDictionary
1263 | $sessparams = $MSession.Credentials.GetNetworkCredential().UserName,$MSession.Credentials.GetNetworkCredential().Password,$MSession.URI
1264 | $msfsess = New-Object metasploitsharp.MetasploitSession -ArgumentList $sessparams
1265 | if ($msfsess)
1266 | {
1267 | Write-Verbose 'Authentication successful.'
1268 | # Select the correct session manager for the existing session
1269 | if ($MSession.Manager.GetType().tostring() -eq 'metasploitsharp.MetasploitManager')
1270 | {
1271 | $msfmng = New-Object metasploitsharp.MetasploitManager -ArgumentList $msfsess
1272 | }
1273 | else
1274 | {
1275 | $msfmng = New-Object metasploitsharp.MetasploitProManager -ArgumentList $msfsess
1276 | }
1277 |
1278 | # Build the session object
1279 | $SessionProps.Add('Manager',$msfmng)
1280 | $SessionProps.Add('URI',$MSession.URI)
1281 | $SessionProps.add('Host',$MSession.host)
1282 | $SessionProps.add('Session',$msfsess)
1283 | $SessionProps.Add('Credentials',$MSession.Credentials)
1284 | $SessionProps.Add('Id', $MSession.Id)
1285 | $sessionobj = New-Object -TypeName psobject -Property $SessionProps
1286 | $sessionobj.pstypenames[0] = 'Metasploit.Session'
1287 |
1288 | # Update the session with the new information
1289 | Write-Verbose 'Updating session with new authentication token'
1290 | [void]$Global:MetasploitConn.Remove($MSession)
1291 | [void]$Global:MetasploitConn.Add($sessionobj)
1292 |
1293 | # Get again the information
1294 | $reply = $sessionobj.Session.Execute('core.thread_list')
1295 | $present = $false
1296 | foreach ($currentthread in $reply.keys)
1297 | {
1298 | if ($currentthread -eq $ThreadId)
1299 | {
1300 | $present = $true
1301 | }
1302 | }
1303 | if (!($present))
1304 | {
1305 | Write-Warning "A thread with ID $($ThreadId) is not present."
1306 | return
1307 | }
1308 |
1309 |
1310 | $request_reply = $sessionobj.Session.Execute('core.thread_kill', $ThreadId)
1311 | if ($request_reply.ContainsKey('result'))
1312 | {
1313 | $request_reply.add('MSHost', $MSession.Host)
1314 | $request_reply.Add('MSSessionID',$Id)
1315 | $connectobj = New-Object -TypeName psobject -Property $request_reply
1316 | $connectobj.pstypenames[0] = 'Metasploit.Action'
1317 | $connectobj
1318 | }
1319 | }
1320 | }
1321 | else
1322 | {
1323 | Write-Error -Message "$($reply.error_message)"
1324 | }
1325 | }
1326 | elseif ($request_reply.ContainsKey('error_message'))
1327 | {
1328 | Write-Error -Message "$($request_reply.error_message)"
1329 | }
1330 | else
1331 | {
1332 | $present = $false
1333 | foreach ($currentthread in $reply.keys)
1334 | {
1335 | if ($currentthread -eq $ThreadId)
1336 | {
1337 | $present = $true
1338 | }
1339 | }
1340 | if (!($present))
1341 | {
1342 | Write-Warning "A thread with ID $($ThreadId) is not present."
1343 | return
1344 | }
1345 |
1346 | $request_reply = $MSession.Session.Execute('core.thread_kill', $ThreadId)
1347 | if ($request_reply.ContainsKey('result'))
1348 | {
1349 | $request_reply.add('MSHost', $MSession.Host)
1350 | $request_reply.Add('MSSessionID',$Id)
1351 | $connectobj = New-Object -TypeName psobject -Property $request_reply
1352 | $connectobj.pstypenames[0] = 'Metasploit.Action'
1353 | $connectobj
1354 | }
1355 | }
1356 | }
1357 | }
1358 |
1359 | function Get-PoshMSFersion
1360 | {
1361 | [CmdletBinding()]
1362 | [OutputType([pscustomobject])]
1363 | Param()
1364 | Begin
1365 | {
1366 | $currentversion = ''
1367 | $installed = Get-Module -Name 'Posh-Metasploit'
1368 | }
1369 | Process
1370 | {
1371 | $webClient = New-Object System.Net.WebClient
1372 | Try
1373 | {
1374 | $current = Invoke-Expression $webClient.DownloadString('https://raw.github.com/darkoperator/Posh-Metasploit/master/Posh-Metasploit.psd1')
1375 | $currentversion = $current.moduleversion
1376 | }
1377 | Catch
1378 | {
1379 | Write-Warning 'Could not retrieve the current version.'
1380 | }
1381 | $majorver,$minorver = $currentversion.split('.')
1382 |
1383 | if ($majorver -gt $installed.Version.Major)
1384 | {
1385 | Write-Warning 'You are running an outdated version of the module.'
1386 | }
1387 | elseif ($minorver -gt $installed.Version.Minor)
1388 | {
1389 | Write-Warning 'You are running an outdated version of the module.'
1390 | }
1391 |
1392 | $props = @{
1393 | InstalledVersion = "$($installed.Version)"
1394 | CurrentVersion = $currentversion
1395 | }
1396 | New-Object -TypeName psobject -Property $props
1397 | }
1398 | End{}
1399 | }
--------------------------------------------------------------------------------