RE: [NSE] metasploit-info

["HD Moore" <hdm () digitaloffense net>]

Linux/Windows is all we officially support for the commercial install, but
msfrpcd will run on iPads, BSD, OS X, etc.

Theoretically we can disable command passthrough on shells (Defang), but it
would be fairly pointless:
1) Modules can take file:/paths for String option names
2) Modules can be loaded through an API call (for a user able to put code in
the local fs)
3) Console output can be spooled to any writeable file
4) RPC access == root is an easy security concept 

-HD

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Aleksandar Nikolic
Sent: Saturday, July 07, 2012 10:25 AM
To: Nmap Dev
Subject: [NSE] metasploit-info

Hi all,

here's a post auth info gathering script that uses metasploit rpc service.
It requires valid username and password of course. What it does is:
1) Login to get auth token
2) Get metasploit version to deduce if we are on linux or windows (if
you can supply me with other version info I'd gladly add it).
3) Create new console
4) Execute the command (systeminfo on windows, uname -a and id on linux)
5) Read the result
6) Optionally, execute user supplied command
7) Close the console

If anybody want's to test it, it's attached.

Please share your comments and ideas.

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/