Closed vladimircape closed 1 year ago
but is it possible to do this without starting console or smth else. I need it automatically not manual i tried
msfrpcd -U <username> -P <username> -f
but without success
This is the correct approach and works for me (on Kali).
# ./msfrpcd -U asdf -P password
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
/usr/lib/x86_64-linux-gnu/ruby/3.1.0/stringio.so: warning: already initialized constant StringIO::VERSION
[*] MSGRPC starting on 0.0.0.0:55553 (SSL):Msg...
[*] MSGRPC backgrounding at 2023-07-05 05:31:34 -0400...
[*] MSGRPC background PID 228288
# ./msfrpc -U asdf -P password -a 127.0.0.1
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
/usr/lib/x86_64-linux-gnu/ruby/3.1.0/stringio.so: warning: already initialized constant StringIO::VERSION
[*] The 'rpc' object holds the RPC client interface
[*] Use rpc.call('group.command') to make RPC calls
>> rpc
=>
#<Msf::RPC::Client:0x00007fca2de26fb8
@cli=
#<Rex::Proto::Http::Client:0x00007fca2de09a80
@comm=nil,
@config=
{"agent"=>"Mozilla/5.0 (iPad; CPU OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1",
"cgi"=>true,
"cookie"=>nil,
"data"=>"",
"headers"=>nil,
"raw_headers"=>"",
"method"=>"GET",
"partial"=>false,
"path_info"=>"",
"port"=>80,
"proto"=>"HTTP",
"query"=>"",
"ssl"=>false,
"uri"=>"/",
"vars_get"=>{},
"vars_post"=>{},
"vars_form_data"=>[],
"version"=>"1.1",
"vhost"=>"127.0.0.1",
"ssl_server_name_indication"=>"127.0.0.1",
"encode_params"=>true,
"encode"=>false,
"uri_encode_mode"=>"hex-normal",
"uri_encode_count"=>1,
"uri_full_url"=>false,
"pad_method_uri_count"=>1,
"pad_uri_version_count"=>1,
"pad_method_uri_type"=>"space",
"pad_uri_version_type"=>"space",
"method_random_valid"=>false,
"method_random_invalid"=>false,
"method_random_case"=>false,
"version_random_valid"=>false,
"version_random_invalid"=>false,
"uri_dir_self_reference"=>false,
"uri_dir_fake_relative"=>false,
"uri_use_backslashes"=>false,
"pad_fake_headers"=>false,
"pad_fake_headers_count"=>16,
"pad_get_params"=>false,
"pad_get_params_count"=>8,
"pad_post_params"=>false,
"pad_post_params_count"=>8,
"uri_fake_end"=>false,
"uri_fake_params_start"=>false,
"shuffle_get_params"=>false,
"shuffle_post_params"=>false,
"header_folding"=>false,
"chunked_size"=>0,
"usentlm2_session"=>true,
"use_ntlmv2"=>true,
"send_lm"=>true,
"send_ntlm"=>true,
"SendSPN"=>true,
"UseLMKey"=>false,
"domain"=>"WORKSTATION",
"DigestAuthIIS"=>true,
"read_max_data"=>1048576,
:vhost=>"127.0.0.1",
:agent=>"Metasploit RPC Client/1.0",
:read_max_data=>536870912},
@config_types=
{"uri_encode_mode"=>["hex-normal", "hex-all", "hex-random", "hex-noslashes", "u-normal", "u-random", "u-all"],
"uri_encode_count"=>"integer",
"uri_full_url"=>"bool",
"pad_method_uri_count"=>"integer",
"pad_uri_version_count"=>"integer",
"pad_method_uri_type"=>["space", "tab", "apache"],
"pad_uri_version_type"=>["space", "tab", "apache"],
"method_random_valid"=>"bool",
"method_random_invalid"=>"bool",
"method_random_case"=>"bool",
"version_random_valid"=>"bool",
"version_random_invalid"=>"bool",
"uri_dir_self_reference"=>"bool",
"uri_dir_fake_relative"=>"bool",
"uri_use_backslashes"=>"bool",
"pad_fake_headers"=>"bool",
"pad_fake_headers_count"=>"integer",
"pad_get_params"=>"bool",
"pad_get_params_count"=>"integer",
"pad_post_params"=>"bool",
"pad_post_params_count"=>"integer",
"shuffle_get_params"=>"bool",
"shuffle_post_params"=>"bool",
"uri_fake_end"=>"bool",
"uri_fake_params_start"=>"bool",
"header_folding"=>"bool",
"chunked_size"=>"integer",
"partial"=>"bool"},
@conn=nil,
@context={},
@hostname="127.0.0.1",
@kerberos_authenticator=nil,
@ntlm_client=nil,
@password="",
@pipeline=false,
@port=55553,
@proxies=nil,
@ssl=true,
@ssl_version="TLS1.2",
@subscriber=#<Rex::Proto::Http::HttpSubscriber:0x00007fca2de0fd68>,
@username="">,
@info={:host=>"127.0.0.1", :port=>55553, :uri=>"/api/", :ssl=>true, :ssl_version=>"TLS1.2", :context=>{}},
@pass="password",
@token="TEMPOGnpFTmLPxWhJabcvUsT2MDWse9L",
@user="asdf">
>>
but is it possible to do this without starting console or smth else. I need it automatically not manual i tried
msfrpcd -U <username> -P <username> -f
but without successThis is the correct approach and works for me (on Kali).
# ./msfrpcd -U asdf -P password Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead. /usr/lib/x86_64-linux-gnu/ruby/3.1.0/stringio.so: warning: already initialized constant StringIO::VERSION [*] MSGRPC starting on 0.0.0.0:55553 (SSL):Msg... [*] MSGRPC backgrounding at 2023-07-05 05:31:34 -0400... [*] MSGRPC background PID 228288
# ./msfrpc -U asdf -P password -a 127.0.0.1 Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead. /usr/lib/x86_64-linux-gnu/ruby/3.1.0/stringio.so: warning: already initialized constant StringIO::VERSION [*] The 'rpc' object holds the RPC client interface [*] Use rpc.call('group.command') to make RPC calls >> rpc => #<Msf::RPC::Client:0x00007fca2de26fb8 @cli= #<Rex::Proto::Http::Client:0x00007fca2de09a80 @comm=nil, @config= {"agent"=>"Mozilla/5.0 (iPad; CPU OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1", "cgi"=>true, "cookie"=>nil, "data"=>"", "headers"=>nil, "raw_headers"=>"", "method"=>"GET", "partial"=>false, "path_info"=>"", "port"=>80, "proto"=>"HTTP", "query"=>"", "ssl"=>false, "uri"=>"/", "vars_get"=>{}, "vars_post"=>{}, "vars_form_data"=>[], "version"=>"1.1", "vhost"=>"127.0.0.1", "ssl_server_name_indication"=>"127.0.0.1", "encode_params"=>true, "encode"=>false, "uri_encode_mode"=>"hex-normal", "uri_encode_count"=>1, "uri_full_url"=>false, "pad_method_uri_count"=>1, "pad_uri_version_count"=>1, "pad_method_uri_type"=>"space", "pad_uri_version_type"=>"space", "method_random_valid"=>false, "method_random_invalid"=>false, "method_random_case"=>false, "version_random_valid"=>false, "version_random_invalid"=>false, "uri_dir_self_reference"=>false, "uri_dir_fake_relative"=>false, "uri_use_backslashes"=>false, "pad_fake_headers"=>false, "pad_fake_headers_count"=>16, "pad_get_params"=>false, "pad_get_params_count"=>8, "pad_post_params"=>false, "pad_post_params_count"=>8, "uri_fake_end"=>false, "uri_fake_params_start"=>false, "shuffle_get_params"=>false, "shuffle_post_params"=>false, "header_folding"=>false, "chunked_size"=>0, "usentlm2_session"=>true, "use_ntlmv2"=>true, "send_lm"=>true, "send_ntlm"=>true, "SendSPN"=>true, "UseLMKey"=>false, "domain"=>"WORKSTATION", "DigestAuthIIS"=>true, "read_max_data"=>1048576, :vhost=>"127.0.0.1", :agent=>"Metasploit RPC Client/1.0", :read_max_data=>536870912}, @config_types= {"uri_encode_mode"=>["hex-normal", "hex-all", "hex-random", "hex-noslashes", "u-normal", "u-random", "u-all"], "uri_encode_count"=>"integer", "uri_full_url"=>"bool", "pad_method_uri_count"=>"integer", "pad_uri_version_count"=>"integer", "pad_method_uri_type"=>["space", "tab", "apache"], "pad_uri_version_type"=>["space", "tab", "apache"], "method_random_valid"=>"bool", "method_random_invalid"=>"bool", "method_random_case"=>"bool", "version_random_valid"=>"bool", "version_random_invalid"=>"bool", "uri_dir_self_reference"=>"bool", "uri_dir_fake_relative"=>"bool", "uri_use_backslashes"=>"bool", "pad_fake_headers"=>"bool", "pad_fake_headers_count"=>"integer", "pad_get_params"=>"bool", "pad_get_params_count"=>"integer", "pad_post_params"=>"bool", "pad_post_params_count"=>"integer", "shuffle_get_params"=>"bool", "shuffle_post_params"=>"bool", "uri_fake_end"=>"bool", "uri_fake_params_start"=>"bool", "header_folding"=>"bool", "chunked_size"=>"integer", "partial"=>"bool"}, @conn=nil, @context={}, @hostname="127.0.0.1", @kerberos_authenticator=nil, @ntlm_client=nil, @password="", @pipeline=false, @port=55553, @proxies=nil, @ssl=true, @ssl_version="TLS1.2", @subscriber=#<Rex::Proto::Http::HttpSubscriber:0x00007fca2de0fd68>, @username="">, @info={:host=>"127.0.0.1", :port=>55553, :uri=>"/api/", :ssl=>true, :ssl_version=>"TLS1.2", :context=>{}}, @pass="password", @token="TEMPOGnpFTmLPxWhJabcvUsT2MDWse9L", @user="asdf"> >>
It's also work with me but when i tried it by python ,i got error
[!] 1/3 Retry "auth.login" call. reason: [Errno 104] Connection reset by peer
[!] 2/3 Retry "auth.login" call. reason: [Errno 104] Connection reset by peer
[!] type:<class 'ConnectionResetError'>
[!] args:(104, 'Connection reset by peer')
[!] [Errno 104] Connection reset by peer
[!] Retry count is over.
Code
# Log in to RPC Server.
def login(self, user, password):
ret = self.call('auth.login', [user, password])
try:
if ret.get(b'result') == b'success':
self.authenticated = True
self.token = ret.get(b'token')
return True
else:
self.util.print_message(FAIL, 'MsfRPC: Authentication failed.')
exit(1)
except Exception as e:
self.util.print_exception(e, 'Failed: auth.login')
exit(1)
when i directly create user from console, everythin is working
find possible such solution https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/scripting-metasploit-using-msgrpc/
Seems like you've found a workaround @vladimircape will close this issue out
Hi, i didn't find the answer for such question. I am creating Python script which by API use Metasploit, and each start of msgrpc i need to create new user,
How and is it possible to create constant user, and not create such user all the time I know that it's also possible by this
msf > load msgrpc ServerHost=192.168.1.0 ServerPort=55553 User=user Pass='pass123'
but is it possible to do this without starting console or smth else. I need it automatically not manual i tried
msfrpcd -U <username> -P <username> -f
but without success