-1

I am trying to test a vulnerability on my router using an exploit from exploit_DB. The exploit is a Python script that requires Metasploit to run . Here's a link to the exploit

I am using Kali-Linux with Metasploit v4.17.3-dev.

What I have tried is :

  • After creating the dir, I have copied the file using cp ~/Desktop/45170.py ~/.msf4/module/exploit/windows/45170.py

  • in msfconsole reload_all

  • the exploit number on Metasploits is still the same 1795 exploits

  • then when I tried use /exploits/windows/45170 , I got this error Failed to load the module :/exploits/windows/45170

So that didn't work for me but when I try to use a .rb file it works with no problem.

I know it's a Ruby based framework but I also know that python support have been added.

I have also tried to run it directly from python using /usr/bin/env python3 ~/Desktop/45170.py

But I get this error

no module named Metasploit

Zach Valenta
  • 1,783
  • 1
  • 20
  • 35
A.ALMUSBAHI
  • 21
  • 1
  • 5

2 Answers2

1

It looks like you haven't installed Metasploit correctly. Check the instructions provided for linux and let me know if that fixed your problem.

Also, does running this example work on your Kali machine? I guess that writing an external Python module for Metasploit is what you're trying to do? If the example throws an error, please report it back. Otherwise, please post your custom code since it might contain an obvious syntax/spelling error.

If these things don't solve the problem, check the location of the Python Metasploit library on your system. Is it in your PYTHONPATH (run echo $PYTHONPATH from the command line)? Check this link for more information on the system location of Metasploit.

Daniel Schütte
  • 578
  • 1
  • 6
  • 20
  • Sorry for the misunderstanding , I am using Kali-Linux which to my understanding already comes with Metasploit pre-installed – A.ALMUSBAHI Jan 14 '19 at 18:25
  • Sorry, I didn't see that part of your question. Anyways, the error you encounter suggests that at least the Python module is not correctly installed. Maybe try re-installing metasploit? – Daniel Schütte Jan 14 '19 at 18:26
  • 1
    No problem at all, many thanks for the suggestion. I will try to do it now. – A.ALMUSBAHI Jan 14 '19 at 18:28
  • Updated my answer, please try the example I mentioned! – Daniel Schütte Jan 14 '19 at 18:35
  • 1
    Actually, I have found a python exploit already impeded in to metasploit db under "exploit/linux/smtp/haraka" and it works on msfconsole? For now I will do as you suggested and give an update. – A.ALMUSBAHI Jan 14 '19 at 19:11
  • 1
    I have done what you suggested, "apt-get autoremove metasploit-framework" then installed the nightly version "Metasploit v5.0.1-dev" still the same issue. also I have tried the example from the guide and still the same error : no module named metasploit. – A.ALMUSBAHI Jan 15 '19 at 18:48
  • When I do echo '$PYTHONPATH' I get nothing, – A.ALMUSBAHI Jan 18 '19 at 13:31
  • So THAT is probably the reason why the Python interpreter does not find the Metasploit module. Try to find the module in the file system (using the information I provided above), add the absolute path to that location to the `PYTHONPATH` and you should be good to go! – Daniel Schütte Jan 18 '19 at 17:59
  • I have added this "/usr/share/metasploit-framework/lib/msf/core/modules/external/python/metasploit" to my PYTHONPATH in ~/.bashrc file, and it shows up when I do "echo $PYTHONPATH", but my problem is still the same – A.ALMUSBAHI Jan 19 '19 at 15:56
  • Can you load the package in an interactive Python session, though? – Daniel Schütte Jan 19 '19 at 16:17
  • In an interpreter, try `import sys; print(sys.path)`, too. – Daniel Schütte Jan 19 '19 at 16:19
  • when I do `import sys` and then `print(sys.path)` I get this path `/root/ /usr/share/metasploit-framework/lib/msf/core/modules/external/python/metasploit , /usr/lib/python36.zip , /user/lib/python3/dist-packages` but when I do `from metasploit import module` I get the same error `no module named metasploit` – A.ALMUSBAHI Jan 19 '19 at 16:36
  • Ok, that's weird. Try [this one](https://stackoverflow.com/questions/14295680/cannot-import-a-python-module-that-is-definitely-installed-mechanize), though. It might be a permission error. Or you have another library with the same name installed, but I highly doubt it if your install came with base Kali Linux... – Daniel Schütte Jan 19 '19 at 23:50
  • The problem was with my `PYTHONPATH` it was `/usr/share/metasploit-framework/lib/msf/core/modules/external/python/metasploit` now I have set it to `/usr/share/metasploit-framework/lib/msf/core/modules/external/python` and I no longer have the problem `ImportError: No module named metasploit`. – A.ALMUSBAHI Jan 21 '19 at 12:15
  • many thanks for the support @Daniel Schuette , But the main problem is that I cant run the exploit mentioned in my post, I think I have to import it to the metasploit framework, I have tried every thing without luck. – A.ALMUSBAHI Jan 21 '19 at 12:18
  • At least we managed to solve the problem you described in your question. Great! Good luck with getting your exploit to work. – Daniel Schütte Jan 21 '19 at 21:16
0

Run it with python3

python3 45170.py ip address
Captain Awesome
  • 1