Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2. Controlling Metasploit<br />
Hello Metasploit<br />
Our first <strong>Cortana</strong> script will register an event, print out some Metasploit statistics, and quit.<br />
on ready {<br />
println("Hello Metasploit!");<br />
println("Hosts: " . size(hosts());<br />
println("Sessions: " . size(sessions());<br />
println("Services: " . size(services());<br />
println("Credentials: " . size(credentials());<br />
quit();<br />
}<br />
This script registers a listener for the ready event. Registering an event is like declaring a<br />
function. The difference is, events use the on keyword instead of sub. You may declare as<br />
many listeners for an event as you like. <strong>Cortana</strong> will execute all of them when the event<br />
fires.<br />
The ready event fires once in the life of a script. It fires after <strong>Cortana</strong> first synchronizes<br />
hosts, sessions, services, loots, and routes from the database.<br />
The code enclosed in two curly braces is the event handler. This handler executes when the<br />
ready event fires. This code will query Metasploit's hosts, sessions, and services using<br />
<strong>Cortana</strong> functions. We use the &size function to find out how many hosts, sessions, and<br />
services are known.<br />
Once we're done we call &quit. <strong>Cortana</strong> is an event driven language. Because of this,<br />
<strong>Cortana</strong> will not quit until we tell it to. If multiple scripts exist in a <strong>Cortana</strong> container,<br />
<strong>Cortana</strong> will not exit until all scripts have called &quit.<br />
Scripts may fire their own events with the &fire_event function. This function will trigger<br />
event handlers inside the current <strong>Cortana</strong> container. Use &fire_event_local.<br />
to isolate an event to the current script.<br />
Metasploit Consoles<br />
One of the most common use cases for controlling Metasploit is to send commands to<br />
Metasploit and have it execute them.<br />
You can do this from <strong>Cortana</strong> with the &cmd_async function.<br />
cmd_async("db_status");<br />
This function accepts any Metasploit command, exactly as you would type it. It then<br />
executes the command. To see the output of the command, use a console_* event. This<br />
event fires when the command you're interested in completes. To catch the output of the<br />
db_status command, use:<br />
11