Metasploit Framework can be run as a service and used remotely. The main advantage of running Metasploit remotely is that you can control it with your own custom security scripts or you can control it from anywhere in the world from any device that has a terminal and supports Ruby.
The RPC API allows you to perform tasks like manage the database, interact with sessions, and run modules. There are two methods you can use start the RPC service: the msfrpcd utility and the msgrpc plugin.
To run the MSFRPCD utility,
cd into your Framework directory and run the following command:
$ ruby msfrpcd -U <USERNAME> -P <PASSWORD> -f
To use the MSGRPC plugin, you need to launch msfconsole and run the following command:
msf > load msgrpc
If all goes well, you'll see the following response, which tells you the IP address, username, and password you can use to connect to the msgrpc server:
[*] MSGRPC Service: 127.0.0.1:55552 [*] MSGRPC Username: msf [*] MSGRPC Password: abc123 [*] Successfully loaded plugin: msgrpc
To connect to the RPC service, you can use the msfrpc utility or the msfrpc-client gem.
On the client side, if your device already has Metasploit Framework, then you can use the msfrpc utility to connect to the service:
ruby msfrpc -U <USERNAME> -P <PASS> -a IP
If you don’t have Metasploit Framework, you need to have an environment that is running Ruby 2.0 or higher with rvm. To install the msfrpc-client gem and use it:
gem install msfrpc-client cd `gem env gemdir`/gems/msfrpc-client-[tab]/examples ruby ./msfrpc_irb.rb --rpc-user [USER] --rpc-pass [PASS] --rpc-port 50505 --rpc-token [API KEY] --rpc-ssl false
A successful connection looks like the following example:
[*] exec: ruby msfrpc -U **** -P **** -a ******* [*] The 'rpc' object holds the RPC client interface [*] Use rpc.call('group.command') to make RPC calls
To start Metasploit as a daemon, you need to run the msfd utility, which opens on port 55554 by default.
$ ruby msfd -a 0.0.0.0
To connect to the daemon, use netcat like the following example:
$ nc 127.0.0.1 5554
Updated 2 years ago