I'm developing my first app in Node.js and I think I don't understand correctly yet how listener works, because the example that I wrote doesn't show what I thought it was going to show.
I want to use a module (msfnode) which is a metasploit RPC client, so it connects through websockets.
I made a class and the constructor has this code:
this.clientmsf = new MetasploitClient({
login : options.login || 'myLogin',
password : options.password || 'myPassword'
});
this.clientmsf.on('connected',function(err,token) {
if (err) throw err;
});
So I thought I could use the object "clientmsf" in other function of that class and it shows an error: error_message: 'Invalid Authentication Token'. THis is the code:
this.clientmsf.exec(['console.create'], function(err,r){
consoleID = r.id;
console.log(r);
});
I think I have this error because I don't know all concepts of node.js so I will be very appreciate if someone helps me.
Thank you very much.
PD. This is an example of msfnode library:
var metasploitClient = require('metasploitJSClient');
var onConnect = function(err,token) {
if (err) {
console.log(err.error_message);
process.exit(0);
}
metasploitVersion();
}
var metasploitVersion = function() {
// Do not care about token, it will automaticaly
// be added as the second arguments
// The first value of the array is the function
// you want to call. Full list is available
// in metasploit remote api documentation
var args = ['core.version'];
client.exec(args,function(err,r) {
if (err) return console.log('Error: '+err);
console.log('-> Version: '+r);
});
}
var client = new metasploitClient({
login:'myLogin',
password:'myPassword',
});
client.on('connected',onConnect);
Error:
{ error: true,
error_class: 'Msf::RPC::Exception',
error_string: 'Msf::RPC::Exception',
error_backtrace:
[ 'lib/msf/core/rpc/v10/service.rb:148:in `process\'',
'lib/msf/core/rpc/v10/service.rb:90:in `on_request_uri\'',
'lib/msf/core/rpc/v10/service.rb:72:in `block in start\'',
'lib/rex/proto/http/handler/proc.rb:38:in `call\'',
'lib/rex/proto/http/handler/proc.rb:38:in `on_request\'',
'lib/rex/proto/http/server.rb:363:in `dispatch_request\'',
'lib/rex/proto/http/server.rb:297:in `on_client_data\'',
'lib/rex/proto/http/server.rb:157:in `block in start\'',
'lib/rex/io/stream_server.rb:48:in `call\'',
'lib/rex/io/stream_server.rb:48:in `on_client_data\'',
'lib/rex/io/stream_server.rb:192:in `block in monitor_clients\'',
'lib/rex/io/stream_server.rb:190:in `each\'',
'lib/rex/io/stream_server.rb:190:in `monitor_clients\'',
'lib/rex/io/stream_server.rb:73:in `block in start\'',
'lib/rex/thread_factory.rb:22:in `call\'',
'lib/rex/thread_factory.rb:22:in `block in spawn\'',
'lib/msf/core/thread_manager.rb:100:in `call\'',
'lib/msf/core/thread_manager.rb:100:in `block in spawn\'' ],
error_message: 'Invalid Authentication Token',
error_code: 401 }
EDIT 2:
This is the code I checked:
clientmsf.on('connected',function(err,token) {
if (err) throw err;
var consoleID;
console.log('token:' + token);
// should have connected by now
clientmsf.exec(['console.list'], function(err,r){
consoleID = r;
console.log(r);
});
console.log (consoleID);
});
And this is what it shows:
token:[object Object]
undefined
{ consoles: [ { id: '0', prompt: 'msf > ', busy: false } ] }
Notice how in the sample code they do the work (metasploitVersion) only after connecting and getting a token.
var onConnect = function(err,token) {
if (err) {
console.log(err.error_message);
process.exit(0);
}
// in the connect callback here - you have a token
// only then call to do the work
metasploitVersion();
}
Try moving your 'this.clientmsf.exec' code inside the connect callback function. If you have it outside that callback, it will execute before the connect is done.
I would also recommend that you log out the token inside that callback to ensure you're connected properly.
I'm suggesting something like:
var clientmsf = new MetasploitClient({
login : options.login || 'myLogin',
password : options.password || 'myPassword'
});
clientmsf.on('connected',function(err,token) {
if (err) throw err;
console.log('token:' + token);
// should have connected by now
clientmsf.exec(['console.create'], function(err,r, token){
consoleID = r.id;
console.log(r);
});
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.