metasploit-framework/modules/auxiliary/scanner/winrm/winrm_wql.rb

69 lines
1.9 KiB
Ruby
Raw Normal View History

2012-10-30 14:13:55 +00:00
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
2012-10-30 14:13:55 +00:00
##
require 'msf/core'
require 'rex/proto/ntlm/message'
class Metasploit3 < Msf::Auxiliary
2013-08-30 21:28:54 +00:00
include Msf::Exploit::Remote::WinRM
include Msf::Auxiliary::Report
2012-10-30 14:13:55 +00:00
2013-08-30 21:28:54 +00:00
include Msf::Auxiliary::Scanner
2012-10-30 14:13:55 +00:00
2013-08-30 21:28:54 +00:00
def initialize
super(
'Name' => 'WinRM WQL Query Runner',
'Description' => %q{
This module runs WQL queries against remote WinRM Services.
Authentication is required. Currently only works with NTLM auth.
Please note in order to use this module, the 'AllowUnencrypted'
winrm option must be set.
},
'Author' => [ 'thelightcosine' ],
'License' => MSF_LICENSE
)
2012-10-30 14:13:55 +00:00
2013-08-30 21:28:54 +00:00
register_options(
[
OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
OptString.new('USERNAME', [ true, "The username to authenticate as"]),
OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
], self.class)
end
2012-10-30 14:13:55 +00:00
2013-08-30 21:28:54 +00:00
def run_host(ip)
resp = send_winrm_request(winrm_wql_msg(datastore['WQL']))
if resp.nil?
print_error "Got no reply from the server"
return
end
if resp.code == 401
print_error "Login Failure! Recheck the supplied credentials."
return
end
2012-10-30 14:13:55 +00:00
2013-08-30 21:28:54 +00:00
unless resp.code == 200
print_error "Got unexpected response from #{ip}: \n #{resp.to_s}"
return
end
resp_tbl = parse_wql_response(resp)
print_good resp_tbl.to_s
path = store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results")
print_status "Results saved to #{path}"
end
2012-10-30 14:13:55 +00:00
end
2012-10-30 14:13:55 +00:00
=begin
To set the AllowUncrypted option:
winrm set winrm/config/service @{AllowUnencrypted="true"}
=end