metasploit-framework/modules/post/windows/gather/tcpnetstat.rb

98 lines
2.5 KiB
Ruby
Raw Normal View History

2012-06-28 13:17:05 +00:00
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
2012-06-28 13:17:05 +00:00
##
require 'msf/core'
require 'rex'
2012-10-23 18:24:05 +00:00
require 'msf/core/auxiliary/report'
2012-06-28 13:17:05 +00:00
2016-03-07 08:56:58 +00:00
class Metasploit < Msf::Post
2012-06-28 13:17:05 +00:00
2013-09-05 18:41:25 +00:00
include Msf::Auxiliary::Report
2012-06-28 13:17:05 +00:00
2013-09-05 18:41:25 +00:00
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Gather TCP Netstat',
'Description' => %q{ This Module lists current TCP sessions},
'License' => MSF_LICENSE,
'Author' => [ 'mubix' ],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter']
))
register_options(
[
], self.class)
end
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
def parse_tcptable(buffer)
entries = buffer[0,4].unpack("V*")[0]
print_status("Total TCP Entries: #{entries}")
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
rtable = Rex::Ui::Text::Table.new(
'Header' => 'Connection Table',
'Indent' => 2,
'Columns' => ['STATE', 'LHOST', 'LPORT', 'RHOST', 'RPORT']
)
offset = 4
(1..entries).each do
x = {}
x[:state] = case buffer[(offset + 0), 4].unpack("V*")[0]
when 1
'CLOSED'
when 2
'LISTEN'
when 3
'SYN_SENT'
when 4
'SYN_RCVD'
when 5
'ESTABLISHED'
when 6
'FIN_WAIT1'
when 7
'FIN_WAIT2'
when 8
'CLOSE_WAIT'
when 9
'CLOSING'
when 10
'LAST_ACK'
when 11
'TIME_WAIT'
when 12
'DELETE_TCB'
else
'UNDEFINED'
end
x[:lhost] = Rex::Socket.addr_itoa(buffer[(offset + 4), 4].unpack("N")[0])
x[:lport] = buffer[(offset + 8), 4].unpack("n")[0]
x[:rhost] = Rex::Socket.addr_itoa(buffer[(offset + 12), 4].unpack("N")[0])
if x[:state] == "LISTEN"
x[:rport] = "_"
else
x[:rport] = buffer[(offset + 16), 4].unpack("n")[0]
end
offset = offset + 20
rtable << [x[:state], x[:lhost], x[:lport], x[:rhost], x[:rport]]
end
print_status(rtable.to_s)
end
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
def run
session.railgun.add_function('iphlpapi', 'GetTcpTable', 'DWORD', [
['PBLOB', 'pTcpTable', 'out'],
['PDWORD', 'pdwSize', 'inout'],
['BOOL', 'bOrder', 'in']
])
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
getsize = session.railgun.iphlpapi.GetTcpTable(4,4,true)
buffersize = getsize['pdwSize']
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
print_status("TCP Table Size: #{buffersize}")
tcptable = session.railgun.iphlpapi.GetTcpTable(buffersize,buffersize,true)
2012-06-28 13:17:05 +00:00
2013-08-30 21:28:54 +00:00
parse_tcptable(tcptable['pTcpTable'])
end
2012-06-28 13:17:05 +00:00
end