metasploit-framework/modules/auxiliary/scanner/rsync/modules_list.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name'        => 'Rsync Unauthenticated List Command',
      'Description' => 'List all (listable) modules from a rsync daemon',
      'Author'      => 'ikkini',
      'References'  =>
        [
          ['URL', 'http://rsync.samba.org/ftp/rsync/rsync.html']
        ],
      'License'     => MSF_LICENSE
    )
    register_options(
      [
        Opt::RPORT(873)
      ], self.class)
  end

  def run_host(ip)
    connect
    version = sock.get_once

    return if version.blank?

    print_good("#{ip}:#{rport} - rsync #{version.strip} found")
    report_service(host: ip, port: rport, proto: 'tcp', name: 'rsync')
    report_note(
      host: ip,
      proto: 'tcp',
      port: rport,
      type: 'rsync_version',
      data: version.strip
    )

    # making sure we match the version of the server
    sock.puts("#{version}")
    # the listing command
    sock.puts("\n")
    listing = sock.get(20)
    disconnect

    return if listing.blank?

    print_good("#{ip}:#{rport} - rsync listing found")
    listing.gsub!('@RSYNCD: EXIT', '') # not interested in EXIT message
    listing_sanitized = Rex::Text.to_hex_ascii(listing.strip)

    vprint_status("#{ip}:#{rport} - #{version.rstrip} #{listing_sanitized}")
    report_note(
      host: ip,
      proto: 'tcp',
      port: rport,
      type: 'rsync_listing',
      data: listing_sanitized
    )
  end
end
List all (listable) modules from a rsync daemon 2014-07-24 20:04:00 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
List all (listable) modules from a rsync daemon 2014-07-24 20:04:00 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core'`

			`class Metasploit3 < Msf::Auxiliary`
			`include Msf::Exploit::Remote::Tcp`
			`include Msf::Auxiliary::Scanner`
			`include Msf::Auxiliary::Report`

			`def initialize`
			`super(`
			`'Name' => 'Rsync Unauthenticated List Command',`
List all (listable) modules from a rsync daemon 2014-07-24 21:26:41 +00:00			`'Description' => 'List all (listable) modules from a rsync daemon',`
			`'Author' => 'ikkini',`
Add URL reference 2014-08-28 23:47:56 +00:00			`'References' =>`
			`[`
			`['URL', 'http://rsync.samba.org/ftp/rsync/rsync.html']`
			`],`
List all (listable) modules from a rsync daemon 2014-07-24 20:04:00 +00:00			`'License' => MSF_LICENSE`
			`)`
			`register_options(`
			`[`
Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`Opt::RPORT(873)`
			`], self.class)`
List all (listable) modules from a rsync daemon 2014-07-24 20:04:00 +00:00			`end`

			`def run_host(ip)`
Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`connect`
			`version = sock.get_once`

return if no version response received 2014-10-18 22:29:36 +00:00			`return if version.blank?`

Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`print_good("#{ip}:#{rport} - rsync #{version.strip} found")`
Style cleanup for rsync modules_list 2015-10-12 16:05:01 +00:00			`report_service(host: ip, port: rport, proto: 'tcp', name: 'rsync')`
Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`report_note(`
Style cleanup for rsync modules_list 2015-10-12 16:05:01 +00:00			`host: ip,`
			`proto: 'tcp',`
			`port: rport,`
			`type: 'rsync_version',`
			`data: version.strip`
Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`)`

			`# making sure we match the version of the server`
			`sock.puts("#{version}")`
			`# the listing command`
			`sock.puts("\n")`
			`listing = sock.get(20)`
			`disconnect`

			`return if listing.blank?`

			`print_good("#{ip}:#{rport} - rsync listing found")`
			`listing.gsub!('@RSYNCD: EXIT', '') # not interested in EXIT message`
			`listing_sanitized = Rex::Text.to_hex_ascii(listing.strip)`

			`vprint_status("#{ip}:#{rport} - #{version.rstrip} #{listing_sanitized}")`
			`report_note(`
Style cleanup for rsync modules_list 2015-10-12 16:05:01 +00:00			`host: ip,`
			`proto: 'tcp',`
			`port: rport,`
			`type: 'rsync_listing',`
			`data: listing_sanitized`
Clean rsync_modules_list 2014-08-28 23:40:55 +00:00			`)`
List all (listable) modules from a rsync daemon 2014-07-24 20:04:00 +00:00			`end`
			`end`