metasploit-framework/modules/auxiliary/admin/smb/check_dir_file.rb

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


require 'msf/core'


class Metasploit3 < Msf::Auxiliary

  # Exploit mixins should be called first
  include Msf::Exploit::Remote::SMB
  include Msf::Exploit::Remote::SMB::Authenticated
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  # Aliases for common classes
  SIMPLE = Rex::Proto::SMB::SimpleClient
  XCEPT  = Rex::Proto::SMB::Exceptions
  CONST  = Rex::Proto::SMB::Constants


  def initialize
    super(
      'Name'        => 'SMB Scanner Check File/Directory Utility',
      'Description' => %Q{
        This module is useful when checking an entire network
        of SMB hosts for the presence of a known file or directory.
        An example would be to scan all systems for the presence of
        antivirus or known malware outbreak. Typically you must set
        RPATH, SMBUser, SMBDomain and SMBPass to operate correctly.
      },
      'Author'      =>
        [
          'patrick',
          'j0hn__f'
        ],
      'References'  =>
        [
        ],
      'License'     => MSF_LICENSE
    )

    register_options([
      OptString.new('SMBSHARE', [true, 'The name of an accessible share on the server', 'C$']),
      OptString.new('RPATH', [true, 'The name of the remote file/directory relative to the share'])
    ], self.class)

  end

  def check_path(path)
    begin
      if (fd = simple.open("\\#{path}", 'o')) # mode is open only - do not create/append/write etc
        print_good("File FOUND: \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path}")
        fd.close
      end
    rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e
      case e.get_error(e.error_code)
      when "STATUS_FILE_IS_A_DIRECTORY"
        print_good("Directory FOUND: \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path}")
      when "STATUS_OBJECT_NAME_NOT_FOUND"
        vprint_error("Object \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path} NOT found!")
      when "STATUS_OBJECT_PATH_NOT_FOUND"
        vprint_error("Object PATH \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path} NOT found!")
      when "STATUS_ACCESS_DENIED"
        vprint_error("Host #{rhost} reports access denied.")
      when "STATUS_BAD_NETWORK_NAME"
        vprint_error("Host #{rhost} is NOT connected to #{datastore['SMBDomain']}!")
      when "STATUS_INSUFF_SERVER_RESOURCES"
        vprint_error("Host #{rhost} rejected with insufficient resources!")
      when "STATUS_OBJECT_NAME_INVALID"
        vprint_error("opeining \\#{path} bad filename")
      else
        raise e
      end
    end
  end

  def run_host(ip)
    vprint_status("Connecting to the server...")

    begin
      connect
      smb_login

      vprint_status("Mounting the remote share \\\\#{datastore['RHOST']}\\#{datastore['SMBSHARE']}'...")
      self.simple.connect("\\\\#{rhost}\\#{datastore['SMBSHARE']}")
      vprint_status("Checking for file/folder #{datastore['RPATH']}...")

      datastore['RPATH'].each_line do |path|
        check_path(path.chomp)
      end #end do
    rescue ::Rex::HostUnreachable
      vprint_error("Host #{rhost} offline.")
    rescue ::Rex::Proto::SMB::Exceptions::LoginError
      print_error("Host #{rhost} login error.")
    rescue ::Rex::ConnectionRefused
      print_error "Host #{rhost} unable to connect - connection refused"
    rescue ::Rex::Proto::SMB::Exceptions::ErrorCode
      print_error "Host #{rhost} unable to connect to share #{datastore['SMBSHARE']}"
    end # end begin
  end # end def
end