metasploit-framework/modules/post/windows/gather/enum_services.rb

114 lines
3.2 KiB
Ruby
Raw Normal View History

##
# $Id:
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/windows/services'
#define the appropriate class
class Metasploit3 < Msf::Post
#set your includes
include Msf::Post::Windows::WindowsServices
def initialize(info={})
super(update_info(info,
'Name' => "Windows Gather Service Info Enumeration",
'Description' => %q{
This module will query the system for services and display name and configuration
info for each returned service, if VERBOSE is set to false you will just see the
service name. It allows you to optionally search the credentials, path, or start
type for a string and only return the results that match. These query operations
are cumulative and if no query strings are specified, it just returns all services.
NOTE: If the script hangs, windows firewall is most likely on and you did not
migrate to a safe process (explorer.exe for example).
},
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Platform' => ['windows'],
'SessionTypes' => ['meterpreter'],
'Author' => ['Keith Faber', 'Kx499']
))
register_options(
[
OptString.new('CRED', [ false, 'String to search credentials for' ]),
OptString.new('PATH', [ false, 'String to search path for' ]),
OptEnum.new('TYPE', [false, 'Service startup Option', 'All',
[
'All',
'Auto',
'Manual',
'Disabled'
]]),
], self.class)
end
def run
# set vars
qcred = datastore["CRED"] || nil
qpath = datastore["PATH"] || nil
if datastore["TYPE"] == "All"
qtype = nil
else
qtype = datastore["TYPE"]
end
if qcred
print_status("Credential Filter: " + qcred)
end
if qpath
print_status("Executable Path Filter: " + qpath)
end
if qtype
print_status("Start Type Filter: " + qtype)
end
print_status("Listing Service Info for matching services:")
service_list.each do |sname|
srv_conf = {}
isgood = true
#make sure we got a service name
if sname
begin
srv_conf = service_info(sname)
#filter service based on filters passed, the are cumulative
if qcred and ! srv_conf['Credentials'].downcase.include? qcred.downcase
isgood = false
end
if qpath and ! srv_conf['Command'].downcase.include? qpath.downcase
isgood = false
end
if qtype and ! srv_conf['Startup'].downcase.include? qtype.downcase
isgood = false
end
#if we are still good return the info
if isgood
vprint_status("\tName: #{sname}")
vprint_good("\t\tStartup: #{srv_conf['Startup']}")
vprint_good("\t\tCommand: #{srv_conf['Command']}")
vprint_good("\t\tCredentials: #{srv_conf['Credentials']}")
end
rescue
print_error("An error occured enumerating service: #{sname}")
end
elsif sname
print_good("\tName: #{sname}")
else
print_error("Problem enumerating services")
end
end
end
end