infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make enumeration of each individual AV optional

bug/bundler_fix
Jon Hart 2015-12-03 16:07:49 -08:00
parent c007fffbce
commit 28ee056c32
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 39 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
modules/post/windows/gather/enum_av_excluded.rb
View File

@ -16,11 +16,22 @@ class Metasploit3 < Msf::Post
'Name' => 'Windows Antivirus Excluded Locations Enumeration', 'Name' => 'Windows Antivirus Excluded Locations Enumeration',
'Description' => 'This module will enumerate all excluded directories within supported AV products', 'Description' => 'This module will enumerate all excluded directories within supported AV products',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Andrew Smith'], 'Author' => [
'Andrew Smith', # original metasploit module
'Jon Hart <jon_hart[at]rapid7.com>' # improved metasploit module
],
'Platform' => [ 'win' ], 'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ] 'SessionTypes' => [ 'meterpreter' ]
) )
) )
register_options(
[
OptBool.new('DEFENDER', [true, 'Enumerate exclusions for Microsoft Defener', true]),
OptBool.new('ESSENTIALS', [true, 'Enumerate exclusions for Microsoft Security Essentials', true]),
OptBool.new('SEP', [true, 'Enumerate exclusions for Symantec Endpoint Protection (SEP)', true])
]
)
end end
def enum_mssec def enum_mssec
@ -105,31 +116,33 @@ class Metasploit3 < Msf::Post
end end
end end
def run def setup
arch2 = sysinfo['Architecture'] unless datastore['DEFENDER'] || datastore['ESSENTIALS'] || datastore['SEP']
if arch2 =~ /WOW64/ fail_with(Failure::BadConfig, 'Must set one or more of DEFENDER, ESSENTIALS or SEP to true')
print_error "You are running this module from a 32-bit process on a 64-bit machine. Migrate to a 64-bit process and try again"
return
else
print_status("Enumerating Excluded Paths for AV on #{sysinfo['Computer']}")
if enum_sep
excluded_sep
else
nosep = true
end
if enum_mssec
excluded_mssec
else
nomssec = true
end
if enum_defender
excluded_defender
else
nodefend = true
end
if nomssec && nodefend && nosep
print_error "No supported AV identified"
end
end end
end end
def run
if sysinfo['Architecture'] =~ /WOW64/
print_error "You are running this module from a 32-bit process on a 64-bit machine. Migrate to a 64-bit process and try again"
return
end
print_status("Enumerating Excluded Paths for AV on #{sysinfo['Computer']}")
found = false
if datastore['DEFENDER'] && enum_defender
found = true
excluded_defender
end
if datastore['ESSENTIALS'] && enum_mssec
found = true
excluded_mssec
end
if datastore['SEP'] && enum_sep
found = true
excluded_sep
end
print_error "No supported AV identified" unless found
end
end end