From 57a3a2871be62d7cd0c62bcd36f9371047c0a198 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 17 Mar 2016 23:26:12 -0500 Subject: [PATCH] remove various session manipulation hacks since session.platform should always contain an os identifier --- modules/post/multi/gather/dns_bruteforce.rb | 21 ++++------------ .../post/multi/gather/dns_reverse_lookup.rb | 23 ++++-------------- modules/post/multi/gather/dns_srv_lookup.rb | 23 ++++-------------- modules/post/multi/gather/ping_sweep.rb | 19 +++------------ modules/post/multi/gather/skype_enum.rb | 15 ++++-------- modules/post/multi/gather/wlan_geolocate.rb | 16 +------------ modules/post/multi/manage/set_wallpaper.rb | 7 +----- modules/post/osx/gather/enum_osx.rb | 24 ++++--------------- 8 files changed, 27 insertions(+), 121 deletions(-) diff --git a/modules/post/multi/gather/dns_bruteforce.rb b/modules/post/multi/gather/dns_bruteforce.rb index 041a974b74..bce3f19d58 100644 --- a/modules/post/multi/gather/dns_bruteforce.rb +++ b/modules/post/multi/gather/dns_bruteforce.rb @@ -32,23 +32,11 @@ class MetasploitModule < Msf::Post # Run Method for when run command is issued def run - domain = datastore['DOMAIN'] hostlst = datastore['NAMELIST'] a = [] print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}") - if session.type =~ /shell/ - # Only one thread possible when shell - thread_num = 1 - # Use the shell platform for selecting the command - platform = session.platform - else - # When in Meterpreter the safest thread number is 10 - thread_num = 10 - # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform - platform = session.sys.config.sysinfo['OS'] - end name_list = [] if ::File.exist?(hostlst) @@ -57,9 +45,7 @@ class MetasploitModule < Msf::Post end end - platform = session.platform - - case platform + case session.platform when /win/i cmd = "nslookup" when /solaris/i @@ -67,8 +53,9 @@ class MetasploitModule < Msf::Post else cmd = "/usr/bin/host " end - while(not name_list.nil? and not name_list.empty?) - 1.upto(thread_num) do + + while !name_list.nil? && !name_list.empty? + 1.upto session.max_threads do a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n| next if n.nil? vprint_status("Trying #{n.strip}.#{domain}") diff --git a/modules/post/multi/gather/dns_reverse_lookup.rb b/modules/post/multi/gather/dns_reverse_lookup.rb index cf0162c180..ced17b0237 100644 --- a/modules/post/multi/gather/dns_reverse_lookup.rb +++ b/modules/post/multi/gather/dns_reverse_lookup.rb @@ -44,21 +44,7 @@ class MetasploitModule < Msf::Post iplst << ipa end - if session.type =~ /shell/ - # Only one thread possible when shell - thread_num = 1 - # Use the shell platform for selecting the command - platform = session.platform - else - # When in Meterpreter the safest thread number is 10 - thread_num = 10 - # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform - platform = session.sys.config.sysinfo['OS'] - end - - platform = session.platform - - case platform + case session.platform when /win/i cmd = "nslookup" when /solaris/i @@ -66,12 +52,13 @@ class MetasploitModule < Msf::Post else cmd = "/usr/bin/host" end - while(not iplst.nil? and not iplst.empty?) - 1.upto(thread_num) do + + while !iplst.nil? && !iplst.empty? + 1.upto session.max_threads do a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add| next if ip_add.nil? r = cmd_exec(cmd, " #{ip_add}") - case platform + case session.platform when /win/ if r =~ /(Name)/ r.scan(/Name:\s*\S*\s/) do |n| diff --git a/modules/post/multi/gather/dns_srv_lookup.rb b/modules/post/multi/gather/dns_srv_lookup.rb index 4ceec2f5de..8f989e33d1 100644 --- a/modules/post/multi/gather/dns_srv_lookup.rb +++ b/modules/post/multi/gather/dns_srv_lookup.rb @@ -55,22 +55,7 @@ class MetasploitModule < Msf::Post a = [] - - if session.type =~ /shell/ - # Only one thread possible when shell - thread_num = 1 - # Use the shell platform for selecting the command - platform = session.platform - else - # When in Meterpreter the safest thread number is 10 - thread_num = 10 - # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform - platform = session.sys.config.sysinfo['OS'] - end - - platform = session.platform - - case platform + case session.platform when /win/i ns_opt = " -query=srv " cmd = "nslookup" @@ -82,13 +67,13 @@ class MetasploitModule < Msf::Post cmd = "/usr/bin/host" end - while(not srvrcd.nil? and not srvrcd.empty?) - 1.upto(thread_num) do + while !srvrcd.nil? && !srvrcd.empty? + 1.upto session.max_threads do a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv| next if srv.nil? r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}") - case platform + case session.platform when /win/ if r =~ /\s*internet\saddress\s\=\s/ nslookup_srv_consume("#{srv}#{domain}", r).each do |f| diff --git a/modules/post/multi/gather/ping_sweep.rb b/modules/post/multi/gather/ping_sweep.rb index 39feb3399d..02125ec6e0 100644 --- a/modules/post/multi/gather/ping_sweep.rb +++ b/modules/post/multi/gather/ping_sweep.rb @@ -40,21 +40,8 @@ class MetasploitModule < Msf::Post end iplst << ipa end - if session.type =~ /shell/ - # Only one thread possible when shell - thread_num = 1 - # Use the shell platform for selecting the command - platform = session.platform - else - # When in Meterpreter the safest thread number is 10 - thread_num = 10 - # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform - platform = session.sys.config.sysinfo['OS'] - end - platform = session.platform - - case platform + case session.platform when /win/i count = " -n 1 " cmd = "ping" @@ -69,10 +56,10 @@ class MetasploitModule < Msf::Post while(not iplst.nil? and not iplst.empty?) a = [] - 1.upto(thread_num) do + 1.upto session.max_threads do a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add| next if ip_add.nil? - if platform =~ /solaris/i + if session.platform =~ /solaris/i r = cmd_exec(cmd, "-n #{ip_add} 1") else r = cmd_exec(cmd, count + ip_add) diff --git a/modules/post/multi/gather/skype_enum.rb b/modules/post/multi/gather/skype_enum.rb index 578855b1f4..2f41b101f7 100644 --- a/modules/post/multi/gather/skype_enum.rb +++ b/modules/post/multi/gather/skype_enum.rb @@ -7,19 +7,12 @@ require 'msf/core' require 'rex' require 'csv' - - - - class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles - include Msf::Post::OSX::System - - def initialize(info={}) super( update_info( info, 'Name' => 'Multi Gather Skype User Data Enumeration', @@ -52,9 +45,9 @@ class MetasploitModule < Msf::Post return end - if (session.platform =~ /java/) || (session.platform =~ /osx/) - # Make sure a Java Meterpreter on anything but OSX will exit - if session.platform =~ /java/ and sysinfo['OS'] !~ /Mac OS X/ + if session.platform =~ /java/ + # Make sure that Java Meterpreter on anything but OSX will exit + if session.platform !~ /osx/ print_error("This session type and platform are not supported.") return end @@ -105,7 +98,7 @@ class MetasploitModule < Msf::Post # Download file using Meterpreter functionality and returns path in loot for the file def download_db(profile) if session.type =~ /meterpreter/ - if sysinfo['OS'] =~ /Mac OS X/ + if session.platform =~ /osx/ file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true) else file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true) diff --git a/modules/post/multi/gather/wlan_geolocate.rb b/modules/post/multi/gather/wlan_geolocate.rb index c5858ff51f..d931f4292e 100644 --- a/modules/post/multi/gather/wlan_geolocate.rb +++ b/modules/post/multi/gather/wlan_geolocate.rb @@ -108,18 +108,8 @@ class MetasploitModule < Msf::Post # Run Method for when run command is issued def run - if session.type =~ /shell/ - # Use the shell platform for selecting the command - platform = session.platform - else - # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform - platform = session.sys.config.sysinfo['OS'] - platform = 'osx' if platform =~ /darwin/i - end - - case platform + case session.platform when /win/i - listing = cmd_exec('netsh wlan show networks mode=bssid') if listing.nil? print_error("Unable to generate wireless listing.") @@ -136,7 +126,6 @@ class MetasploitModule < Msf::Post end when /osx/i - listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s') if listing.nil? print_error("Unable to generate wireless listing.") @@ -152,7 +141,6 @@ class MetasploitModule < Msf::Post end when /linux/i - listing = cmd_exec('iwlist scanning') if listing.nil? print_error("Unable to generate wireless listing.") @@ -169,7 +157,6 @@ class MetasploitModule < Msf::Post end when /solaris/i - listing = cmd_exec('dladm scan-wifi') if listing.blank? print_error("Unable to generate wireless listing.") @@ -182,7 +169,6 @@ class MetasploitModule < Msf::Post end when /bsd/i - interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq") # Printing interface as this platform requires the interface to be specified # it might not be detected correctly. diff --git a/modules/post/multi/manage/set_wallpaper.rb b/modules/post/multi/manage/set_wallpaper.rb index 0008a53ab7..c0fbd5af2f 100644 --- a/modules/post/multi/manage/set_wallpaper.rb +++ b/modules/post/multi/manage/set_wallpaper.rb @@ -71,12 +71,7 @@ class MetasploitModule < Msf::Post end def os_set_wallpaper(file) - if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i - platform = 'osx' - else - platform = session.platform - end - case platform + case session.platform when /osx/ osx_set_wallpaper(file) when /win/ diff --git a/modules/post/osx/gather/enum_osx.rb b/modules/post/osx/gather/enum_osx.rb index c4d89e9b16..5266ef606a 100644 --- a/modules/post/osx/gather/enum_osx.rb +++ b/modules/post/osx/gather/enum_osx.rb @@ -53,7 +53,6 @@ class MetasploitModule < Msf::Post #parse the dslocal plist in lion def read_ds_xml_plist(plist_content) - require "rexml/document" doc = REXML::Document.new(plist_content) @@ -132,11 +131,7 @@ class MetasploitModule < Msf::Post when /shell/ osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp end - if osx_ver =~/Server/ - return true - else - return false - end + return osx_ver =~/Server/ end # Enumerate the OS Version @@ -148,13 +143,10 @@ class MetasploitModule < Msf::Post when /shell/ osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp end - return osx_ver_num end def enum_conf(log_folder) - - session_type = session.type profile_datatypes = { 'OS' => 'SPSoftwareDataType', 'Network' => 'SPNetworkDataType', @@ -188,11 +180,11 @@ class MetasploitModule < Msf::Post profile_datatypes.each do |name, profile_datatypes| print_status("\tEnumerating #{name}") # Run commands according to the session type - if session_type =~ /meterpreter/ + if session.type =~ /meterpreter/ returned_data = cmd_exec('system_profiler', profile_datatypes) # Save data lo log folder file_local_write(log_folder+"//#{name}.txt",returned_data) - elsif session_type =~ /shell/ + elsif session.type =~ /shell/ begin returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15) # Save data lo log folder @@ -207,11 +199,11 @@ class MetasploitModule < Msf::Post print_status("\tEnumerating #{name}") # Run commands according to the session type begin - if session_type =~ /meterpreter/ + if session.type =~ /meterpreter/ command_output = cmd_exec(command[0],command[1]) # Save data lo log folder file_local_write(log_folder+"//#{name}.txt",command_output) - elsif session_type =~ /shell/ + elsif session.type =~ /shell/ command_output = cmd_exec(command[0], command[1]) # Save data lo log folder file_local_write(log_folder+"//#{name}.txt",command_output) @@ -222,9 +214,7 @@ class MetasploitModule < Msf::Post end end - def enum_accounts(log_folder,ver_num) - # Specific commands for Leopard and Snow Leopard leopard_commands = { 'Users' => ['/usr/bin/dscacheutil', '-q user'], @@ -261,13 +251,11 @@ class MetasploitModule < Msf::Post file_local_write(log_folder + "//#{name}.txt", command_output) end end - end # Method for getting SSH and GPG Keys def get_crypto_keys(log_folder) - # Run commands according to the session type if session.type =~ /shell/ @@ -349,7 +337,6 @@ class MetasploitModule < Msf::Post end end end - end end end @@ -381,7 +368,6 @@ class MetasploitModule < Msf::Post end end print_status("Screenshot Captured") - end end