remove various session manipulation hacks since session.platform should always contain an os identifier
parent
f466464e80
commit
57a3a2871b
|
@ -32,23 +32,11 @@ class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
# Run Method for when run command is issued
|
# Run Method for when run command is issued
|
||||||
def run
|
def run
|
||||||
|
|
||||||
domain = datastore['DOMAIN']
|
domain = datastore['DOMAIN']
|
||||||
hostlst = datastore['NAMELIST']
|
hostlst = datastore['NAMELIST']
|
||||||
a = []
|
a = []
|
||||||
|
|
||||||
print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}")
|
print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}")
|
||||||
if session.type =~ /shell/
|
|
||||||
# Only one thread possible when shell
|
|
||||||
thread_num = 1
|
|
||||||
# Use the shell platform for selecting the command
|
|
||||||
platform = session.platform
|
|
||||||
else
|
|
||||||
# When in Meterpreter the safest thread number is 10
|
|
||||||
thread_num = 10
|
|
||||||
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
|
|
||||||
platform = session.sys.config.sysinfo['OS']
|
|
||||||
end
|
|
||||||
|
|
||||||
name_list = []
|
name_list = []
|
||||||
if ::File.exist?(hostlst)
|
if ::File.exist?(hostlst)
|
||||||
|
@ -57,9 +45,7 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
platform = session.platform
|
case session.platform
|
||||||
|
|
||||||
case platform
|
|
||||||
when /win/i
|
when /win/i
|
||||||
cmd = "nslookup"
|
cmd = "nslookup"
|
||||||
when /solaris/i
|
when /solaris/i
|
||||||
|
@ -67,8 +53,9 @@ class MetasploitModule < Msf::Post
|
||||||
else
|
else
|
||||||
cmd = "/usr/bin/host "
|
cmd = "/usr/bin/host "
|
||||||
end
|
end
|
||||||
while(not name_list.nil? and not name_list.empty?)
|
|
||||||
1.upto(thread_num) do
|
while !name_list.nil? && !name_list.empty?
|
||||||
|
1.upto session.max_threads do
|
||||||
a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n|
|
a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n|
|
||||||
next if n.nil?
|
next if n.nil?
|
||||||
vprint_status("Trying #{n.strip}.#{domain}")
|
vprint_status("Trying #{n.strip}.#{domain}")
|
||||||
|
|
|
@ -44,21 +44,7 @@ class MetasploitModule < Msf::Post
|
||||||
iplst << ipa
|
iplst << ipa
|
||||||
end
|
end
|
||||||
|
|
||||||
if session.type =~ /shell/
|
case session.platform
|
||||||
# Only one thread possible when shell
|
|
||||||
thread_num = 1
|
|
||||||
# Use the shell platform for selecting the command
|
|
||||||
platform = session.platform
|
|
||||||
else
|
|
||||||
# When in Meterpreter the safest thread number is 10
|
|
||||||
thread_num = 10
|
|
||||||
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
|
|
||||||
platform = session.sys.config.sysinfo['OS']
|
|
||||||
end
|
|
||||||
|
|
||||||
platform = session.platform
|
|
||||||
|
|
||||||
case platform
|
|
||||||
when /win/i
|
when /win/i
|
||||||
cmd = "nslookup"
|
cmd = "nslookup"
|
||||||
when /solaris/i
|
when /solaris/i
|
||||||
|
@ -66,12 +52,13 @@ class MetasploitModule < Msf::Post
|
||||||
else
|
else
|
||||||
cmd = "/usr/bin/host"
|
cmd = "/usr/bin/host"
|
||||||
end
|
end
|
||||||
while(not iplst.nil? and not iplst.empty?)
|
|
||||||
1.upto(thread_num) do
|
while !iplst.nil? && !iplst.empty?
|
||||||
|
1.upto session.max_threads do
|
||||||
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
|
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
|
||||||
next if ip_add.nil?
|
next if ip_add.nil?
|
||||||
r = cmd_exec(cmd, " #{ip_add}")
|
r = cmd_exec(cmd, " #{ip_add}")
|
||||||
case platform
|
case session.platform
|
||||||
when /win/
|
when /win/
|
||||||
if r =~ /(Name)/
|
if r =~ /(Name)/
|
||||||
r.scan(/Name:\s*\S*\s/) do |n|
|
r.scan(/Name:\s*\S*\s/) do |n|
|
||||||
|
|
|
@ -55,22 +55,7 @@ class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
a = []
|
a = []
|
||||||
|
|
||||||
|
case session.platform
|
||||||
if session.type =~ /shell/
|
|
||||||
# Only one thread possible when shell
|
|
||||||
thread_num = 1
|
|
||||||
# Use the shell platform for selecting the command
|
|
||||||
platform = session.platform
|
|
||||||
else
|
|
||||||
# When in Meterpreter the safest thread number is 10
|
|
||||||
thread_num = 10
|
|
||||||
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
|
|
||||||
platform = session.sys.config.sysinfo['OS']
|
|
||||||
end
|
|
||||||
|
|
||||||
platform = session.platform
|
|
||||||
|
|
||||||
case platform
|
|
||||||
when /win/i
|
when /win/i
|
||||||
ns_opt = " -query=srv "
|
ns_opt = " -query=srv "
|
||||||
cmd = "nslookup"
|
cmd = "nslookup"
|
||||||
|
@ -82,13 +67,13 @@ class MetasploitModule < Msf::Post
|
||||||
cmd = "/usr/bin/host"
|
cmd = "/usr/bin/host"
|
||||||
end
|
end
|
||||||
|
|
||||||
while(not srvrcd.nil? and not srvrcd.empty?)
|
while !srvrcd.nil? && !srvrcd.empty?
|
||||||
1.upto(thread_num) do
|
1.upto session.max_threads do
|
||||||
a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv|
|
a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv|
|
||||||
next if srv.nil?
|
next if srv.nil?
|
||||||
r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}")
|
r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}")
|
||||||
|
|
||||||
case platform
|
case session.platform
|
||||||
when /win/
|
when /win/
|
||||||
if r =~ /\s*internet\saddress\s\=\s/
|
if r =~ /\s*internet\saddress\s\=\s/
|
||||||
nslookup_srv_consume("#{srv}#{domain}", r).each do |f|
|
nslookup_srv_consume("#{srv}#{domain}", r).each do |f|
|
||||||
|
|
|
@ -40,21 +40,8 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
iplst << ipa
|
iplst << ipa
|
||||||
end
|
end
|
||||||
if session.type =~ /shell/
|
|
||||||
# Only one thread possible when shell
|
|
||||||
thread_num = 1
|
|
||||||
# Use the shell platform for selecting the command
|
|
||||||
platform = session.platform
|
|
||||||
else
|
|
||||||
# When in Meterpreter the safest thread number is 10
|
|
||||||
thread_num = 10
|
|
||||||
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
|
|
||||||
platform = session.sys.config.sysinfo['OS']
|
|
||||||
end
|
|
||||||
|
|
||||||
platform = session.platform
|
case session.platform
|
||||||
|
|
||||||
case platform
|
|
||||||
when /win/i
|
when /win/i
|
||||||
count = " -n 1 "
|
count = " -n 1 "
|
||||||
cmd = "ping"
|
cmd = "ping"
|
||||||
|
@ -69,10 +56,10 @@ class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
while(not iplst.nil? and not iplst.empty?)
|
while(not iplst.nil? and not iplst.empty?)
|
||||||
a = []
|
a = []
|
||||||
1.upto(thread_num) do
|
1.upto session.max_threads do
|
||||||
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
|
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
|
||||||
next if ip_add.nil?
|
next if ip_add.nil?
|
||||||
if platform =~ /solaris/i
|
if session.platform =~ /solaris/i
|
||||||
r = cmd_exec(cmd, "-n #{ip_add} 1")
|
r = cmd_exec(cmd, "-n #{ip_add} 1")
|
||||||
else
|
else
|
||||||
r = cmd_exec(cmd, count + ip_add)
|
r = cmd_exec(cmd, count + ip_add)
|
||||||
|
|
|
@ -7,19 +7,12 @@ require 'msf/core'
|
||||||
require 'rex'
|
require 'rex'
|
||||||
require 'csv'
|
require 'csv'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class MetasploitModule < Msf::Post
|
class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
include Msf::Post::File
|
include Msf::Post::File
|
||||||
include Msf::Post::Windows::UserProfiles
|
include Msf::Post::Windows::UserProfiles
|
||||||
|
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def initialize(info={})
|
def initialize(info={})
|
||||||
super( update_info( info,
|
super( update_info( info,
|
||||||
'Name' => 'Multi Gather Skype User Data Enumeration',
|
'Name' => 'Multi Gather Skype User Data Enumeration',
|
||||||
|
@ -52,9 +45,9 @@ class MetasploitModule < Msf::Post
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if (session.platform =~ /java/) || (session.platform =~ /osx/)
|
if session.platform =~ /java/
|
||||||
# Make sure a Java Meterpreter on anything but OSX will exit
|
# Make sure that Java Meterpreter on anything but OSX will exit
|
||||||
if session.platform =~ /java/ and sysinfo['OS'] !~ /Mac OS X/
|
if session.platform !~ /osx/
|
||||||
print_error("This session type and platform are not supported.")
|
print_error("This session type and platform are not supported.")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -105,7 +98,7 @@ class MetasploitModule < Msf::Post
|
||||||
# Download file using Meterpreter functionality and returns path in loot for the file
|
# Download file using Meterpreter functionality and returns path in loot for the file
|
||||||
def download_db(profile)
|
def download_db(profile)
|
||||||
if session.type =~ /meterpreter/
|
if session.type =~ /meterpreter/
|
||||||
if sysinfo['OS'] =~ /Mac OS X/
|
if session.platform =~ /osx/
|
||||||
file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true)
|
file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true)
|
||||||
else
|
else
|
||||||
file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true)
|
file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true)
|
||||||
|
|
|
@ -108,18 +108,8 @@ class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
# Run Method for when run command is issued
|
# Run Method for when run command is issued
|
||||||
def run
|
def run
|
||||||
if session.type =~ /shell/
|
case session.platform
|
||||||
# Use the shell platform for selecting the command
|
|
||||||
platform = session.platform
|
|
||||||
else
|
|
||||||
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
|
|
||||||
platform = session.sys.config.sysinfo['OS']
|
|
||||||
platform = 'osx' if platform =~ /darwin/i
|
|
||||||
end
|
|
||||||
|
|
||||||
case platform
|
|
||||||
when /win/i
|
when /win/i
|
||||||
|
|
||||||
listing = cmd_exec('netsh wlan show networks mode=bssid')
|
listing = cmd_exec('netsh wlan show networks mode=bssid')
|
||||||
if listing.nil?
|
if listing.nil?
|
||||||
print_error("Unable to generate wireless listing.")
|
print_error("Unable to generate wireless listing.")
|
||||||
|
@ -136,7 +126,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
when /osx/i
|
when /osx/i
|
||||||
|
|
||||||
listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
|
listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
|
||||||
if listing.nil?
|
if listing.nil?
|
||||||
print_error("Unable to generate wireless listing.")
|
print_error("Unable to generate wireless listing.")
|
||||||
|
@ -152,7 +141,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
when /linux/i
|
when /linux/i
|
||||||
|
|
||||||
listing = cmd_exec('iwlist scanning')
|
listing = cmd_exec('iwlist scanning')
|
||||||
if listing.nil?
|
if listing.nil?
|
||||||
print_error("Unable to generate wireless listing.")
|
print_error("Unable to generate wireless listing.")
|
||||||
|
@ -169,7 +157,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
when /solaris/i
|
when /solaris/i
|
||||||
|
|
||||||
listing = cmd_exec('dladm scan-wifi')
|
listing = cmd_exec('dladm scan-wifi')
|
||||||
if listing.blank?
|
if listing.blank?
|
||||||
print_error("Unable to generate wireless listing.")
|
print_error("Unable to generate wireless listing.")
|
||||||
|
@ -182,7 +169,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
when /bsd/i
|
when /bsd/i
|
||||||
|
|
||||||
interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
|
interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
|
||||||
# Printing interface as this platform requires the interface to be specified
|
# Printing interface as this platform requires the interface to be specified
|
||||||
# it might not be detected correctly.
|
# it might not be detected correctly.
|
||||||
|
|
|
@ -71,12 +71,7 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
def os_set_wallpaper(file)
|
def os_set_wallpaper(file)
|
||||||
if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i
|
case session.platform
|
||||||
platform = 'osx'
|
|
||||||
else
|
|
||||||
platform = session.platform
|
|
||||||
end
|
|
||||||
case platform
|
|
||||||
when /osx/
|
when /osx/
|
||||||
osx_set_wallpaper(file)
|
osx_set_wallpaper(file)
|
||||||
when /win/
|
when /win/
|
||||||
|
|
|
@ -53,7 +53,6 @@ class MetasploitModule < Msf::Post
|
||||||
|
|
||||||
#parse the dslocal plist in lion
|
#parse the dslocal plist in lion
|
||||||
def read_ds_xml_plist(plist_content)
|
def read_ds_xml_plist(plist_content)
|
||||||
|
|
||||||
require "rexml/document"
|
require "rexml/document"
|
||||||
|
|
||||||
doc = REXML::Document.new(plist_content)
|
doc = REXML::Document.new(plist_content)
|
||||||
|
@ -132,11 +131,7 @@ class MetasploitModule < Msf::Post
|
||||||
when /shell/
|
when /shell/
|
||||||
osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp
|
osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp
|
||||||
end
|
end
|
||||||
if osx_ver =~/Server/
|
return osx_ver =~/Server/
|
||||||
return true
|
|
||||||
else
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Enumerate the OS Version
|
# Enumerate the OS Version
|
||||||
|
@ -148,13 +143,10 @@ class MetasploitModule < Msf::Post
|
||||||
when /shell/
|
when /shell/
|
||||||
osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp
|
osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
return osx_ver_num
|
return osx_ver_num
|
||||||
end
|
end
|
||||||
|
|
||||||
def enum_conf(log_folder)
|
def enum_conf(log_folder)
|
||||||
|
|
||||||
session_type = session.type
|
|
||||||
profile_datatypes = {
|
profile_datatypes = {
|
||||||
'OS' => 'SPSoftwareDataType',
|
'OS' => 'SPSoftwareDataType',
|
||||||
'Network' => 'SPNetworkDataType',
|
'Network' => 'SPNetworkDataType',
|
||||||
|
@ -188,11 +180,11 @@ class MetasploitModule < Msf::Post
|
||||||
profile_datatypes.each do |name, profile_datatypes|
|
profile_datatypes.each do |name, profile_datatypes|
|
||||||
print_status("\tEnumerating #{name}")
|
print_status("\tEnumerating #{name}")
|
||||||
# Run commands according to the session type
|
# Run commands according to the session type
|
||||||
if session_type =~ /meterpreter/
|
if session.type =~ /meterpreter/
|
||||||
returned_data = cmd_exec('system_profiler', profile_datatypes)
|
returned_data = cmd_exec('system_profiler', profile_datatypes)
|
||||||
# Save data lo log folder
|
# Save data lo log folder
|
||||||
file_local_write(log_folder+"//#{name}.txt",returned_data)
|
file_local_write(log_folder+"//#{name}.txt",returned_data)
|
||||||
elsif session_type =~ /shell/
|
elsif session.type =~ /shell/
|
||||||
begin
|
begin
|
||||||
returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15)
|
returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15)
|
||||||
# Save data lo log folder
|
# Save data lo log folder
|
||||||
|
@ -207,11 +199,11 @@ class MetasploitModule < Msf::Post
|
||||||
print_status("\tEnumerating #{name}")
|
print_status("\tEnumerating #{name}")
|
||||||
# Run commands according to the session type
|
# Run commands according to the session type
|
||||||
begin
|
begin
|
||||||
if session_type =~ /meterpreter/
|
if session.type =~ /meterpreter/
|
||||||
command_output = cmd_exec(command[0],command[1])
|
command_output = cmd_exec(command[0],command[1])
|
||||||
# Save data lo log folder
|
# Save data lo log folder
|
||||||
file_local_write(log_folder+"//#{name}.txt",command_output)
|
file_local_write(log_folder+"//#{name}.txt",command_output)
|
||||||
elsif session_type =~ /shell/
|
elsif session.type =~ /shell/
|
||||||
command_output = cmd_exec(command[0], command[1])
|
command_output = cmd_exec(command[0], command[1])
|
||||||
# Save data lo log folder
|
# Save data lo log folder
|
||||||
file_local_write(log_folder+"//#{name}.txt",command_output)
|
file_local_write(log_folder+"//#{name}.txt",command_output)
|
||||||
|
@ -222,9 +214,7 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def enum_accounts(log_folder,ver_num)
|
def enum_accounts(log_folder,ver_num)
|
||||||
|
|
||||||
# Specific commands for Leopard and Snow Leopard
|
# Specific commands for Leopard and Snow Leopard
|
||||||
leopard_commands = {
|
leopard_commands = {
|
||||||
'Users' => ['/usr/bin/dscacheutil', '-q user'],
|
'Users' => ['/usr/bin/dscacheutil', '-q user'],
|
||||||
|
@ -261,13 +251,11 @@ class MetasploitModule < Msf::Post
|
||||||
file_local_write(log_folder + "//#{name}.txt", command_output)
|
file_local_write(log_folder + "//#{name}.txt", command_output)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
# Method for getting SSH and GPG Keys
|
# Method for getting SSH and GPG Keys
|
||||||
def get_crypto_keys(log_folder)
|
def get_crypto_keys(log_folder)
|
||||||
|
|
||||||
# Run commands according to the session type
|
# Run commands according to the session type
|
||||||
if session.type =~ /shell/
|
if session.type =~ /shell/
|
||||||
|
|
||||||
|
@ -349,7 +337,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -381,7 +368,6 @@ class MetasploitModule < Msf::Post
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
print_status("Screenshot Captured")
|
print_status("Screenshot Captured")
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue