Merge pull request #1 from wchen-r7/pr3488_fix

More cosmetic fixes for enum_services
bug/bundler_fix
Chris 2014-07-03 19:31:38 +01:00
commit bb54fecdd1
1 changed files with 49 additions and 18 deletions

View File

@ -16,8 +16,8 @@ class Metasploit3 < Msf::Post
'Name' => "Windows Gather Service Info Enumeration",
'Description' => %q{
This module will query the system for services and display name and configuration
info for each returned service. It allows you to optionally search the credentials, path, or start
type for a string and only return the results that match. These query operations
info for each returned service. It allows you to optionally search the credentials, path,
or start type for a string and only return the results that match. These query operations
are cumulative and if no query strings are specified, it just returns all services.
NOTE: If the script hangs, windows firewall is most likely on and you did not
migrate to a safe process (explorer.exe for example).
@ -36,9 +36,12 @@ class Metasploit3 < Msf::Post
end
def run
# set vars
lootString = ""
credentialCount = {}
qcred = datastore["CRED"] || nil
qpath = datastore["PATH"] || nil
if datastore["TYPE"] == "All"
@ -47,24 +50,29 @@ class Metasploit3 < Msf::Post
qtype = datastore["TYPE"]
end
if qcred
print_status("Credential Filter: " + qcred)
print_status("Credential Filter: #{qcred}")
end
if qpath
print_status("Executable Path Filter: " + qpath)
print_status("Executable Path Filter: #{qpath}")
end
if qtype
print_status("Start Type Filter: " + qtype)
print_status("Start Type Filter: #{qtype}")
end
if datastore['VERBOSE']
print_status("Listing Service Info for matching services:")
else
print_status("Detailed output is only printed when VERBOSE is set to True. Running this module can take some time.\n")
end
service_list.each do |sname|
srv_conf = {}
isgood = true
#make sure we got a service name
# make sure we got a service name
if sname
begin
srv_conf = service_info(sname)
#filter service based on filters passed, the are cumulative
# filter service based on filters passed, the are cumulative
if qcred and ! srv_conf['Credentials'].downcase.include? qcred.downcase
isgood = false
end
@ -75,22 +83,45 @@ class Metasploit3 < Msf::Post
if qtype and ! (srv_conf['Startup'] || '').downcase.include? qtype.downcase
isgood = false
end
#if we are still good return the info
if isgood
vprint_status("\tName: #{sname}")
vprint_good("\t\tStartup: #{srv_conf['Startup']}")
vprint_good("\t\tCommand: #{srv_conf['Command']}")
vprint_good("\t\tCredentials: #{srv_conf['Credentials']}")
# count the occurance of specific credentials services are running as
serviceCred = srv_conf['Credentials'].upcase
unless serviceCred.empty?
if credentialCount.has_key?(serviceCred)
credentialCount[serviceCred] += 1
else
credentialCount[serviceCred] = 1
# let the user know a new service account has been detected for possible lateral
# movement opportunities
print_good("New service credential detected: #{sname} is running as '#{srv_conf['Credentials']}'")
end
rescue
end
# if we are still good return the info
if isgood
msgString = "\tName: #{sname}"
msgString << "\n\t\tStartup: #{srv_conf['Startup']}"
#remove invalid char at the end
commandString = srv_conf['Command']
commandString.gsub!(/[\x00-\x08\x0b\x0c\x0e-\x19\x7f-\xff]+/n,"")
msgString << "\n\t\t#{commandString}"
msgString << "\n\t\tCredentials: #{srv_conf['Credentials']}\n"
vprint_good(msgString)
lootString << msgString
end
rescue ::Exception => e
# July 3rd 2014 wchen-r7: Not very sure what exceptions this method is trying to rescue,
# probably the typical shut-everything-up coding habit. We'll have to fix this later,
# but for now let's at least print the error for debugging purposes
print_error("An error occured enumerating service: #{sname}")
print_error(e.to_s)
end
else
print_error("Problem enumerating services")
print_error("Problem enumerating services (no service name found)")
end
end
# store loot on completion of collection
p = store_loot("windows.services", "text/plain", session, lootString, "windows_services.txt", "Windows Services")
print_good("Loot file stored in: #{p.to_s}")
end
end