##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name'        => 'Rsync Unauthenticated List Command',
      'Description' => 'List all (listable) modules from a rsync daemon',
      'Author'      => 'ikkini',
      'References'  =>
        [
          ['URL', 'http://rsync.samba.org/ftp/rsync/rsync.html']
        ],
      'License'     => MSF_LICENSE
    )
    register_options(
      [
        Opt::RPORT(873)
      ], self.class)
  end

  def run_host(ip)
    connect
    version = sock.get_once

    return if version.blank?

    print_good("#{ip}:#{rport} - rsync #{version.strip} found")
    report_service(:host => ip, :port => rport, :proto => 'tcp', :name => 'rsync')
    report_note(
        :host => ip,
        :proto => 'tcp',
        :port => rport,
        :type => 'rsync_version',
        :data => version.strip
    )

    # making sure we match the version of the server
    sock.puts("#{version}")
    # the listing command
    sock.puts("\n")
    listing = sock.get(20)
    disconnect

    return if listing.blank?

    print_good("#{ip}:#{rport} - rsync listing found")
    listing.gsub!('@RSYNCD: EXIT', '') # not interested in EXIT message
    listing_sanitized = Rex::Text.to_hex_ascii(listing.strip)

    vprint_status("#{ip}:#{rport} - #{version.rstrip} #{listing_sanitized}")
    report_note(
        :host => ip,
        :proto => 'tcp',
        :port => rport,
        :type => 'rsync_listing',
        :data => listing_sanitized
    )
  end
end