## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Auxiliary # # This module acts as an compromised webserver distributing PII Data # include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::PII def initialize(info = {}) super(update_info(info, 'Name' => 'VSploit Web PII', 'Description' => 'This module emulates a webserver leaking PII data', 'License' => MSF_LICENSE, 'Author' => 'MJC', 'References' => [ [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework'] ], 'DefaultOptions' => { 'HTTP::server_name' => 'IIS'} )) register_options( [ OptBool.new('META_REFRESH', [ false, "Set page to auto refresh.", false]), OptInt.new('REFRESH_TIME', [ false, "Set page refresh interval.", 15]), OptInt.new('ENTRIES', [ false, "PII Entry Count", 1000]) ],self.class) end def create_page # Webpage Title title = "vSploit PII Webserver" sheep = <<-EOS __________ < baaaaah! > --------- \\ \\ ,@;@, ;@;@( \\@;@;@;@;@;@, /x @\\_|@;@;@;@;@;@;, / )@:@;@;@;@;@;@;@|) *---;@;@;@;@;@;@;@;@; ';@;\;@;\;@;@ || | \\ ( || | // / // ( // / ~~~~~ ~~~~ EOS page = "" page << "\n
\n" if datastore['META_REFRESH'] page << "\n" end page << "\n" page << sheep page << "Data Creation by: #{title}\n" page << "Entries Per Page: #{datastore['ENTRIES']}\n" if datastore['META_REFRESH'] page << "Refresh Interval: #{datastore['REFRESH_TIME']} Seconds\n" end # Start creating PII data pii = create_pii() page << "\n" page << pii page << "\n\n" page end def on_request_uri(cli,request) # Transmit the response to the client res = create_page() print_status("Leaking PII...") send_response(cli, res, { 'Content-Type' => 'text/html' }) end def run exploit() end end