## # $Id: ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' require 'msf/core/post/windows/services' #define the appropriate class class Metasploit3 < Msf::Post #set your includes include Msf::Post::Windows::WindowsServices def initialize(info={}) super(update_info(info, 'Name' => "Windows Gather Service Info Enumeration", 'Description' => %q{ This module will query the system for services and display name and configuration info for each returned service, if VERBOSE is set to false you will just see the service name. It allows you to optionally search the credentials, path, or start type for a string and only return the results that match. These query operations are cumulative and if no query strings are specified, it just returns all services. NOTE: If the script hangs, windows firewall is most likely on and you did not migrate to a safe process (explorer.exe for example). }, 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'Platform' => ['windows'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Keith Faber', 'Kx499'] )) register_options( [ OptString.new('CRED', [ false, 'String to search credentials for' ]), OptString.new('PATH', [ false, 'String to search path for' ]), OptEnum.new('TYPE', [false, 'Service startup Option', 'All', [ 'All', 'Auto', 'Manual', 'Disabled' ]]), ], self.class) end def run # set vars qcred = datastore["CRED"] || nil qpath = datastore["PATH"] || nil if datastore["TYPE"] == "All" qtype = nil else qtype = datastore["TYPE"] end if qcred print_status("Credential Filter: " + qcred) end if qpath print_status("Executable Path Filter: " + qpath) end if qtype print_status("Start Type Filter: " + qtype) end print_status("Listing Service Info for matching services:") service_list.each do |sname| srv_conf = {} isgood = true #make sure we got a service name if sname begin srv_conf = service_info(sname) #filter service based on filters passed, the are cumulative if qcred and ! srv_conf['Credentials'].downcase.include? qcred.downcase isgood = false end if qpath and ! srv_conf['Command'].downcase.include? qpath.downcase isgood = false end if qtype and ! srv_conf['Startup'].downcase.include? qtype.downcase isgood = false end #if we are still good return the info if isgood vprint_status("\tName: #{sname}") vprint_good("\t\tStartup: #{srv_conf['Startup']}") vprint_good("\t\tCommand: #{srv_conf['Command']}") vprint_good("\t\tCredentials: #{srv_conf['Credentials']}") end rescue print_error("An error occured enumerating service: #{sname}") end elsif sname print_good("\tName: #{sname}") else print_error("Problem enumerating services") end end end end