metasploit-framework/modules/auxiliary/scanner/dcerpc/management.rb

86 lines
2.1 KiB
Ruby

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::DCERPC
include Msf::Auxiliary::Report
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Remote Management Interface Discovery',
'Description' => %q{
This module can be used to obtain information from the Remote
Management Interface DCERPC service.
},
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT(135)
])
end
# Obtain information about a single host
def run_host(ip)
begin
ids = dcerpc_mgmt_inq_if_ids(rport)
return if not ids
ids.each do |id|
print_status("UUID #{id[0]} v#{id[1]}")
reportdata = ""
stats = dcerpc_mgmt_inq_if_stats(rport)
if stats
print_status("\t stats: " + stats.map{|i| "0x%.8x" % i}.join(", "))
reportdata << "stats: " + stats.map{|i| "0x%.8x" % i}.join(", ") + " "
end
live = dcerpc_mgmt_is_server_listening(rport)
if live
print_status("\t listening: %.8x" % live)
#reportdata << "listening: %.8x" % live + " "
end
dead = dcerpc_mgmt_stop_server_listening(rport)
if dead
print_status("\t killed: %.8x" % dead)
#reportdata << "killed: %.8x" % dead + " "
end
princ = dcerpc_mgmt_inq_princ_name(rport)
if princ
print_status("\t name: #{princ.unpack("H*")[0]}")
#reportdata << "name: #{princ.unpack("H*")[0]}"
end
# Add Report
report_note(
:host => ip,
:proto => 'tcp',
:port => datastore['RPORT'],
:type => "DCERPC UUID #{id[0]} v#{id[1]}",
:data => reportdata
)
end
rescue ::Interrupt
raise $!
rescue ::Exception => e
print_error("Error: #{e}")
end
end
end