Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/metasploit/framework/ssh/platform.rb
19934 views
1
module Metasploit

2
  module Framework

3
    module Ssh

4
      module Platform

5
        def self.get_platform(ssh_socket)

6
          info = get_platform_info(ssh_socket, timeout: 10)

7
          get_platform_from_info(info)

8
        end

9


10
        def self.get_platform_info(ssh_socket, timeout: 10)

11
          info = ''

12
          begin

13
            Timeout.timeout(timeout) do

14
              info = ssh_socket.exec!("id\n").to_s

15
              if (info =~ /id=/)

16
                info << ssh_socket.exec!("uname -a\n").to_s

17
                if (info =~ /JUNOS /)

18
                  # We're in the SSH shell for a Juniper JunOS, we can pull the version from the cli

19
                  # line 2 is hostname, 3 is model, 4 is the Base OS version

20
                  info = ssh_socket.exec!("cli show version\n").split("\n")[2..4].join(', ').to_s

21
                elsif (info =~ /Linux USG /)

22
                  # Ubiquiti Unifi USG

23
                  info << ssh_socket.exec!("cat /etc/version\n").to_s.rstrip

24
                end

25
                temp_proof = ssh_socket.exec!("grep unifi.version /tmp/system.cfg\n").to_s.rstrip

26
                if (temp_proof =~ /unifi\.version/)

27
                  info << temp_proof

28
                  # Ubiquiti Unifi device (non-USG), possibly a switch.  Tested on US-24, UAP-nanoHD

29
                  # The /tmp/*.cfg files don't give us device info, however the info command does

30
                  # we dont call it originally since it doesnt say unifi/ubiquiti in it and info

31
                  # is a linux command as well

32
                  info << ssh_socket.exec!("grep board.name /etc/board.info\n").to_s.rstrip

33
                end

34
              elsif info =~ /Unknown command or computer name/

35
                # Cisco IOS

36
                info = ssh_socket.exec!("ver\n").to_s

37
                # Juniper ScreenOS

38
              elsif info =~ /unknown keyword/

39
                info = ssh_socket.exec!("get chassis\n").to_s

40
                # Juniper JunOS CLI

41
              elsif info =~ /unknown command: id/

42
                info = ssh_socket.exec!("show version\n").split("\n")[2..4].join(', ').to_s

43
                # Brocade CLI

44
              elsif info =~ /Invalid input -> id/ || info =~ /Protocol error, doesn't start with scp!/

45
                info = ssh_socket.exec!("show version\n").to_s

46
                if info =~ /Version:(?<os_version>.+).+HW: (?<hardware>)/mi

47
                  info = "Model: #{hardware}, OS: #{os_version}"

48
                end

49
                # Arista

50
              elsif info =~ /% Invalid input at line 1/

51
                info = ssh_socket.exec!("show version\n").split("\n")[0..1]

52
                info = info.map { |item| item.strip }

53
                info = info.join(', ').to_s

54
                # Windows

55
              elsif info =~ /command not found|is not recognized as an internal or external command|is not recognized as the name of a cmdlet, function, script file, or operable/

56
                info = ssh_socket.exec!("systeminfo\n").to_s

57
                /OS Name:\s+(?<os_name>.+)$/ =~ info

58
                /OS Version:\s+(?<os_num>.+)$/ =~ info

59
                if os_num.present? && os_name.present?

60
                  info = "#{os_name.strip} #{os_num.strip}"

61
                else

62
                  info = ssh_socket.exec!("ver\n").to_s.strip

63
                end

64
                # mikrotik

65
              elsif info =~ /bad command name id \(line 1 column 1\)/

66
                info = ssh_socket.exec!("/ system resource print\n").to_s

67
                /platform:\s+(?<platform>.+)$/ =~ info

68
                /board-name:\s+(?<board>.+)$/ =~ info

69
                /version:\s+(?<version>.+)$/ =~ info

70
                if version && platform && board

71
                  info = "#{platform.strip} #{board.strip} #{version.strip}"

72
                end

73
                # esxi 6.7

74
              elsif info =~ /sh: id: not found/

75
                info = ssh_socket.exec!("vmware -v\n").to_s

76
                # vcenter 6.7 (photon)

77
                # VMware vCenter Server 8.0.0.10000

78
                # VMware VirtualCenter 6.7.0 build-19299595

79
              elsif info =~ /Unknown command: `id'/

80
                # eventually we'll want to try to shell in via 'shell'. On failure you see: "User 'user_operator' is not authorized to run this command"

81
                # on succeess: "Shell access is granted to <username>"

82
                info = ssh_socket.exec!("api com.vmware.appliance.version1.system.version.get\n\n").to_s

83
                /Product:\s+(?<product>.+)$/ =~ info

84
                /Version:\s+(?<version>[\d\.]+)$/ =~ info

85
                if version && product

86
                  info = "#{product.strip} #{version.strip}"

87
                end

88
              else

89
                info << ssh_socket.exec!("help\n?\n\n\n").to_s

90
              end

91
            end

92
          rescue Timeout::Error

93
          end

94
          info

95
        end

96


97
        def self.is_posix(platform)

98
          return ['unifi','linux','osx','solaris','bsd','hpux','aix'].include?(platform)

99
        end

100


101
        def self.get_platform_from_info(info)

102
          case info

103
          when /unifi\.version|UniFiSecurityGateway/i # Ubiquiti Unifi.  uname -a is left in, so we got to pull before Linux

104
            'unifi'

105
          when /Linux/i

106
            'linux'

107
          when /VMware ESXi/i

108
            'linux'

109
          when /Darwin/i

110
            'osx'

111
          when /SunOS/i

112
            'solaris'

113
          when /BSD/i

114
            'bsd'

115
          when /HP-UX/i

116
            'hpux'

117
          when /AIX/i

118
            'aix'

119
          when /MSYS_NT|cygwin|Win32|Windows|Microsoft/i

120
            'windows'

121
          when /Unknown command or computer name|Line has invalid autocommand/i

122
            'cisco-ios'

123
          when /unknown keyword/i # ScreenOS

124
            'juniper'

125
          when /JUNOS Base OS/i # JunOS

126
            'juniper'

127
          when /MikroTik/i

128
            'mikrotik'

129
          when /Arista/i

130
            'arista'

131
          when /VMware vCenter Server/i

132
            'vcenter'

133
          else

134
            'unknown'

135
          end

136
        end

137
      end

138
    end

139
  end

140
end

141


142