Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
module Metasploit
2
  module Framework
3
    module Ssh
4
      module Platform
5
        def self.get_platform(ssh_socket)
6
          info = get_platform_info(ssh_socket, timeout: 10)
7
          get_platform_from_info(info)
8
        end
9

10
        def self.get_platform_info(ssh_socket, timeout: 10)
11
          info = ''
12
          begin
13
            Timeout.timeout(timeout) do
14
              info = ssh_socket.exec!("id\n").to_s
15
              if (info =~ /id=/)
16
                info << ssh_socket.exec!("uname -a\n").to_s
17
                if (info =~ /JUNOS /)
18
                  # We're in the SSH shell for a Juniper JunOS, we can pull the version from the cli
19
                  # line 2 is hostname, 3 is model, 4 is the Base OS version
20
                  info = ssh_socket.exec!("cli show version\n").split("\n")[2..4].join(', ').to_s
21
                elsif (info =~ /Linux USG /)
22
                  # Ubiquiti Unifi USG
23
                  info << ssh_socket.exec!("cat /etc/version\n").to_s.rstrip
24
                end
25
                temp_proof = ssh_socket.exec!("grep unifi.version /tmp/system.cfg\n").to_s.rstrip
26
                if (temp_proof =~ /unifi\.version/)
27
                  info << temp_proof
28
                  # Ubiquiti Unifi device (non-USG), possibly a switch.  Tested on US-24, UAP-nanoHD
29
                  # The /tmp/*.cfg files don't give us device info, however the info command does
30
                  # we dont call it originally since it doesnt say unifi/ubiquiti in it and info
31
                  # is a linux command as well
32
                  info << ssh_socket.exec!("grep board.name /etc/board.info\n").to_s.rstrip
33
                end
34
              elsif info =~ /Unknown command or computer name/
35
                # Cisco IOS
36
                info = ssh_socket.exec!("ver\n").to_s
37
                # Juniper ScreenOS
38
              elsif info =~ /unknown keyword/
39
                info = ssh_socket.exec!("get chassis\n").to_s
40
                # Juniper JunOS CLI
41
              elsif info =~ /unknown command: id/
42
                info = ssh_socket.exec!("show version\n").split("\n")[2..4].join(', ').to_s
43
                # Brocade CLI
44
              elsif info =~ /Invalid input -> id/ || info =~ /Protocol error, doesn't start with scp!/
45
                info = ssh_socket.exec!("show version\n").to_s
46
                if info =~ /Version:(?<os_version>.+).+HW: (?<hardware>)/mi
47
                  info = "Model: #{hardware}, OS: #{os_version}"
48
                end
49
                # Arista
50
              elsif info =~ /% Invalid input at line 1/
51
                info = ssh_socket.exec!("show version\n").split("\n")[0..1]
52
                info = info.map { |item| item.strip }
53
                info = info.join(', ').to_s
54
                # Windows
55
              elsif info =~ /command not found|is not recognized as an internal or external command/
56
                info = ssh_socket.exec!("systeminfo\n").to_s
57
                /OS Name:\s+(?<os_name>.+)$/ =~ info
58
                /OS Version:\s+(?<os_num>.+)$/ =~ info
59
                if os_num.present? && os_name.present?
60
                  info = "#{os_name.strip} #{os_num.strip}"
61
                else
62
                  info = ssh_socket.exec!("ver\n").to_s.strip
63
                end
64
                # mikrotik
65
              elsif info =~ /bad command name id \(line 1 column 1\)/
66
                info = ssh_socket.exec!("/ system resource print\n").to_s
67
                /platform:\s+(?<platform>.+)$/ =~ info
68
                /board-name:\s+(?<board>.+)$/ =~ info
69
                /version:\s+(?<version>.+)$/ =~ info
70
                if version && platform && board
71
                  info = "#{platform.strip} #{board.strip} #{version.strip}"
72
                end
73
                # esxi 6.7
74
              elsif info =~ /sh: id: not found/
75
                info = ssh_socket.exec!("vmware -v\n").to_s
76
              else
77
                info << ssh_socket.exec!("help\n?\n\n\n").to_s
78
              end
79
            end
80
          rescue Timeout::Error
81
          end
82

83
          info
84
        end
85

86
        def self.get_platform_from_info(info)
87
          case info
88
          when /unifi\.version|UniFiSecurityGateway/i # Ubiquiti Unifi.  uname -a is left in, so we got to pull before Linux
89
            'unifi'
90
          when /Linux/i
91
            'linux'
92
          when /VMware ESXi/i
93
            'linux'
94
          when /Darwin/i
95
            'osx'
96
          when /SunOS/i
97
            'solaris'
98
          when /BSD/i
99
            'bsd'
100
          when /HP-UX/i
101
            'hpux'
102
          when /AIX/i
103
            'aix'
104
          when /MSYS_NT|cygwin|Win32|Windows|Microsoft/i
105
            'windows'
106
          when /Unknown command or computer name|Line has invalid autocommand/i
107
            'cisco-ios'
108
          when /unknown keyword/i # ScreenOS
109
            'juniper'
110
          when /JUNOS Base OS/i # JunOS
111
            'juniper'
112
          when /MikroTik/i
113
            'mikrotik'
114
          when /Arista/i
115
            'arista'
116
          else
117
            'unknown'
118
          end
119
        end
120
      end
121
    end
122
  end
123
end
124

125