CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/admin/smb/check_dir_file.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67# Exploit mixins should be called first8include Msf::Exploit::Remote::SMB::Client9include Msf::Exploit::Remote::SMB::Client::Authenticated10include Msf::Auxiliary::Scanner11include Msf::Auxiliary::Report1213# Aliases for common classes14SIMPLE = Rex::Proto::SMB::SimpleClient15XCEPT = Rex::Proto::SMB::Exceptions16CONST = Rex::Proto::SMB::Constants171819def initialize20super(21'Name' => 'SMB Scanner Check File/Directory Utility',22'Description' => %Q{23This module is useful when checking an entire network24of SMB hosts for the presence of a known file or directory.25An example would be to scan all systems for the presence of26antivirus or known malware outbreak. Typically you must set27RPATH, SMBUser, SMBDomain and SMBPass to operate correctly.28},29'Author' =>30[31'aushack',32'j0hn__f'33],34'References' =>35[36],37'License' => MSF_LICENSE38)3940register_options([41OptString.new('SMBSHARE', [true, 'The name of an accessible share on the server', 'C$']),42OptString.new('RPATH', [true, 'The name of the remote file/directory relative to the share'])43])4445end4647def check_path(path)48begin49if (fd = simple.open("\\#{path}", 'o')) # mode is open only - do not create/append/write etc50print_good("File FOUND: \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path}")51fd.close52end53rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e54error_name = e.get_error(e.error_code)55rescue ::RubySMB::Error::UnexpectedStatusCode => e56error_name = e.status_code.name57end58if error_name59case error_name60when "STATUS_FILE_IS_A_DIRECTORY"61print_good("Directory FOUND: \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path}")62when "STATUS_OBJECT_NAME_NOT_FOUND"63vprint_error("Object \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path} NOT found!")64when "STATUS_OBJECT_PATH_NOT_FOUND"65vprint_error("Object PATH \\\\#{rhost}\\#{datastore['SMBSHARE']}\\#{path} NOT found!")66when "STATUS_ACCESS_DENIED"67vprint_error("Host reports access denied.")68when "STATUS_BAD_NETWORK_NAME"69vprint_error("Host is NOT connected to #{datastore['SMBDomain']}!")70when "STATUS_INSUFF_SERVER_RESOURCES"71vprint_error("Host rejected with insufficient resources!")72when "STATUS_OBJECT_NAME_INVALID"73vprint_error("opening \\#{path} bad filename")74else75raise e76end77end78end7980def run_host(ip)81vprint_status("Connecting to the server...")8283begin84connect85smb_login8687vprint_status("Mounting the remote share \\\\#{datastore['RHOST']}\\#{datastore['SMBSHARE']}'...")88self.simple.connect("\\\\#{rhost}\\#{datastore['SMBSHARE']}")89vprint_status("Checking for file/folder #{datastore['RPATH']}...")9091datastore['RPATH'].each_line do |path|92check_path(path.chomp)93end #end do94rescue ::Rex::HostUnreachable95vprint_error("Host offline.")96rescue ::Rex::Proto::SMB::Exceptions::LoginError97print_error("Host login error.")98rescue ::Rex::ConnectionRefused99print_error "Unable to connect - connection refused"100rescue ::Rex::Proto::SMB::Exceptions::ErrorCode101print_error "Unable to connect to share #{datastore['SMBSHARE']}"102end # end begin103end # end def104end105106107