Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7

8
  # Exploit mixins should be called first
9
  include Msf::Exploit::Remote::SMB::Client
10
  include Msf::Exploit::Remote::SMB::Client::Authenticated
11
  include Msf::Exploit::Remote::SMB::Client::RemotePaths
12
  include Msf::Auxiliary::Report
13
  include Msf::Auxiliary::Scanner
14
  include Msf::OptionalSession::SMB
15

16
  # Aliases for common classes
17
  SIMPLE = Rex::Proto::SMB::SimpleClient
18
  XCEPT  = Rex::Proto::SMB::Exceptions
19
  CONST  = Rex::Proto::SMB::Constants
20

21

22
  def initialize
23
    super(
24
      'Name'        => 'SMB File Delete Utility',
25
      'Description' => %Q{
26
        This module deletes a file from a target share and path. The usual reason
27
      to use this module is to work around limitations in an existing SMB client that may not
28
      be able to take advantage of pass-the-hash style authentication.
29
      },
30
      'Author'      =>
31
        [
32
          'mubix' # copied from hdm upload_file module
33
        ],
34
      'License'     => MSF_LICENSE,
35
      )
36

37
    register_options([
38
      OptString.new('SMBSHARE', [true, 'The name of a share on the RHOST', 'C$'])
39
    ])
40
  end
41

42
  def smb_delete_files
43
    if session
44
      print_status("Using existing session #{session.sid}")
45
      client = session.client
46
      self.simple = ::Rex::Proto::SMB::SimpleClient.new(client.dispatcher.tcp_socket, client: client)
47
    else
48
      vprint_status("Connecting to the server...")
49
      connect()
50
      smb_login()
51
    end
52

53
    vprint_status("Mounting the remote share \\\\#{simple.address}\\#{datastore['SMBSHARE']}'...")
54
    self.simple.connect("\\\\#{simple.address}\\#{datastore['SMBSHARE']}")
55

56
    remote_paths.each do |remote_path|
57
      begin
58
        simple.delete("\\#{remote_path}")
59

60
        # If there's no exception raised at this point, we assume the file has been removed.
61
        print_good("Deleted: #{remote_path}")
62
      rescue Rex::Proto::SMB::Exceptions::ErrorCode, RubySMB::Error::RubySMBError => e
63
        elog("Cannot delete #{remote_path}:", error: e)
64
        print_error("Cannot delete #{remote_path}: #{e.message}")
65
      end
66
    end
67
  end
68

69
  def run_host(_ip)
70
    validate_rpaths!
71

72
    begin
73
      smb_delete_files
74
    rescue Rex::Proto::SMB::Exceptions::LoginError => e
75
      elog('Unable to login', error: e)
76
      print_error("Unable to login: #{e.message}")
77
    end
78
  end
79
end
80

81