Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/admin/smb/download_file.rb
19778 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
8
# Exploit mixins should be called first
9
include Msf::Exploit::Remote::SMB::Client
10
include Msf::Exploit::Remote::SMB::Client::Authenticated
11
include Msf::Exploit::Remote::SMB::Client::RemotePaths
12
include Msf::Auxiliary::Report
13
include Msf::Auxiliary::Scanner
14
include Msf::OptionalSession::SMB
15
16
def initialize
17
super(
18
'Name' => 'SMB File Download Utility',
19
'Description' => %(
20
This module downloads a file from a target share and path. The usual reason
21
to use this module is to work around limitations in an existing SMB client that may not
22
be able to take advantage of pass-the-hash style authentication.
23
),
24
'Author' => [
25
'mubix' # copied from hdm upload_file module
26
],
27
'License' => MSF_LICENSE,
28
'Notes' => {
29
'Stability' => [CRASH_SAFE],
30
'SideEffects' => [],
31
'Reliability' => []
32
}
33
)
34
35
register_options([
36
OptString.new('SMBSHARE', [true, 'The name of a share on the RHOST', 'C$'])
37
])
38
end
39
40
def smb_download
41
vprint_status('Connecting...')
42
if session
43
44
print_status("Using existing session #{session.sid}")
45
self.simple = session.simple_client
46
else
47
connect
48
smb_login
49
end
50
51
vprint_status("Mounting the remote share \\\\#{simple.address}\\#{datastore['SMBSHARE']}'...")
52
simple.connect("\\\\#{simple.address}\\#{datastore['SMBSHARE']}")
53
54
remote_paths.each do |remote_path|
55
vprint_status("Trying to download #{remote_path}...")
56
57
data = ''
58
fd = simple.open(remote_path.to_s, 'o')
59
begin
60
data = fd.read
61
ensure
62
fd.close
63
end
64
65
fname = remote_path.split('\\')[-1]
66
path = store_loot('smb.shares.file', 'application/octet-stream', rhost, data, fname)
67
print_good("#{remote_path} saved as: #{path}")
68
rescue Rex::Proto::SMB::Exceptions::ErrorCode => e
69
elog("Unable to download #{remote_path}:", error: e)
70
print_error("Unable to download #{remote_path}: #{e.message}")
71
end
72
end
73
74
def run_host(_ip)
75
validate_rpaths!
76
77
begin
78
smb_download
79
rescue Rex::Proto::SMB::Exceptions::LoginError => e
80
elog("Unable to login: #{e.message}", error: e)
81
print_error("Unable to login: #{e.message}")
82
end
83
end
84
end
85
86