Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/dcerpc/management.rb
19500 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'English'

7
class MetasploitModule < Msf::Auxiliary

8


9
  # Exploit mixins should be called first

10
  include Msf::Exploit::Remote::DCERPC

11


12
  include Msf::Auxiliary::Report

13


14
  # Scanner mixin should be near last

15
  include Msf::Auxiliary::Scanner

16


17
  def initialize

18
    super(

19
      'Name' => 'Remote Management Interface Discovery',

20
      'Description' => %q{

21
        This module can be used to obtain information from the Remote

22
        Management Interface DCERPC service.

23
      },

24
      'Author' => 'hdm',

25
      'License' => MSF_LICENSE,

26
      'Notes' => {

27
        'Stability' => [CRASH_SAFE],

28
        'SideEffects' => [],

29
        'Reliability' => []

30
      }

31
    )

32


33
    register_options(

34
      [

35
        Opt::RPORT(135)

36
      ]

37
    )

38
  end

39


40
  # Obtain information about a single host

41
  def run_host(ip)

42
    ids = dcerpc_mgmt_inq_if_ids(rport)

43
    return unless ids

44


45
    ids.each do |id|

46
      print_status("UUID #{id[0]} v#{id[1]}")

47


48
      reportdata = ''

49


50
      stats = dcerpc_mgmt_inq_if_stats(rport)

51
      if stats

52
        print_status("\t stats: " + stats.map { |i| '0x%.8x' % i }.join(', '))

53
        reportdata << 'stats: ' + stats.map { |i| '0x%.8x' % i }.join(', ') + ' '

54
      end

55


56
      live = dcerpc_mgmt_is_server_listening(rport)

57
      if live

58
        print_status("\t listening: %.8x" % live)

59
        # reportdata << "listening: %.8x" % live + " "

60
      end

61


62
      dead = dcerpc_mgmt_stop_server_listening(rport)

63
      if dead

64
        print_status("\t killed: %.8x" % dead)

65
        # reportdata << "killed: %.8x" % dead + " "

66
      end

67


68
      princ = dcerpc_mgmt_inq_princ_name(rport)

69
      if princ

70
        print_status("\t name: #{princ.unpack('H*')[0]}")

71
        # reportdata << "name: #{princ.unpack("H*")[0]}"

72
      end

73


74
      report_note(

75
        host: ip,

76
        proto: 'tcp',

77
        port: datastore['RPORT'],

78
        type: "DCERPC UUID #{id[0]} v#{id[1]}",

79
        data: { report_data: reportdata }

80
      )

81
    end

82
  rescue ::Interrupt

83
    raise $ERROR_INFO

84
  rescue StandardError => e

85
    print_error("Error: #{e}")

86
  end

87
end

88


89