CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/dcerpc/management.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7


8
  # Exploit mixins should be called first

9
  include Msf::Exploit::Remote::DCERPC

10


11
  include Msf::Auxiliary::Report

12


13
  # Scanner mixin should be near last

14
  include Msf::Auxiliary::Scanner

15


16
  def initialize

17
    super(

18
      'Name'        => 'Remote Management Interface Discovery',

19
      'Description' => %q{

20
        This module can be used to obtain information from the Remote

21
        Management Interface DCERPC service.

22
      },

23
      'Author'      => 'hdm',

24
      'License'     => MSF_LICENSE

25
    )

26


27
    register_options(

28
      [

29
        Opt::RPORT(135)

30
      ])

31
  end

32


33
  # Obtain information about a single host

34
  def run_host(ip)

35
    begin

36


37
      ids = dcerpc_mgmt_inq_if_ids(rport)

38
      return if not ids

39
      ids.each do |id|

40
        print_status("UUID #{id[0]} v#{id[1]}")

41


42
        reportdata = ""

43


44
        stats = dcerpc_mgmt_inq_if_stats(rport)

45
        if stats

46
          print_status("\t stats: " + stats.map{|i| "0x%.8x" % i}.join(", "))

47
          reportdata << "stats: " + stats.map{|i| "0x%.8x" % i}.join(", ") + " "

48
        end

49


50
        live  = dcerpc_mgmt_is_server_listening(rport)

51
        if live

52
          print_status("\t listening: %.8x" % live)

53
          #reportdata << "listening: %.8x" % live + " "

54
        end

55


56
        dead  = dcerpc_mgmt_stop_server_listening(rport)

57
        if dead

58
          print_status("\t killed: %.8x" % dead)

59
          #reportdata << "killed: %.8x" % dead + " "

60
        end

61


62
        princ = dcerpc_mgmt_inq_princ_name(rport)

63
        if princ

64
          print_status("\t name: #{princ.unpack("H*")[0]}")

65
          #reportdata << "name: #{princ.unpack("H*")[0]}"

66
        end

67


68
        # Add Report

69
        report_note(

70
          :host   => ip,

71
          :proto  => 'tcp',

72
          :port   => datastore['RPORT'],

73
          :type   => "DCERPC UUID #{id[0]} v#{id[1]}",

74
          :data   => reportdata

75
        )

76


77
      end

78


79
    rescue ::Interrupt

80
      raise $!

81
    rescue ::Exception => e

82
      print_error("Error: #{e}")

83
    end

84
  end

85
end

86


87