1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7

8
  #
9
  # This module sends pii via an attacker smtp machine
10
  #
11
  include Msf::Exploit::Remote::SMTPDeliver
12
  include Msf::Auxiliary::PII
13

14
  def initialize(info = {})
15
    super(
16
      update_info(
17
        info,
18
        'Name' => 'VSploit Email PII',
19
        'Description' => %q{
20
          This auxiliary reads from a file and sends data which
21
          should be flagged via an internal or external SMTP server.
22
        },
23
        'License' => MSF_LICENSE,
24
        'Author' => ['willis'],
25
        'Notes' => {
26
          'Stability' => [CRASH_SAFE],
27
          'SideEffects' => [IOC_IN_LOGS],
28
          'Reliability' => []
29
        }
30
      )
31
    )
32
    register_options(
33
      [
34
        OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']),
35
        OptPort.new('RPORT', [true, 'SMTP server port', 25])
36
      ]
37
    )
38
  end
39

40
  def run
41
    msg = Rex::MIME::Message.new
42
    msg.mime_defaults
43
    msg.subject = datastore['SUBJECT']
44
    msg.to = datastore['MAILTO']
45
    msg.from = datastore['MAILFROM']
46

47
    data = create_pii
48

49
    msg.add_part(data, 'text/plain')
50
    msg.add_part_attachment(data, rand_text_english(10))
51

52
    send_message(msg.to_s)
53
  end
54
end
55

56