Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/vsploit/pii/web_pii.rb
19813 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7


8
  #

9
  # This module acts as an compromised webserver distributing PII Data

10
  #

11
  include Msf::Exploit::Remote::HttpServer::HTML

12
  include Msf::Auxiliary::PII

13


14
  def initialize(info = {})

15
    super(

16
      update_info(

17
        info,

18
        'Name' => 'VSploit Web PII',

19
        'Description' => 'This module emulates a webserver leaking PII data',

20
        'License' => MSF_LICENSE,

21
        'Author' => 'MJC',

22
        'References' => [

23
          [ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework']

24
        ],

25
        'DefaultOptions' => { 'HTTP::server_name' => 'IIS' },

26
        'Notes' => {

27
          'Stability' => [CRASH_SAFE],

28
          'SideEffects' => [IOC_IN_LOGS],

29
          'Reliability' => []

30
        }

31
      )

32
    )

33
    register_options(

34
      [

35
        OptBool.new('META_REFRESH', [ false, 'Set page to auto refresh.', false]),

36
        OptInt.new('REFRESH_TIME', [ false, 'Set page refresh interval.', 15]),

37
        OptInt.new('ENTRIES', [ false, 'PII Entry Count', 1000])

38
      ]

39
    )

40
  end

41


42
  def create_page

43
    # Webpage Title

44
    title = 'vSploit PII Webserver'

45
    sheep = <<~EOS

46
       __________

47
      < baaaaah! >

48
       ---------

49
           \\

50
            \\

51
                ,@;@,

52
               ;@;@( \\@;@;@;@;@;@,

53
               /x  @\\_|@;@;@;@;@;@;,

54
              /    )@:@;@;@;@;@;@;@|)

55
              *---;@;@;@;@;@;@;@;@;

56
                     ';@;\;@;\;@;@

57
                      || |   \\ (

58
                      || |   // /

59
                      // (  // /

60
                     ~~~~~ ~~~~

61


62
    EOS

63
    page = ''

64
    page << "<html>\n<head>\n"

65


66
    if datastore['META_REFRESH']

67
      page << "<meta http-equiv=\"refresh\" content=\"#{datastore['REFRESH_TIME']}\">\n"

68
    end

69


70
    page << "<title>#{title}</title>\n</head>\n<body>\n"

71
    page << "<pre>\n"

72
    page << sheep

73
    page << "Data Creation by: #{title}\n"

74
    page << "Entries Per Page: #{datastore['ENTRIES']}\n"

75


76
    if datastore['META_REFRESH']

77
      page << "Refresh Interval: #{datastore['REFRESH_TIME']} Seconds\n"

78
    end

79


80
    # Start creating PII data

81
    pii = create_pii

82
    page << "\n"

83
    page << pii

84
    page << "</pre>\n</body>\n</html>"

85
    page

86
  end

87


88
  def on_request_uri(cli, _request)

89
    # Transmit the response to the client

90
    res = create_page

91
    print_status('Leaking PII...')

92
    send_response(cli, res, { 'Content-Type' => 'text/html' })

93
  end

94


95
  def run

96
    exploit

97
  end

98
end

99


100