Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7

8
  #
9
  # This module acts as an compromised webserver distributing PII Data
10
  #
11
  include Msf::Exploit::Remote::HttpServer::HTML
12
  include Msf::Auxiliary::PII
13

14
  def initialize(info = {})
15
    super(update_info(info,
16
      'Name'           => 'VSploit Web PII',
17
      'Description'    => 'This module emulates a webserver leaking PII data',
18
      'License'        => MSF_LICENSE,
19
      'Author'         => 'MJC',
20
      'References' =>
21
      [
22
        [ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework']
23
      ],
24
      'DefaultOptions' => { 'HTTP::server_name' => 'IIS'}
25
      ))
26
    register_options(
27
        [
28
          OptBool.new('META_REFRESH', [ false, "Set page to auto refresh.", false]),
29
          OptInt.new('REFRESH_TIME', [ false, "Set page refresh interval.", 15]),
30
          OptInt.new('ENTRIES', [ false, "PII Entry Count", 1000])
31
        ])
32
  end
33

34

35
  def create_page
36
    # Webpage Title
37
    title = "vSploit PII Webserver"
38
    sheep = <<-EOS
39
 __________
40
< baaaaah! >
41
 ---------
42
     \\
43
      \\
44
          ,@;@,
45
         ;@;@( \\@;@;@;@;@;@,
46
         /x  @\\_|@;@;@;@;@;@;,
47
        /    )@:@;@;@;@;@;@;@|)
48
        *---;@;@;@;@;@;@;@;@;
49
               ';@;\;@;\;@;@
50
                || |   \\ (
51
                || |   // /
52
                // (  // /
53
               ~~~~~ ~~~~
54

55
EOS
56
    page = ""
57
    page << "<html>\n<head>\n"
58

59
    if datastore['META_REFRESH']
60
      page << "<meta http-equiv=\"refresh\" content=\"#{datastore['REFRESH_TIME']}\">\n"
61
    end
62

63
    page << "<title>#{title}</title>\n</head>\n<body>\n"
64
    page << "<pre>\n"
65
    page << sheep
66
    page << "Data Creation by: #{title}\n"
67
    page << "Entries Per Page: #{datastore['ENTRIES']}\n"
68

69
    if datastore['META_REFRESH']
70
      page << "Refresh Interval: #{datastore['REFRESH_TIME']} Seconds\n"
71
    end
72

73
    # Start creating PII data
74
    pii = create_pii()
75
    page << "\n"
76
    page << pii
77
    page << "</pre>\n</body>\n</html>"
78
    page
79
  end
80

81
  def on_request_uri(cli,request)
82
    # Transmit the response to the client
83
    res = create_page()
84
    print_status("Leaking PII...")
85
    send_response(cli, res, { 'Content-Type' => 'text/html' })
86
  end
87

88
  def run
89
    exploit()
90
  end
91
end
92

93