CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/post/multi/gather/enum_software_versions.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::Android::Priv78def initialize(info = {})9super(10update_info(11info,12'Name' => 'Multiplatform Installed Software Version Enumerator',13'Description' => %q{14This module, when run against a compromised machine, will gather details on all installed software,15including their versions and if available, when they were installed, and will save it into a loot file for later use.16Users can then use this loot file to determine what additional vulnerabilites may affect the target machine.1718Note that for Linux systems, software enumeration is done via package managers. As a result the results may19not reflect all of the available software on the system simply because users may have installed additional20software from alternative sources such as source code that these package managers are not aware of.21},22'License' => MSF_LICENSE,23'Author' => [ 'gwillcox-r7' ],24'Platform' => %w[win linux osx bsd solaris android],25'SessionTypes' => [ 'meterpreter', 'shell' ],26'Notes' => {27'Stability' => [CRASH_SAFE],28'SideEffects' => [IOC_IN_LOGS],29'Reliability' => []30}31)32)33end3435def store_linux_loot(listing)36file = store_loot('host.linux.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')37print_good("Stored information about the installed products to the loot file at #{file}")38end3940def enumerate_android_packages41if command_exists?('pm') == false42print_error("The command 'pm' does not exist on the host")43return nil44end45listing = cmd_exec('pm list packages -f').to_s46if listing.empty?47print_error('No results were returned when trying to get software installed on the Linux host. An error likely occured.')48return nil49end50listing51end5253# Run Method for when run command is issued54def run55case session.platform56when 'windows'57if command_exists?('wmic') == false58print_error("The 'wmic' command doesn't exist on this host!") # wmic is technically marked as depreciated so this command could very well be removed in future releases.59return60end61listing = cmd_exec('wmic product get Name, Description, Version, InstallDate', nil, 6000).to_s62unless listing.include?('Description')63print_error('Was unable to get a listing of installed products...')64return65end66file = store_loot('host.windows.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')67print_good("Stored information about the installed products to the loot file at #{file}")68when 'linux'69# All of the following options were taken from https://distrowatch.com/dwres.php?resource=package-management70# and further verified against VMs that were set up in testing labs.71if command_exists?('apt') # Debian, Ubuntu, and Debian derived distros.72cmd = %w[apt list --installed]73elsif command_exists?('dpkg') # Alternative for Debian based systems74cmd = %w[dpkg -l]75elsif command_exists?('pacman') # Arch and Manjaro are two popular examples76cmd = %w[pacman -Q]77elsif command_exists?('zypper') # OpenSUSE is a popular example78cmd = %w[zypper search -is]79elsif command_exists?('rpm') # Fedora, Centos, RHEL80cmd = %w[rpm -qa]81elsif command_exists?('apk') # Apline82cmd = %w[apk info -v]83elsif command_exists?('qlist') # Gentoo84cmd = %w[qlist -Iv]85elsif command_exists?('pkg') # FreeBSD86cmd = %w[pkg info]87elsif command_exists?('equo') # Sabayon88cmd = %w[equo q list installed -v]89elsif command_exists?('nix-env')90cmd = %w[nix-env -q]91else92print_error("The target system either doesn't have a package manager system, or does not use a known package manager system!")93print_error('Unable to enumerate the software on the target system. Exiting...')94return nil95end9697if command_exists?((cmd[0]).to_s) == false98print_error("The command #{cmd[0]} was not found on the target.")99return100else101listing = cmd_exec(cmd.join(' ')).to_s102if listing.empty?103print_error('No results were returned when trying to get software installed on the Linux host. An error likely occured.')104return105end106store_linux_loot(listing)107end108when 'bsd', 'solaris'109if command_exists?('pkg') == false110print_error("The command 'pkg' does not exist on the host")111return112end113listing = cmd_exec('pkg info').to_s114if listing.empty?115print_error('No results were returned when trying to get software installed on the BSD/Solaris host. An error likely occured.')116return117end118file = store_loot('host.bsd.solaris.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')119print_good("Stored information about the installed products to the loot file at #{file}")120when 'osx'121listing = ''122if command_exists?('system_profiler') == false123print_error("The command 'system_profiler' does not exist on the host! Something is seriously wrong!")124return125end126command_result = cmd_exec('system_profiler SPApplicationsDataType').to_s127if command_result.empty?128print_error('No results were returned when trying to get software installed on the OSX host via system_profiler!')129return130end131listing += command_result132133# Start enumerating other potential MacOS package managers now that134# the main system app manager has been enumerated.135if command_exists?('brew') # HomeBrew136listing += "\n\n----------------Brew Packages----------------\n"137listing += cmd_exec('brew list --versions')138end139140if command_exists?('port') # MacPorts141listing += "\n\n----------------MacPorts Packages----------------\n"142listing += cmd_exec('port installed')143end144145file = store_loot('host.osx.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')146print_good("Stored information about the installed products to the loot file at #{file}")147when 'android'148if is_root?149if command_exists?('dumpsys') == false150print_error("Something is odd with this Android device. You are root but the dumpsys command doesn't exist. Perhaps the device is too old?")151return152end153listing = cmd_exec('dumpsys package packages').to_s154if listing.empty?155print_error('Something went wrong with the command and no output was returned!')156return157elsif listing =~ /android.permission.DUMP/158print_warning('You do not have the permissions needed to dump the versions of software installed. Reverting to just enumerating what software is installed.')159listing = enumerate_android_packages160return if listing.nil?161end162else163print_warning('You do not have the permissions needed to dump the versions of software installed. Reverting to just enumerating what software is installed.')164listing = enumerate_android_packages165return if listing.nil?166end167file = store_loot('host.android.software.versions', 'text/plain', session, listing, 'installed_software.txt', 'Installed Software and Versions')168print_good("Stored information about the installed products to the loot file at #{file}")169end170end171end172173174