CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Multi Manage Post Module Macro Execution',
14
        'Description' => %q{
15
          This module will execute a list of modules given in a macro file in the format
16
          of <module> <opt=val,opt=val> against the select session checking for compatibility
17
          of the module against the sessions and validation of the options provided.
18
        },
19
        'License' => MSF_LICENSE,
20
        'Author' => [ '<carlos_perez[at]darkoperator.com>'],
21
        'Platform' => %w[linux osx solaris unix win],
22
        'SessionTypes' => [ 'meterpreter', 'shell' ]
23
      )
24
    )
25
    register_options(
26
      [
27

28
        OptString.new('MACRO', [true, 'File with Post Modules and Options to run in the session', nil])
29

30
      ]
31
    )
32
  end
33

34
  # Run Method for when run command is issued
35
  def run
36
    # syinfo is only on meterpreter sessions
37
    print_status("Running module against #{sysinfo['Computer']}") if !sysinfo.nil?
38
    macro = datastore['MACRO']
39
    entries = []
40
    if !::File.exist?(macro)
41
      print_error 'Resource File does not exist!'
42
      return
43
    else
44
      ::File.open(datastore['MACRO'], 'rb').each_line do |line|
45
        # Empty line
46
        next if line.strip.empty?
47
        # Comment
48
        next if line[0, 1] == '#'
49

50
        entries << line.chomp
51
      end
52
    end
53

54
    if entries
55
      entries.each do |l|
56
        values = l.split(' ')
57
        post_mod = values[0]
58
        if values.length == 2
59
          mod_opts = values[1].split(',')
60
        end
61
        print_line("Loading #{post_mod}")
62
        # Make sure we can handle post module names with or without post in the start
63
        if post_mod =~ %r{^post/}
64
          post_mod.gsub!(%r{^post/}, '')
65
        end
66
        m = framework.post.create(post_mod)
67

68
        # Check if a post module was actually initiated
69
        if m.nil?
70
          print_error("Post module #{post_mod} could not be initialized!")
71
          next
72
        end
73
        # Set the current session
74
        s = datastore['SESSION']
75

76
        if m.session_compatible?(s.to_i)
77
          print_line("Running Against #{s}")
78
          m.datastore['SESSION'] = s
79
          if mod_opts
80
            mod_opts.each do |o|
81
              opt_pair = o.split('=', 2)
82
              print_line("\tSetting Option #{opt_pair[0]} to #{opt_pair[1]}")
83
              m.datastore[opt_pair[0]] = opt_pair[1]
84
            end
85
          end
86
          m.options.validate(m.datastore)
87
          m.run_simple(
88
            'LocalInput' => user_input,
89
            'LocalOutput' => user_output
90
          )
91
        else
92
          print_error("Session #{s} is not compatible with #{post_mod}")
93
        end
94
      end
95
    else
96
      print_error('Resource file was empty!')
97
    end
98
  end
99
end
100

101