github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-09-04 20:18:27 +02:00
Code Releases Activity

Remove Id tags in scripts/

Browse Source
This commit is contained in:
James Lee 2013-09-17 10:42:58 -05:00
parent f4498c3916
commit ca53c6f15b
68 changed files with 90 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/meterpreter/arp_scanner.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -22,7 +20,7 @@ def enum_int
print_status("\t#{i.netmask}")
print_status()
end
end
end

3
scripts/meterpreter/autoroute.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script for setting up a route from within a
# Meterpreter session, without having to background the

2
scripts/meterpreter/checkvm.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Meterpreter script for detecting if target host is a Virtual Machine
# Provided by Carlos Perez at carlos_perez[at]darkoperator.com
# Version: 0.2.0

2
scripts/meterpreter/credcollect.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# credcollect - tebo[at]attackresearch.com
opts = Rex::Parser::Arguments.new(

2
scripts/meterpreter/domain_list_gen.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
#Options and Option Parsing

2
scripts/meterpreter/dumplinks.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: davehull at dph_msf@trustedsignal.com
#-------------------------------------------------------------------------------

2
scripts/meterpreter/duplicate.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Scriptjunkie
# Uses a meterpreter session to spawn a new meterpreter session in a different process.
# A new process allows the session to take "risky" actions that might get the process killed by

2
scripts/meterpreter/enum_chrome.rb
View File

@ -1,5 +1,3 @@
#$Id$
#$Revision$
#
# Script to extract data from a chrome installation.
#

4
scripts/meterpreter/enum_firefox.rb
View File

@ -1,6 +1,4 @@
#
# $Id: enum_firefox.rb 9770 2010-07-10 20:00:32Z darkoperator $
# $Revision: $
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -34,7 +32,7 @@ def frfxplacesget(path,usrnm)
fullpath = path + '\\' + x
if @client.fs.file.stat(fullpath).directory?
frfxplacesget(fullpath,usrnm)
elsif fullpath =~ /(formhistory.sqlite|cookies.sqlite|places.sqlite|search.sqlite)/i
elsif fullpath =~ /(formhistory.sqlite|cookies.sqlite|places.sqlite|search.sqlite)/i
dst = x
dst = @logs + ::File::Separator + usrnm + dst
print_status("\tDownloading Firefox Database file #{x} to '#{dst}'")

2
scripts/meterpreter/enum_logged_on_users.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision: 9771 $
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

4
scripts/meterpreter/enum_powershell_env.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision: $
#Meterpreter script for enumerating Microsoft Powershell settings.
#Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com
@client = client
@ -116,7 +114,7 @@ def enum_powershell
end
end
end
end
if client.platform =~ /win32|win64/

4
scripts/meterpreter/enum_putty.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision: $
#
# Meterpreter script for enumerating putty connections
# Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com
@ -22,7 +20,7 @@ opts.parse(args) { |opt, idx, val|
def hkcu_base
key_base = []
if not is_system?
key_base << "HKCU"
else

4
scripts/meterpreter/enum_shares.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -76,7 +74,7 @@ if client.platform =~ /win32|64/
# Enumerate shares being offered
enum_conf_shares()
if not is_system?
mount_history = enum_recent_mounts("HKEY_CURRENT_USER")
run_history = enum_run_unc("HKEY_CURRENT_USER")

9
scripts/meterpreter/enum_vmware.rb
View File

@ -1,6 +1,3 @@
# $Id: $
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -102,7 +99,7 @@ def enum_viclient
end
end
end
if not is_system?
recentconns = registry_getvaldata("HKCU\\Software\\VMware\\VMware Infrastructure Client\\Preferences","RecentConnections").split(",")
print_status("Recent VI Client Connections:")
@ -116,7 +113,7 @@ def enum_viclient
ssl_key = registry_getvaldata("HKCU\\Software\\VMware\\Virtual Infrastructure Client\\Preferences\\UI\\SSLIgnore",issl)
print_status("\tHost: #{issl} SSL Fingerprint: #{ssl_key}")
end
end
else
user_sid = []
@ -283,7 +280,7 @@ def enum_vmwarewrk
end
end
fav_file.each_line do |l|
if l =~ /config/
print_status("\tConfiguration File: #{l.scan(/vmlist\d*.config \= (\".*\")/)}")
end

26
scripts/meterpreter/event_manager.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -48,7 +46,7 @@ def get_log_details
logs_detail = Array.new
eventlog_list.each do |log_name|
# Create a hash to store the log info in (and throw default info in)
log_detail = Hash.new
log_detail[:name] = log_name
@ -62,11 +60,11 @@ def get_log_details
else
key = "#{key}eventlog"
end
begin
unless (registry_getvaldata("#{key}\\#{log_name}","Retention") == 0) then log_detail[:retention] = "Disabled" end
log_detail[:size] = registry_getvaldata("#{key}\\#{log_name}","MaxSize")
# Open the event log
eventlog = @client.sys.eventlog.open(log_name)
log_detail[:num_of_records] = eventlog.length
@ -74,10 +72,10 @@ def get_log_details
log_detail[:num_of_records] = "Access Denied"
end
logs_detail << log_detail
end
return logs_detail
end
@ -95,13 +93,13 @@ def print_log_details
"Maximum Size",
"Records"
])
eventlog_details = get_log_details
eventlog_details.each do |log_detail|
tbl << [log_detail[:name],log_detail[:retention],"#{log_detail[:size]}K",log_detail[:num_of_records]]
end
print_line("\n" + tbl.to_s + "\n")
end
@ -135,7 +133,7 @@ def list_logs(eventlog_name,filter,filter_string,logs,local_log,sup_print)
print_error("Failed to Open Event Log #{eventlog_name}")
raise Rex::Script::Completed
end
if local_log
log_file = File.join(logs, "#{eventlog_name}.csv")
print_good("CSV File saved to #{log_file}")
@ -152,7 +150,7 @@ def clear_logs(log_name=nil)
else
log_names << log_name
end
log_names.each do |name|
begin
print_status("Clearing #{name}")
@ -163,7 +161,7 @@ def clear_logs(log_name=nil)
print_error("Failed to Clear #{name}, Access Denied")
end
end
return log_names
end
@ -221,7 +219,7 @@ if local_log
else
logs = ::File.join(Msf::Config.log_directory, "scripts", 'event_manager', Rex::FileUtils.clean_path(host + filenameinfo) )
end
::FileUtils.mkdir_p(logs)
end
@ -242,5 +240,5 @@ if clear_logs
print_status eventlog_name + ": "
clear_logs(eventlog_name)
end
end
end
end

2
scripts/meterpreter/file_collector.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
@client = client

4
scripts/meterpreter/get_application_list.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision: $
# Meterpreter script for listing installed applications and their version.
# Provided: carlos_perez[at]darkoperator[dot]com
@ -54,7 +52,7 @@ opts.parse(args) { |opt, idx, val|
print_line "Meterpreter Script for extracting a list installed applications and their version."
print_line(opts.usage)
raise Rex::Script::Completed
end
}
if client.platform =~ /win32|win64/

2
scripts/meterpreter/get_env.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision: $
#-------------------------------------------------------------------------------
#Options and Option Parsing
opts = Rex::Parser::Arguments.new(

10
scripts/meterpreter/get_filezilla_creds.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
# $Revision: $
##
require "rexml/document"
@ -90,7 +86,7 @@ def extract_saved_creds(path,xml_file)
print_status "\tUser: #{e.elements["User"].text}"
creds << "User: #{e.elements["User"].text}"
end
proto = e.elements["Protocol"].text
if proto == "0"
print_status "\tProtocol: FTP"
@ -109,14 +105,14 @@ def extract_saved_creds(path,xml_file)
creds << ""
end
#
#
return creds
end
#-------------------------------------------------------------------------------
#Function to enumerate the users if running as SYSTEM
def enum_users(os)
users = []
path4users = ""
sysdrv = @client.fs.file.expand_path("%SystemDrive%")

3
scripts/meterpreter/get_local_subnets.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
# Meterpreter script that display local subnets
# Provided by Nicob <nicob [at] nicob.net>
# Ripped from http://blog.metasploit.com/2006/10/meterpreter-scripts-and-msrt.html

4
scripts/meterpreter/get_pidgin_creds.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
require "rexml/document"
@ -145,7 +143,7 @@ end
#Function to enumerate the users if running as SYSTEM
def enum_users(os)
users = []
path4users = ""
sysdrv = @client.fs.file.expand_path("%SystemDrive%")

8
scripts/meterpreter/get_valid_community.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#copied getvncpw - thanks grutz/carlos
@ -15,7 +13,7 @@ def usage()
end
def get_community(session)
key = "HKLM\\System\\CurrentControlSet\\Services\\SNMP\\Parameters\\ValidCommunities"
key = "HKLM\\System\\CurrentControlSet\\Services\\SNMP\\Parameters\\ValidCommunities"
root_key, base_key = session.sys.registry.splitkey(key)
open_key = session.sys.registry.open_key(root_key,base_key,KEY_READ)
begin
@ -37,7 +35,7 @@ end
if client.platform =~ /win32|win64/
print_status("Searching for community strings...")
strs = get_community(session)
if strs
if strs
strs.each do |str|
print_good("FOUND: #{str}")
@client.framework.db.report_auth_info(
@ -50,7 +48,7 @@ if client.platform =~ /win32|win64/
:type => "snmp.community",
:duplicate_ok => true
)
end
end
else
print_status("Not found")
end

4
scripts/meterpreter/getcountermeasure.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script for detecting AV, HIPS, Third Party Firewalls, DEP Configuration and Windows Firewall configuration.
# Provides also the option to kill the processes of detected products and disable the built-in firewall.
@ -177,7 +175,7 @@ avs = %W{
oasclnt.exe
ofcdog.exe
opscan.exe
ossec-agent.exe
ossec-agent.exe
outpost.exe
paamsrv.exe
pavfnsvr.exe

8
scripts/meterpreter/getgui.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -67,7 +65,7 @@ def enabletssrv()
file_local_write(@dest,"execute -H -f cmd.exe -a \"/c sc config termservice start= disabled\"")
cmd_exec("sc start termservice")
file_local_write(@dest,"execute -H -f cmd.exe -a \"/c sc stop termservice\"")
else
print_status "\tTerminal Services service is already set to auto"
end
@ -83,7 +81,7 @@ end
def addrdpusr(session, username, password)
rdu = resolve_sid("S-1-5-32-555")[:name]
admin = resolve_sid("S-1-5-32-544")[:name]
@ -100,7 +98,7 @@ def addrdpusr(session, username, password)
file_local_write(@dest,"reg deleteval -k HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\ NT\\\\CurrentVersion\\\\Winlogon\\\\SpecialAccounts\\\\UserList -v #{username}")
print_status "\tAdding User: #{username} to local group '#{rdu}'"
cmd_exec("cmd.exe","/c net localgroup \"#{rdu}\" #{username} /add")
print_status "\tAdding User: #{username} to local group '#{admin}'"
cmd_exec("cmd.exe","/c net localgroup #{admin} #{username} /add")
print_status "You can now login with the created user"

6
scripts/meterpreter/gettelnet.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -60,7 +58,7 @@ def insttlntsrv()
end
file_local_write(@dest,"execute -H -f cmd.exe -a \"/c ocsetup TelnetServer /uninstall\"")
print_status("Finished installing the Telnet Service.")
end
elsif trgtos =~ /2003/
file_local_write(@dest,"reg setval -k \"HKLM\\SYSTEM\\CurrentControlSet\\services\\TlntSvr\\\" -v 'Start' -d \"1\"")
@ -85,7 +83,7 @@ def enabletlntsrv()
# Enabling Exception on the Firewall
print_status "\tOpening port in local firewall if necessary"
cmd_exec('netsh firewall set portopening protocol = tcp port = 23 mode = enable')
rescue::Exception => e
print_status("The following Error was encountered: #{e.class} #{e}")
end

2
scripts/meterpreter/getvncpw.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#----------------------------------------------------------------
# Meterpreter script to obtain the VNC password out of the
# registry and print its decoded cleartext

22
scripts/meterpreter/hashdump.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Implement pwdump (hashdump) through registry reads + syskey
@ -101,14 +99,14 @@ def capture_user_keys
users[usr.to_i(16)] ||={}
users[usr.to_i(16)][:F] = uk.query_value("F").data
users[usr.to_i(16)][:V] = uk.query_value("V").data
#Attempt to get Hints (from Win7/Win8 Location)
begin
users[usr.to_i(16)][:UserPasswordHint] = decode_windows_hint(uk.query_value("UserPasswordHint").data.unpack("H*")[0])
rescue ::Rex::Post::Meterpreter::RequestError
users[usr.to_i(16)][:UserPasswordHint] = nil
end
uk.close
end
ok.close
@ -120,9 +118,9 @@ def capture_user_keys
rid = r.type
users[rid] ||= {}
users[rid][:Name] = usr
#Attempt to get Hints (from WinXP Location) only if it's not set yet
if users[rid][:UserPasswordHint].nil?
if users[rid][:UserPasswordHint].nil?
begin
uk_hint = @client.sys.registry.open_key(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Hints\\#{usr}", KEY_READ)
users[rid][:UserPasswordHint] = uk_hint.query_value("").data
@ -130,7 +128,7 @@ def capture_user_keys
users[rid][:UserPasswordHint] = nil
end
end
uk.close
end
ok.close
@ -262,9 +260,9 @@ if client.platform =~ /win32|win64/
if !users[rid][:UserPasswordHint].nil? && users[rid][:UserPasswordHint].length > 0
print_line "#{users[rid][:Name]}:\"#{users[rid][:UserPasswordHint]}\""
hint_count += 1
end
end
end
print_line("No users with password hints on this system") if hint_count == 0
print_line("No users with password hints on this system") if hint_count == 0
print_line()
print_status("Dumping password hashes...")
@ -280,9 +278,9 @@ if client.platform =~ /win32|win64/
:pass => users[rid][:hashlm].unpack("H*")[0] +":"+ users[rid][:hashnt].unpack("H*")[0],
:type => "smb_hash"
)
print_line hashstring
end
print_line()
print_line()
@ -298,4 +296,4 @@ if client.platform =~ /win32|win64/
else
print_error("This version of Meterpreter is not supported with this Script!")
raise Rex::Script::Completed
end
end

2
scripts/meterpreter/hostsedit.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Meterpreter script for modifying the hosts file in windows
# given a single entrie or several in a file and clear the
# DNS cache on the target machine.

8
scripts/meterpreter/keylogrecorder.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
# Updates by Shellster
#-------------------------------------------------------------------------------
@ -75,7 +73,7 @@ def explrmigrate(session,captype,lock,kill)
print_status("\t#{process2mig} Process found, migrating into #{x['pid']}")
session.core.migrate(x['pid'].to_i)
print_status("Migration Successful!!")
if (kill)
begin
print_status("Killing old process")
@ -149,7 +147,7 @@ def keycap(session, keytime, logfile)
rec = 1
#Creating DB for captured keystrokes
file_local_write(logfile,"")
print_status("Keystrokes being saved in to #{logfile}")
#Inserting keystrokes every number of seconds specified
print_status("Recording ")
@ -187,7 +185,7 @@ kill = false
when "-l"
lock = true
when "-k"
kill = true
kill = true
end
}
if client.platform =~ /win32|win64/

2
scripts/meterpreter/killav.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script that kills all Antivirus processes
# Provided by: Jerome Athias <jerome.athias [at] free.fr>

3
scripts/meterpreter/metsvc.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script for installing the meterpreter service
#

2
scripts/meterpreter/migrate.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Simple example script that migrates to a specific process by name.
# This is meant as an illustration.

6
scripts/meterpreter/multi_console_command.rb
View File

@ -1,10 +1,8 @@
# $Id$
#
# Meterpreter script for running multiple console commands on a meterpreter session
# Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com
# Verion: 0.1
#
# $Revision$
################## Variable Declarations ##################
@client = client
@ -48,7 +46,7 @@ end
################## Main ##################
@@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-cl"
commands = val.split(",")
when "-rc"
@ -60,7 +58,7 @@ end
commands << line.chomp
end
end
when "-h"
help = 1
end

2
scripts/meterpreter/multi_meter_inject.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

2
scripts/meterpreter/multicommand.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for running multiple commands on Windows 2003, Windows Vista
# and Windows XP and Windows 2008 targets.
#Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com

2
scripts/meterpreter/multiscript.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for running multiple scripts on a Meterpreter Session
#Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com
#Verion: 0.2

24
scripts/meterpreter/netenum.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
#Meterpreter script for ping sweeps on Windows 2003, Windows Vista
#Windows 2008 and Windows XP targets using native windows commands.
@ -61,7 +59,7 @@ def stdlookup(session,domain,dest)
end
garbage.clear
end
rescue ::Exception => e
print_status("The following Error was encountered: #{e.class} #{e}")
end
@ -109,14 +107,14 @@ def reverselookup(session,iprange,dest)
filewrt(dest,"#{ip} is #{hostname[1].chomp("\n")}")
end
break
end
end
r.channel.close
r.close
})
i += 1
else
@ -128,7 +126,7 @@ def reverselookup(session,iprange,dest)
end
rescue ::Exception => e
print_status("The following Error was encountered: #{e.class} #{e}")
end
end
@ -155,7 +153,7 @@ def frwdlp(session,hostlst,domain,dest)
break
end
end
r.channel.close
r.close
}
@ -165,7 +163,7 @@ def frwdlp(session,hostlst,domain,dest)
print_status("\t#{t.join.sub(/Address\w*:/, "\t")}")
filewrt(dest,"#{t.join.sub(/Address\w*:/, "\t")}")
end
else
print_status("File #{hostlst}does not exists!")
exit
@ -211,7 +209,7 @@ def pingsweep(session,iprange,dest)
end
r.channel.close
r.close
})
i += 1
else
@ -223,7 +221,7 @@ def pingsweep(session,iprange,dest)
end
rescue ::Exception => e
print_status("The following Error was encountered: #{e.class} #{e}")
end
end
#-------------------------------------------------------------------------------
@ -297,7 +295,7 @@ srvrc = nil
hostlist = val
when "-r"
range = val
when "-h"
print(
"Network Enumerator Meterpreter Script\n" +

2
scripts/meterpreter/packetrecorder.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

2
scripts/meterpreter/panda_2007_pavsrv51.rb
View File

@ -1,5 +1,3 @@
# $Id: panda_2007_pavsrv51.rb 8734 2010-03-07 22:49:08Z mc $
# $Revision: $
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

2
scripts/meterpreter/persistence.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

2
scripts/meterpreter/pml_driver_config.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

2
scripts/meterpreter/powerdump.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script for utilizing purely PowerShell to extract username and password hashes through registry
# keys. This script requires you to be running as system in order to work properly. This has currently been

2
scripts/meterpreter/prefetchtool.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for extracting information from windows prefetch folder
#Provided by Milo at keith.lee2012[at]gmail.com
#Verion: 0.1.0

2
scripts/meterpreter/process_memdump.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
# Note: Script is based on the paper Neurosurgery With Meterpreter by
# Colin Ames (amesc[at]attackresearch.com) David Kerb (dkerb[at]attackresearch.com)

4
scripts/meterpreter/remotewinenum.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -62,7 +60,7 @@ def wmicexec(session,wmic,user,pass,trgt)
tmp = session.fs.file.expand_path("%TEMP%")
# Temporary file on windows host to store results
wmicfl = tmp + "\\wmictmp#{rand(100000)}.txt"
wmic.each do |wmi|
if user == nil
print_status("The commands will be ran under the credentials of #{runningas}")

2
scripts/meterpreter/scheduleme.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for automating the most common scheduling tasks
#during a pentest. This script will use the schtasks command so as

7
scripts/meterpreter/schelevator.rb
View File

@ -1,8 +1,3 @@
##
# $Id$
# $Revision$
##
##
#
# This script exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet
@ -255,7 +250,7 @@ def fix_crc32(data, old_crc)
crc = crc32(data[0, data.length - 12])
data[-12, 4] = [crc].pack('V')
data[-12, 12].unpack('C*').reverse.each { |b|
old_crc = ((old_crc << 8) ^ bwd_table[old_crc >> 24] ^ b) & 0xffffffff
}

2
scripts/meterpreter/schtasksabuse.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for abusing the scheduler service in windows
#by scheduling and running a list of command against one or more targets

2
scripts/meterpreter/scraper.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# This is a Meterpreter script designed to be used by the Metasploit Framework
#
# The goal of this script is to obtain system information from a victim through

2
scripts/meterpreter/screen_unlock.rb
View File

@ -1,6 +1,4 @@
#
# $Id$
#
# Script to unlock a windows screen by L4teral <l4teral [4t] gmail com>
# Needs system prvileges to run and known signatures for the target system.
# This script patches msv1_0.dll loaded by lsass.exe

2
scripts/meterpreter/screenspy.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author:Roni Bachar (@roni_bachar) roni.bachar.blog@gmail.com
#
# Thie script will open an interactive view of remote hosts

2
scripts/meterpreter/search_dwld.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
## Meterpreter script that recursively search and download
## files matching a given pattern

8
scripts/meterpreter/service_manager.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez <carlos_perez [at] darkoperator.com and Shai rod (@NightRang3r)
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -115,7 +113,7 @@ elsif srv_start
elsif returned_value == 2
print_error("Service #{srv_name} is Disabled could not be started.")
end
rescue
print_error("A Service Name must be provided, service names are case sensitive.")
end
@ -137,7 +135,7 @@ elsif srv_stop
elsif returned_value == 2
print_error("Service #{srv_name} can not be stopped.")
end
rescue
print_error("A Service Name must be provided, service names are case sensitive.")
end
@ -181,7 +179,7 @@ elsif srv_change_startup
print_error("No Service Name was provided!")
end
raise Rex::Script::Completed
# Create a service
elsif srv_create
priv_check

2
scripts/meterpreter/service_permissions_escalate.rb
View File

@ -1,6 +1,4 @@
##
# $Id$
#
# Many services are configured with insecure permissions. This
# script attempts to create a service, then searches through a list of
# existing services to look for insecure file or configuration

2
scripts/meterpreter/sound_recorder.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

3
scripts/meterpreter/srt_webdrive_priv.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
##
# South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation.
#

2
scripts/meterpreter/uploadexec.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
session = client
@@exec_opts = Rex::Parser::Arguments.new(

4
scripts/meterpreter/virtualbox_sysenter_dos.rb
View File

@ -1,10 +1,6 @@
# $Id$
# Meterpreter script for triggering the VirtualBox DoS published at:
# http://milw0rm.com/exploits/9323
# $Revision$
opts = Rex::Parser::Arguments.new(
"-h" => [ false,"Help menu." ]
)

3
scripts/meterpreter/virusscan_bypass.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
# Meterpreter script that kills Mcafee VirusScan Enterprise v8.7.0i+ processes in magic
# order which keeps VirusScan icon visible at system tray without disabled sign on it.
# Additionally it lets you disable On Access Scanner from registry, upload your detectable

3
scripts/meterpreter/vnc.rb
View File

@ -1,6 +1,3 @@
# $Id$
# $Revision$
#
# Meterpreter script for obtaining a quick VNC session
#

2
scripts/meterpreter/webcam.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: scriptjunkie
#
# Simplify running webcam, whether grabbing a single frame or running

12
scripts/meterpreter/win32-sshclient.rb
View File

@ -1,7 +1,3 @@
# win32-sshclient.rb
#
# $Id$
# $Revision$
#
# Meterpreter script to deploy & run the "plink" commandline ssh-client
# supports only MS-Windows-2k/XP/Vista Hosts
@ -154,7 +150,7 @@ downloaded = nil
usage
end
rhost = val
when "-f"
if !val
print_error("-f requires an argument !")
@ -166,14 +162,14 @@ downloaded = nil
usage
end
manual = true
when "-r"
if !val
print_error("-r requires an argument !")
usage
end
hostkey = val
when "-p"
rport = val.to_i
@ -323,7 +319,7 @@ if not manual
plinkexe = Net::HTTP.get URI.parse(plinkurl)
File.open(plink, "wb") { |fd| fd.write(plinkexe) }
print_status("plink.exe has been downloaded to #{plink} (local machine). Please remove manually after use or keep for reuse.")
downloaded = true
downloaded = true
end
end

32
scripts/meterpreter/win32-sshserver.rb
View File

@ -1,7 +1,3 @@
# win32-sshserver.rb
#
# $Id$
# $Revision$
#
# meterpreter-script to deploy + run OpenSSH
# on the target machine
@ -95,10 +91,10 @@ type = "auto"
#
@@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-h"
usage
when "-f"
if !val
print_error("-f requires the SFX-filename as argument !")
@ -110,14 +106,14 @@ type = "auto"
usage
end
manual = true
when "-U"
if !val
print_error("-U requires the download-URL for the OpenSSH-SFX as argument !")
usage
end
downloadurl = val
when "-p"
if !val
print_error("-p requires the password (for the windows-user to add) as argument !")
@ -128,47 +124,47 @@ type = "auto"
usage
end
password = val
when "-u"
if !val
print_error("-u requires the username (for the windows-user to add) as argument!")
usage
end
username = val
when "-r"
uninstall = true
when "-I"
if !val
print_error("-I requires a directory-name to use as installpath")
usage
end
dirname = val
when "-F"
forced = true
when "-S"
if !val
print_error("-S requires s custom string to use as the service-description")
usage
end
servicedesc = val
when "-N"
if !val
print_error("-N requires a custom string to use as service-name")
usage
end
servicename = val
when "-m"
noauto = true
when "-t"
type = manual
else
print_error("Unknown option: #{opt}")
usage
@ -332,7 +328,7 @@ unless username == "none"
print_error("You need to provide a nonempty password for the user with the \"-p\"-parameter!")
usage
end
#Get localized name for windows-admin-grp
admingrpname = nil
client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\mkgroup.exe -l > #{dirname}\\groupnames.txt")

12
scripts/meterpreter/winbf.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -85,7 +83,7 @@ def passbf(session,passlist,target,user,opt,logfile)
::File.open(passlist, "r").each_line do |line|
begin
print_status("Trying #{u.chomp} #{line.chomp}")
# Command for testing local login credentials
r = session.sys.process.execute("cmd /c net use \\\\#{target} #{line.chomp} /u:#{u.chomp}", nil, {'Hidden' => true, 'Channelized' => true})
while(d = r.channel.read)
@ -93,7 +91,7 @@ def passbf(session,passlist,target,user,opt,logfile)
end
r.channel.close
r.close
# Checks if password is found
result = output.to_s.scan(/The\scommand\scompleted\ssuccessfully/)
if result.length == 1
@ -158,12 +156,12 @@ unsupported if client.platform !~ /win32|win64/i
when "-L"
userlist = val
ulopt = 1
when "-cp"
chkpolicy(session)
exit
when "-p"
passlist = val
if not ::File.exists?(passlist)
raise "Password File does not exists!"
@ -176,7 +174,7 @@ unsupported if client.platform !~ /win32|win64/i
@@exec_opts.usage)
helpcall = 1
end
}
# Execution of options selected

6
scripts/meterpreter/winenum.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
# Author: Carlos Perez at carlos_perez[at]darkoperator.com
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@ -170,7 +168,7 @@ def findprogs()
end
end
end
file_local_write("#{@logfol}/programs_list.csv",proglist)
end
# Function to check if Target Machine a VM
@ -555,7 +553,7 @@ def uaccheck()
else
print_status("\tUAC is Disabled")
end
return uac
end

2
scripts/meterpreter/wmic.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#Meterpreter script for running WMIC commands on Windows 2003, Windows Vista
# and Windows XP and Windows 2008 targets.
#Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com

2
scripts/shell/migrate.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Simply print a message that migrating is not supported on CommandShell sessions...
#

2
scripts/shell/spawn_meterpreter.rb
View File

@ -1,5 +1,3 @@
# $Id$
# $Revision$
#
# Spawn a meterpreter session using an existing command shell session
#