Browse Source

Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters

Pearce Barry 3 years ago
parent
commit
ae59c4ae74
No account linked to committer's email address

+ 2
- 0
lib/msf/base/sessions/command_shell.rb View File

@@ -50,6 +50,7 @@ class CommandShell
50 50
   def initialize(*args)
51 51
     self.platform ||= ""
52 52
     self.arch     ||= ""
53
+    self.max_threads = 1
53 54
     super
54 55
   end
55 56
 
@@ -235,6 +236,7 @@ class CommandShell
235 236
 
236 237
   attr_accessor :arch
237 238
   attr_accessor :platform
239
+  attr_accessor :max_threads
238 240
 
239 241
 protected
240 242
 

+ 25
- 0
lib/msf/base/sessions/meterpreter.rb View File

@@ -69,6 +69,9 @@ class Meterpreter < Rex::Post::Meterpreter::Client
69 69
     # Don't pass the datastore into the init_meterpreter method
70 70
     opts.delete(:datastore)
71 71
 
72
+    # Assume by default that 10 threads is a safe number for this session
73
+    self.max_threads ||= 10
74
+
72 75
     #
73 76
     # Initialize the meterpreter client
74 77
     #
@@ -323,6 +326,27 @@ class Meterpreter < Rex::Post::Meterpreter::Client
323 326
     username = self.sys.config.getuid
324 327
     sysinfo  = self.sys.config.sysinfo
325 328
 
329
+    self.platform =
330
+      self.sys.config.sysinfo["Architecture"].downcase + '/' +
331
+      self.platform.split('/')[0] +'/' +
332
+      case self.sys.config.sysinfo['OS']
333
+      when /windows/i
334
+        Msf::Module::Platform::Windows
335
+      when /darwin/i
336
+        Msf::Module::Platform::OSX
337
+      when /freebsd/i
338
+        Msf::Module::Platform::FreeBSD
339
+      when /netbsd/i
340
+        Msf::Module::Platform::NetBSD
341
+      when /openbsd/i
342
+        Msf::Module::Platform::OpenBSD
343
+      when /sunos/i
344
+        Msf::Module::Platform::Solaris
345
+      else
346
+        Msf::Module::Platform::Linux
347
+      end.realname.downcase
348
+
349
+
326 350
     safe_info = "#{username} @ #{sysinfo['Computer']}"
327 351
     safe_info.force_encoding("ASCII-8BIT") if safe_info.respond_to?(:force_encoding)
328 352
     # Should probably be using Rex::Text.ascii_safe_hex but leave
@@ -474,6 +498,7 @@ class Meterpreter < Rex::Post::Meterpreter::Client
474 498
   attr_accessor :skip_ssl
475 499
   attr_accessor :skip_cleanup
476 500
   attr_accessor :target_id
501
+  attr_accessor :max_threads
477 502
 
478 503
 protected
479 504
 

+ 4
- 0
lib/msf/core/module/platform.rb View File

@@ -409,6 +409,10 @@ class Msf::Module::Platform
409 409
       Rank = 700
410 410
       Alias = "10"
411 411
     end
412
+    class V11
413
+      Rank = 800
414
+      Alias = "11"
415
+    end
412 416
   end
413 417
 
414 418
   #

+ 4
- 17
modules/post/multi/gather/dns_bruteforce.rb View File

@@ -32,23 +32,11 @@ class MetasploitModule < Msf::Post
32 32
 
33 33
   # Run Method for when run command is issued
34 34
   def run
35
-
36 35
     domain = datastore['DOMAIN']
37 36
     hostlst = datastore['NAMELIST']
38 37
     a = []
39 38
 
40 39
     print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}")
41
-    if session.type =~ /shell/
42
-      # Only one thread possible when shell
43
-      thread_num = 1
44
-      # Use the shell platform for selecting the command
45
-      platform = session.platform
46
-    else
47
-      # When in Meterpreter the safest thread number is 10
48
-      thread_num = 10
49
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
50
-      platform = session.sys.config.sysinfo['OS']
51
-    end
52 40
 
53 41
     name_list = []
54 42
     if ::File.exist?(hostlst)
@@ -57,9 +45,7 @@ class MetasploitModule < Msf::Post
57 45
       end
58 46
     end
59 47
 
60
-    platform = session.platform
61
-
62
-    case platform
48
+    case session.platform
63 49
     when /win/i
64 50
       cmd = "nslookup"
65 51
     when /solaris/i
@@ -67,8 +53,9 @@ class MetasploitModule < Msf::Post
67 53
     else
68 54
       cmd = "/usr/bin/host "
69 55
     end
70
-    while(not name_list.nil? and not name_list.empty?)
71
-      1.upto(thread_num) do
56
+
57
+    while !name_list.nil? && !name_list.empty?
58
+      1.upto session.max_threads  do
72 59
         a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n|
73 60
           next if n.nil?
74 61
           vprint_status("Trying #{n.strip}.#{domain}")

+ 5
- 18
modules/post/multi/gather/dns_reverse_lookup.rb View File

@@ -44,21 +44,7 @@ class MetasploitModule < Msf::Post
44 44
       iplst << ipa
45 45
     end
46 46
 
47
-    if session.type =~ /shell/
48
-      # Only one thread possible when shell
49
-      thread_num = 1
50
-      # Use the shell platform for selecting the command
51
-      platform = session.platform
52
-    else
53
-      # When in Meterpreter the safest thread number is 10
54
-      thread_num = 10
55
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
56
-      platform = session.sys.config.sysinfo['OS']
57
-    end
58
-
59
-    platform = session.platform
60
-
61
-    case platform
47
+    case session.platform
62 48
     when /win/i
63 49
       cmd = "nslookup"
64 50
     when /solaris/i
@@ -66,12 +52,13 @@ class MetasploitModule < Msf::Post
66 52
     else
67 53
       cmd = "/usr/bin/host"
68 54
     end
69
-    while(not iplst.nil? and not iplst.empty?)
70
-      1.upto(thread_num) do
55
+
56
+    while !iplst.nil? && !iplst.empty?
57
+      1.upto session.max_threads do
71 58
         a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
72 59
           next if ip_add.nil?
73 60
           r = cmd_exec(cmd, " #{ip_add}")
74
-          case platform
61
+          case session.platform
75 62
           when /win/
76 63
             if r =~ /(Name)/
77 64
               r.scan(/Name:\s*\S*\s/) do |n|

+ 4
- 19
modules/post/multi/gather/dns_srv_lookup.rb View File

@@ -55,22 +55,7 @@ class MetasploitModule < Msf::Post
55 55
 
56 56
     a = []
57 57
 
58
-
59
-    if session.type =~ /shell/
60
-      # Only one thread possible when shell
61
-      thread_num = 1
62
-      # Use the shell platform for selecting the command
63
-      platform = session.platform
64
-    else
65
-      # When in Meterpreter the safest thread number is 10
66
-      thread_num = 10
67
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
68
-      platform = session.sys.config.sysinfo['OS']
69
-    end
70
-
71
-    platform = session.platform
72
-
73
-    case platform
58
+    case session.platform
74 59
     when /win/i
75 60
       ns_opt = " -query=srv "
76 61
       cmd = "nslookup"
@@ -82,13 +67,13 @@ class MetasploitModule < Msf::Post
82 67
       cmd = "/usr/bin/host"
83 68
     end
84 69
 
85
-    while(not srvrcd.nil? and not srvrcd.empty?)
86
-      1.upto(thread_num) do
70
+    while !srvrcd.nil? && !srvrcd.empty?
71
+      1.upto session.max_threads do
87 72
         a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv|
88 73
           next if srv.nil?
89 74
           r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}")
90 75
 
91
-          case platform
76
+          case session.platform
92 77
           when /win/
93 78
             if r =~ /\s*internet\saddress\s\=\s/
94 79
               nslookup_srv_consume("#{srv}#{domain}", r).each do |f|

+ 3
- 16
modules/post/multi/gather/ping_sweep.rb View File

@@ -40,21 +40,8 @@ class MetasploitModule < Msf::Post
40 40
         end
41 41
         iplst << ipa
42 42
       end
43
-      if session.type =~ /shell/
44
-        # Only one thread possible when shell
45
-        thread_num = 1
46
-        # Use the shell platform for selecting the command
47
-        platform = session.platform
48
-      else
49
-        # When in Meterpreter the safest thread number is 10
50
-        thread_num = 10
51
-        # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
52
-        platform = session.sys.config.sysinfo['OS']
53
-      end
54
-
55
-      platform = session.platform
56 43
 
57
-      case platform
44
+      case session.platform
58 45
       when /win/i
59 46
         count = " -n 1 "
60 47
         cmd = "ping"
@@ -69,10 +56,10 @@ class MetasploitModule < Msf::Post
69 56
 
70 57
       while(not iplst.nil? and not iplst.empty?)
71 58
         a = []
72
-        1.upto(thread_num) do
59
+        1.upto session.max_threads do
73 60
           a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
74 61
             next if ip_add.nil?
75
-            if platform =~ /solaris/i
62
+            if session.platform =~ /solaris/i
76 63
               r = cmd_exec(cmd, "-n #{ip_add} 1")
77 64
             else
78 65
               r = cmd_exec(cmd, count + ip_add)

+ 4
- 11
modules/post/multi/gather/skype_enum.rb View File

@@ -7,19 +7,12 @@ require 'msf/core'
7 7
 require 'rex'
8 8
 require 'csv'
9 9
 
10
-
11
-
12
-
13
-
14 10
 class MetasploitModule < Msf::Post
15 11
 
16 12
   include Msf::Post::File
17 13
   include Msf::Post::Windows::UserProfiles
18
-
19 14
   include Msf::Post::OSX::System
20 15
 
21
-
22
-
23 16
   def initialize(info={})
24 17
     super( update_info( info,
25 18
         'Name'          => 'Multi Gather Skype User Data Enumeration',
@@ -52,9 +45,9 @@ class MetasploitModule < Msf::Post
52 45
       return
53 46
     end
54 47
 
55
-      if (session.platform =~ /java/) || (session.platform =~ /osx/)
56
-        # Make sure a Java Meterpreter on anything but OSX will exit
57
-        if session.platform =~ /java/ and sysinfo['OS'] !~ /Mac OS X/
48
+      if session.platform =~ /java/
49
+        # Make sure that Java Meterpreter on anything but OSX will exit
50
+        if session.platform !~ /osx/
58 51
           print_error("This session type and platform are not supported.")
59 52
           return
60 53
         end
@@ -105,7 +98,7 @@ class MetasploitModule < Msf::Post
105 98
   # Download file using Meterpreter functionality and returns path in loot for the file
106 99
   def download_db(profile)
107 100
     if session.type =~ /meterpreter/
108
-      if sysinfo['OS'] =~ /Mac OS X/
101
+      if session.platform =~ /osx/
109 102
         file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true)
110 103
       else
111 104
         file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true)

+ 1
- 15
modules/post/multi/gather/wlan_geolocate.rb View File

@@ -108,18 +108,8 @@ class MetasploitModule < Msf::Post
108 108
 
109 109
   # Run Method for when run command is issued
110 110
   def run
111
-    if session.type =~ /shell/
112
-      # Use the shell platform for selecting the command
113
-      platform = session.platform
114
-    else
115
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
116
-      platform = session.sys.config.sysinfo['OS']
117
-      platform = 'osx' if platform =~ /darwin/i
118
-    end
119
-
120
-    case platform
111
+    case session.platform
121 112
     when /win/i
122
-
123 113
       listing = cmd_exec('netsh wlan show networks mode=bssid')
124 114
       if listing.nil?
125 115
         print_error("Unable to generate wireless listing.")
@@ -136,7 +126,6 @@ class MetasploitModule < Msf::Post
136 126
       end
137 127
 
138 128
     when /osx/i
139
-
140 129
       listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
141 130
       if listing.nil?
142 131
         print_error("Unable to generate wireless listing.")
@@ -152,7 +141,6 @@ class MetasploitModule < Msf::Post
152 141
       end
153 142
 
154 143
     when /linux/i
155
-
156 144
       listing = cmd_exec('iwlist scanning')
157 145
       if listing.nil?
158 146
         print_error("Unable to generate wireless listing.")
@@ -169,7 +157,6 @@ class MetasploitModule < Msf::Post
169 157
       end
170 158
 
171 159
     when /solaris/i
172
-
173 160
       listing = cmd_exec('dladm scan-wifi')
174 161
       if listing.blank?
175 162
         print_error("Unable to generate wireless listing.")
@@ -182,7 +169,6 @@ class MetasploitModule < Msf::Post
182 169
       end
183 170
 
184 171
     when /bsd/i
185
-
186 172
       interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
187 173
       # Printing interface as this platform requires the interface to be specified
188 174
       # it might not be detected correctly.

+ 1
- 6
modules/post/multi/manage/set_wallpaper.rb View File

@@ -71,12 +71,7 @@ class MetasploitModule < Msf::Post
71 71
   end
72 72
 
73 73
   def os_set_wallpaper(file)
74
-    if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i
75
-      platform = 'osx'
76
-    else
77
-      platform = session.platform
78
-    end
79
-    case platform
74
+    case session.platform
80 75
     when /osx/
81 76
       osx_set_wallpaper(file)
82 77
     when /win/

+ 5
- 19
modules/post/osx/gather/enum_osx.rb View File

@@ -53,7 +53,6 @@ class MetasploitModule < Msf::Post
53 53
 
54 54
   #parse the dslocal plist in lion
55 55
   def read_ds_xml_plist(plist_content)
56
-
57 56
     require "rexml/document"
58 57
 
59 58
     doc  = REXML::Document.new(plist_content)
@@ -132,11 +131,7 @@ class MetasploitModule < Msf::Post
132 131
     when /shell/
133 132
       osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp
134 133
     end
135
-    if osx_ver =~/Server/
136
-      return true
137
-    else
138
-      return false
139
-    end
134
+    return osx_ver =~/Server/
140 135
   end
141 136
 
142 137
   # Enumerate the OS Version
@@ -148,13 +143,10 @@ class MetasploitModule < Msf::Post
148 143
     when /shell/
149 144
       osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp
150 145
     end
151
-
152 146
     return osx_ver_num
153 147
   end
154 148
 
155 149
   def enum_conf(log_folder)
156
-
157
-    session_type = session.type
158 150
     profile_datatypes = {
159 151
       'OS' => 'SPSoftwareDataType',
160 152
       'Network' => 'SPNetworkDataType',
@@ -188,11 +180,11 @@ class MetasploitModule < Msf::Post
188 180
     profile_datatypes.each do |name, profile_datatypes|
189 181
       print_status("\tEnumerating #{name}")
190 182
       # Run commands according to the session type
191
-        if session_type =~ /meterpreter/
183
+        if session.type =~ /meterpreter/
192 184
           returned_data = cmd_exec('system_profiler', profile_datatypes)
193 185
           # Save data lo log folder
194 186
           file_local_write(log_folder+"//#{name}.txt",returned_data)
195
-        elsif session_type =~ /shell/
187
+        elsif session.type =~ /shell/
196 188
           begin
197 189
             returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15)
198 190
             # Save data lo log folder
@@ -207,11 +199,11 @@ class MetasploitModule < Msf::Post
207 199
       print_status("\tEnumerating #{name}")
208 200
       # Run commands according to the session type
209 201
       begin
210
-        if session_type =~ /meterpreter/
202
+        if session.type =~ /meterpreter/
211 203
           command_output = cmd_exec(command[0],command[1])
212 204
           # Save data lo log folder
213 205
           file_local_write(log_folder+"//#{name}.txt",command_output)
214
-        elsif session_type =~ /shell/
206
+        elsif session.type =~ /shell/
215 207
           command_output = cmd_exec(command[0], command[1])
216 208
           # Save data lo log folder
217 209
           file_local_write(log_folder+"//#{name}.txt",command_output)
@@ -222,9 +214,7 @@ class MetasploitModule < Msf::Post
222 214
     end
223 215
   end
224 216
 
225
-
226 217
   def enum_accounts(log_folder,ver_num)
227
-
228 218
     # Specific commands for Leopard and Snow Leopard
229 219
     leopard_commands = {
230 220
       'Users' => ['/usr/bin/dscacheutil', '-q user'],
@@ -261,13 +251,11 @@ class MetasploitModule < Msf::Post
261 251
         file_local_write(log_folder + "//#{name}.txt", command_output)
262 252
       end
263 253
     end
264
-
265 254
   end
266 255
 
267 256
 
268 257
   # Method for getting SSH and GPG Keys
269 258
   def get_crypto_keys(log_folder)
270
-
271 259
     # Run commands according to the session type
272 260
     if session.type =~ /shell/
273 261
 
@@ -349,7 +337,6 @@ class MetasploitModule < Msf::Post
349 337
             end
350 338
           end
351 339
         end
352
-
353 340
       end
354 341
     end
355 342
   end
@@ -381,7 +368,6 @@ class MetasploitModule < Msf::Post
381 368
         end
382 369
       end
383 370
       print_status("Screenshot Captured")
384
-
385 371
     end
386 372
   end
387 373
 

Loading…
Cancel
Save