modules/post/windows/gather/enum_hostfile.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::File

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Gather Windows Host File Enumeration',
        'Description' => %q{
          This module returns a list of entries in the target system's hosts file.
        },
        'License' => BSD_LICENSE,
        'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter', 'shell' ]
      )
    )
  end

  def run
    # read in the hosts in the hosts file.
    hosts = read_file 'C:\\WINDOWS\\System32\\drivers\\etc\\hosts'

    # Store the original hosts file
    p = store_loot(
      'hosts.confige',
      'text/plain',
      session,
      hosts,
      'hosts_file.txt',
      'Windows Hosts File'
    )

    # Print out each line that doesn't start w/ a comment
    entries = []
    hosts.each_line do |line|
      next if line =~ /^[\r|\n|#]/

      entries << line.strip
    end

    # Show results
    if !entries.empty?
      print_line('Found entries:')
      entries.each do |e|
        print_good(e.to_s)
      end
    end

    print_status("Hosts file saved: #{p}")
  end
end
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
Add support for shell sessions to post/windows/gather/enum_hostfile 2019-11-16 04:07:01 +00:00			`include Msf::Post::File`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00
docs and rubocop 2020-10-11 17:44:21 -04:00			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Windows Gather Windows Host File Enumeration',`
			`'Description' => %q{`
			`This module returns a list of entries in the target system's hosts file.`
			`},`
			`'License' => BSD_LICENSE,`
			`'Author' => [ 'vt <nick.freeman[at]security-assessment.com>'],`
			`'Platform' => [ 'win' ],`
			`'SessionTypes' => [ 'meterpreter', 'shell' ]`
			`)`
			`)`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`end`

			`def run`
			`# read in the hosts in the hosts file.`
docs and rubocop 2020-10-11 17:44:21 -04:00			`hosts = read_file 'C:\\WINDOWS\\System32\\drivers\\etc\\hosts'`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00
			`# Store the original hosts file`
			`p = store_loot(`
			`'hosts.confige',`
			`'text/plain',`
			`session,`
Add support for shell sessions to post/windows/gather/enum_hostfile 2019-11-16 04:07:01 +00:00			`hosts,`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`'hosts_file.txt',`
			`'Windows Hosts File'`
			`)`

			`# Print out each line that doesn't start w/ a comment`
			`entries = []`
Add support for shell sessions to post/windows/gather/enum_hostfile 2019-11-16 04:07:01 +00:00			`hosts.each_line do \|line\|`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`next if line =~ /^[\r\|\n\|#]/`
docs and rubocop 2020-10-11 17:44:21 -04:00
Add support for shell sessions to post/windows/gather/enum_hostfile 2019-11-16 04:07:01 +00:00			`entries << line.strip`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`end`

			`# Show results`
docs and rubocop 2020-10-11 17:44:21 -04:00			`if !entries.empty?`
			`print_line('Found entries:')`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`entries.each do \|e\|`
			`print_good(e.to_s)`
			`end`
			`end`

docs and rubocop 2020-10-11 17:44:21 -04:00			`print_status("Hosts file saved: #{p}")`
These are the "myca" modules by Nick Freeman. Feature #5503 2011-10-23 17:17:32 +00:00			`end`
			`end`