2011-09-12 23:33:09 +00:00
|
|
|
##
|
2017-07-24 06:26:21 -07:00
|
|
|
# This module requires Metasploit: https://metasploit.com/download
|
2013-10-15 13:50:46 -05:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2011-09-12 23:33:09 +00:00
|
|
|
##
|
|
|
|
|
|
2016-03-08 14:02:44 +01:00
|
|
|
class MetasploitModule < Msf::Post
|
2013-12-14 18:30:43 +00:00
|
|
|
include Msf::Post::Windows::WMIC
|
|
|
|
|
|
2022-09-20 13:09:36 -05:00
|
|
|
def initialize(info = {})
|
|
|
|
|
super(
|
|
|
|
|
update_info(
|
|
|
|
|
info,
|
2022-09-23 00:25:13 +10:00
|
|
|
'Name' => 'Windows Gather Run WMIC Commands',
|
2022-09-20 13:09:36 -05:00
|
|
|
'Description' => %q{
|
2022-09-23 00:25:13 +10:00
|
|
|
This module executes WMIC commands on the specified host.
|
2022-09-20 13:09:36 -05:00
|
|
|
},
|
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
|
|
|
|
|
'Platform' => [ 'win' ],
|
2022-09-23 00:25:13 +10:00
|
|
|
'SessionTypes' => [ 'meterpreter' ],
|
|
|
|
|
'Notes' => {
|
|
|
|
|
'Stability' => [CRASH_SAFE],
|
|
|
|
|
'Reliability' => [],
|
|
|
|
|
'SideEffects' => []
|
|
|
|
|
}
|
2022-09-20 13:09:36 -05:00
|
|
|
)
|
|
|
|
|
)
|
2011-11-06 22:02:26 +00:00
|
|
|
|
2022-09-23 00:25:13 +10:00
|
|
|
register_options([
|
|
|
|
|
OptPath.new('RESOURCE', [false, 'Full path to resource file containing WMIC commands']),
|
|
|
|
|
OptString.new('COMMAND', [false, 'WMIC command']),
|
|
|
|
|
])
|
2013-09-05 13:41:25 -05:00
|
|
|
end
|
2011-09-12 23:33:09 +00:00
|
|
|
|
2013-09-05 13:41:25 -05:00
|
|
|
def run
|
2022-09-23 00:25:13 +10:00
|
|
|
hostname = sysinfo.nil? ? cmd_exec('hostname') : sysinfo['Computer']
|
|
|
|
|
print_status("Running module against #{hostname} (#{session.session_host})")
|
|
|
|
|
|
|
|
|
|
resource_file = datastore['RESOURCE']
|
|
|
|
|
command = datastore['COMMAND']
|
|
|
|
|
|
|
|
|
|
if command.blank? && resource_file.blank?
|
|
|
|
|
fail_with(Failure::BadConfig, 'Please specify COMMAND or RESOURCE file.')
|
2022-09-20 13:09:36 -05:00
|
|
|
end
|
2011-09-12 23:33:09 +00:00
|
|
|
|
2022-09-23 00:25:13 +10:00
|
|
|
commands = []
|
2022-09-20 13:09:36 -05:00
|
|
|
|
2022-09-23 00:25:13 +10:00
|
|
|
if resource_file
|
|
|
|
|
fail_with(Failure::BadConfig, "Resource file #{resource_file} does not exist!") unless ::File.exist?(resource_file)
|
2011-09-12 23:33:09 +00:00
|
|
|
|
2022-09-23 00:25:13 +10:00
|
|
|
::File.open(resource_file).each_line(chomp: true) do |cmd|
|
|
|
|
|
next if cmd.strip.empty?
|
|
|
|
|
next if cmd.starts_with?('#')
|
|
|
|
|
|
|
|
|
|
commands << cmd
|
2013-09-05 13:41:25 -05:00
|
|
|
end
|
2022-09-23 00:25:13 +10:00
|
|
|
else
|
|
|
|
|
commands << command
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
commands.each do |cmd|
|
|
|
|
|
next if cmd.strip.empty?
|
|
|
|
|
|
|
|
|
|
print_status("Running WMIC command: #{cmd}")
|
2011-09-12 23:33:09 +00:00
|
|
|
|
2013-12-14 20:58:33 +00:00
|
|
|
result = wmic_query(cmd)
|
2022-09-23 00:25:13 +10:00
|
|
|
|
|
|
|
|
if result.blank?
|
|
|
|
|
print_error('No results for command')
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_line(result)
|
|
|
|
|
|
2013-12-14 20:58:33 +00:00
|
|
|
store_wmic_loot(result, cmd)
|
2013-09-05 13:41:25 -05:00
|
|
|
end
|
|
|
|
|
end
|
2011-09-12 23:33:09 +00:00
|
|
|
|
2013-12-14 20:58:33 +00:00
|
|
|
def store_wmic_loot(result_text, cmd)
|
2022-09-23 00:25:13 +10:00
|
|
|
command_log = store_loot(
|
|
|
|
|
'host.command.wmic',
|
|
|
|
|
'text/plain',
|
|
|
|
|
session,
|
|
|
|
|
result_text,
|
|
|
|
|
"#{cmd.gsub(%r{\.|/|\s}, '_')}.txt",
|
|
|
|
|
"Command Output 'wmic #{cmd}'"
|
|
|
|
|
)
|
2013-12-14 20:58:33 +00:00
|
|
|
|
|
|
|
|
print_status("Command output saved to: #{command_log}")
|
|
|
|
|
end
|
2011-09-12 23:33:09 +00:00
|
|
|
end
|
