2011-01-12 18:11:24 +00:00
|
|
|
##
|
2017-07-24 06:26:21 -07:00
|
|
|
# This module requires Metasploit: https://metasploit.com/download
|
2013-10-15 13:50:46 -05:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2011-01-12 18:11:24 +00:00
|
|
|
##
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2016-03-08 14:02:44 +01:00
|
|
|
class MetasploitModule < Msf::Post
|
2013-08-30 16:28:54 -05:00
|
|
|
include Msf::Post::Windows::Registry
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
def initialize(info={})
|
|
|
|
|
super( update_info( info,
|
|
|
|
|
'Name' => 'Windows Gather Installed Application Enumeration',
|
2019-12-11 14:10:48 -07:00
|
|
|
'Description' => %q{ This module will enumerate all installed applications on a Windows system },
|
2013-08-30 16:28:54 -05:00
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
|
|
|
|
|
'Platform' => [ 'win' ],
|
|
|
|
|
'SessionTypes' => [ 'meterpreter' ]
|
|
|
|
|
))
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
end
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
def app_list
|
2016-08-10 13:30:09 -05:00
|
|
|
tbl = Rex::Text::Table.new(
|
2013-08-30 16:28:54 -05:00
|
|
|
'Header' => "Installed Applications",
|
|
|
|
|
'Indent' => 1,
|
|
|
|
|
'Columns' =>
|
|
|
|
|
[
|
|
|
|
|
"Name",
|
|
|
|
|
"Version"
|
|
|
|
|
])
|
|
|
|
|
appkeys = [
|
|
|
|
|
'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
|
|
|
|
|
'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
|
|
|
|
|
'HKLM\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
|
|
|
|
|
'HKCU\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
|
|
|
|
|
]
|
|
|
|
|
apps = []
|
|
|
|
|
appkeys.each do |keyx86|
|
|
|
|
|
found_keys = registry_enumkeys(keyx86)
|
|
|
|
|
if found_keys
|
|
|
|
|
found_keys.each do |ak|
|
|
|
|
|
apps << keyx86 +"\\" + ak
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
t = []
|
|
|
|
|
while(not apps.empty?)
|
2011-11-06 22:02:26 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
1.upto(16) do
|
|
|
|
|
t << framework.threads.spawn("Module(#{self.refname})", false, apps.shift) do |k|
|
|
|
|
|
begin
|
|
|
|
|
dispnm = registry_getvaldata("#{k}","DisplayName")
|
|
|
|
|
dispversion = registry_getvaldata("#{k}","DisplayVersion")
|
|
|
|
|
tbl << [dispnm,dispversion] if dispnm and dispversion
|
|
|
|
|
rescue
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
end
|
|
|
|
|
t.map{|x| x.join }
|
|
|
|
|
end
|
2011-07-19 21:52:38 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
results = tbl.to_s
|
2011-11-06 22:02:26 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
print_line("\n" + results + "\n")
|
2011-11-06 22:02:26 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
p = store_loot("host.applications", "text/plain", session, results, "applications.txt", "Installed Applications")
|
2017-07-19 13:02:49 +01:00
|
|
|
print_good("Results stored in: #{p}")
|
2013-08-30 16:28:54 -05:00
|
|
|
end
|
2011-01-12 03:55:19 +00:00
|
|
|
|
2013-08-30 16:28:54 -05:00
|
|
|
def run
|
|
|
|
|
print_status("Enumerating applications installed on #{sysinfo['Computer']}")
|
|
|
|
|
app_list
|
|
|
|
|
end
|
2011-01-12 18:11:24 +00:00
|
|
|
end
|
