diff --git a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb index e49901ee1c..5b92fbce9a 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb @@ -7,38 +7,43 @@ class MetasploitModule < Msf::Auxiliary def initialize super( - 'Name' => 'VSploit Mariposa DNS Query Module', - 'Description' => 'This module queries known Mariposa Botnet DNS records.', - 'Author' => 'MJC', - 'License' => MSF_LICENSE, - 'References' => - [ - [ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf'] - ] + 'Name' => 'VSploit Mariposa DNS Query Module', + 'Description' => 'This module queries known Mariposa Botnet DNS records.', + 'Author' => 'MJC', + 'License' => MSF_LICENSE, + 'References' => [ + [ 'URL', 'http://www.defintel.com/docs/Mariposa_Analysis.pdf'] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) register_options( [ - OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]), - OptInt.new('COUNT', [false, "Number of intervals to loop",1]), - OptInt.new('DELAY', [false, "Delay in seconds between intervals",3]) - ]) + OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']), + OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]), + OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3]) + ] + ) end def run - @res = Net::DNS::Resolver.new() + @res = Net::DNS::Resolver.new domain = [ - "lalundelau.sinip.es","bf2back.sinip.es","thejacksonfive.mobi", - "thejacksonfive.us","thejacksonfive.biz","butterfly.BigMoney.biz", - "bfisback.sinip.es","bfisback.no-ip.org","qwertasdfg.sinip.es", - "shv4b.getmyip.com","shv4.no-ip.biz","butterfly.sinip.es", - "defintelsucks.sinip.es","defintelsucks.net","defintelsucks.com", - "gusanodeseda.sinip.es","gusanodeseda.net","legion.sinip.es", - "booster.estr.es","sexme.in","extraperlo.biz", - "legionarios.servecounterstrike.com","thesexydude.com", - "yougotissuez.com","gusanodeseda.mobi","tamiflux.org", - "tamiflux.net","binaryfeed.in","youare.sexidude.com", - "mierda.notengodominio.com", + 'lalundelau.sinip.es', 'bf2back.sinip.es', 'thejacksonfive.mobi', + 'thejacksonfive.us', 'thejacksonfive.biz', 'butterfly.BigMoney.biz', + 'bfisback.sinip.es', 'bfisback.no-ip.org', 'qwertasdfg.sinip.es', + 'shv4b.getmyip.com', 'shv4.no-ip.biz', 'butterfly.sinip.es', + 'defintelsucks.sinip.es', 'defintelsucks.net', 'defintelsucks.com', + 'gusanodeseda.sinip.es', 'gusanodeseda.net', 'legion.sinip.es', + 'booster.estr.es', 'sexme.in', 'extraperlo.biz', + 'legionarios.servecounterstrike.com', 'thesexydude.com', + 'yougotissuez.com', 'gusanodeseda.mobi', 'tamiflux.org', + 'tamiflux.net', 'binaryfeed.in', 'youare.sexidude.com', + 'mierda.notengodominio.com', ] if datastore['DNS_SERVER'] @@ -50,11 +55,11 @@ class MetasploitModule < Msf::Auxiliary while count < datastore['COUNT'] domain.each do |name| - query = @res.query(name, "A") + query = @res.query(name, 'A') time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - DNS Query sent for => #{name}") - if query.answer.length == 0 + if query.answer.empty? print_error("#{time} - #{name} => No Record Found") else a = query.answer[0].to_s.split(/[\s,]+/) @@ -63,7 +68,7 @@ class MetasploitModule < Msf::Auxiliary end unless count == (datastore['COUNT'] - 1) time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query") select(nil, nil, nil, datastore['DELAY']) end diff --git a/modules/auxiliary/vsploit/malware/dns/dns_query.rb b/modules/auxiliary/vsploit/malware/dns/dns_query.rb index 3df468e34a..14b12a4515 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_query.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_query.rb @@ -7,23 +7,29 @@ class MetasploitModule < Msf::Auxiliary def initialize super( - 'Name' => 'VSploit DNS Beaconing Emulation', - 'Description' => 'This module takes a list and emulates malicious DNS beaconing.', - 'Author' => 'MJC', - 'License' => MSF_LICENSE + 'Name' => 'VSploit DNS Beaconing Emulation', + 'Description' => 'This module takes a list of domains and emulates malicious DNS beaconing.', + 'Author' => 'MJC', + 'License' => MSF_LICENSE, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) register_options( - [ - OptString.new('DOMAINS', [ true, "Separate Domains by whitespace"]), - OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]), - OptInt.new('COUNT', [false, "Number of intervals to loop",2]), - OptInt.new('DELAY', [false, "Delay in seconds between intervals",3]) - ]) + [ + OptString.new('DOMAINS', [ true, 'Separate domains by whitespace']), + OptString.new('DNS_SERVER', [false, 'Specifies a DNS Server']), + OptInt.new('COUNT', [false, 'Number of intervals to loop', 2]), + OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3]) + ] + ) end def run - @res = Net::DNS::Resolver.new() - #@res.retry = 2 + @res = Net::DNS::Resolver.new + # @res.retry = 2 if datastore['DNS_SERVER'] @res.nameservers = datastore['DNS_SERVER'] @@ -35,11 +41,11 @@ class MetasploitModule < Msf::Auxiliary domain = datastore['DOMAINS'].split(/[\s,]+/) domain.each do |name| - query = @res.query(name, "A") + query = @res.query(name, 'A') time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - DNS Query sent for => #{name}") - if query.answer.length == 0 + if query.answer.empty? print_error("#{time} - #{name} => No Record Found") else a = query.answer[0].to_s.split(/[\s,]+/) @@ -48,7 +54,7 @@ class MetasploitModule < Msf::Auxiliary end unless count == (datastore['COUNT'] - 1) time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - Waiting #{datastore['DELAY']} seconds to beacon") select(nil, nil, nil, datastore['DELAY']) end diff --git a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb index aff31e9e1f..62e3a0df89 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb @@ -7,43 +7,48 @@ class MetasploitModule < Msf::Auxiliary def initialize super( - 'Name' => 'VSploit Zeus DNS Query Module', - 'Description' => 'This module queries known Zeus Botnet DNS records.', - 'Author' => 'MJC', - 'License' => MSF_LICENSE, - 'References' => - [ - [ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist'] - ] + 'Name' => 'VSploit Zeus DNS Query Module', + 'Description' => 'This module queries known Zeus Botnet DNS records.', + 'Author' => 'MJC', + 'License' => MSF_LICENSE, + 'References' => [ + [ 'URL', 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist'] + ], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } ) register_options( [ - OptString.new('DNS_SERVER',[false, "Specifies a DNS Server"]), - OptInt.new('COUNT', [false, "Number of intervals to loop",1]), - OptInt.new('DELAY', [false, "Delay in seconds between intervals",3]) - ]) + OptString.new('DNS_SERVER', [false, 'Specifies a DNS server']), + OptInt.new('COUNT', [false, 'Number of intervals to loop', 1]), + OptInt.new('DELAY', [false, 'Delay in seconds between intervals', 3]) + ] + ) end def run - @res = Net::DNS::Resolver.new() + @res = Net::DNS::Resolver.new domain = [ - "allspring.net","antifoher.biz","asdfasdgqghgsw.cx.cc", - "ashnmjjpoljfnl.info","atlaz.net","b3l.org","back.boroborogold.ru", - "bandwithcheckstart.com","batmanrobinho.com","bellicbridge.ru", - "bestfihteerdr.com","bestprice2you.net","billyd.com.au", - "bitschoonerop.com","blackskullbg.sytes.net","botikov.eu.tf", - "botnetdown.gicp.net","boutique.vcm-mode.it","brandc.name", - "bxkkuskgdjskdn.com","c0re.su","cdvqvnjqqtkqhsoo.info", - "christmassuper.com","ciritas.ru","citi-spb.ru","clavn.ru", - "client.trackups.org","client.upsclients.net","cnewsus.ru", - "cnnus.ru","concapow.in","consoleencydd.com","cqoqgzqmkpkrmlo.com", - "ctllutheran.org","currencytradechat.com","cyytmmlxsthywst.com", - "damaka.com","datacricketuf.ru","deimingames.com", - "dfhhdkdddqjda.start.tl","djerk.info","djpeterblue.com.br", - "dlmsonisfzksioqq.org","domio.pwomega.ru","favdstgssdqdsfg.start.tl", - "favoritopilodjd.com","favqnornkwvkwfxv.biz","fdhjkfhskas.com", - "federalreserve-report.com","federetoktyt.net" + 'allspring.net', 'antifoher.biz', 'asdfasdgqghgsw.cx.cc', + 'ashnmjjpoljfnl.info', 'atlaz.net', 'b3l.org', 'back.boroborogold.ru', + 'bandwithcheckstart.com', 'batmanrobinho.com', 'bellicbridge.ru', + 'bestfihteerdr.com', 'bestprice2you.net', 'billyd.com.au', + 'bitschoonerop.com', 'blackskullbg.sytes.net', 'botikov.eu.tf', + 'botnetdown.gicp.net', 'boutique.vcm-mode.it', 'brandc.name', + 'bxkkuskgdjskdn.com', 'c0re.su', 'cdvqvnjqqtkqhsoo.info', + 'christmassuper.com', 'ciritas.ru', 'citi-spb.ru', 'clavn.ru', + 'client.trackups.org', 'client.upsclients.net', 'cnewsus.ru', + 'cnnus.ru', 'concapow.in', 'consoleencydd.com', 'cqoqgzqmkpkrmlo.com', + 'ctllutheran.org', 'currencytradechat.com', 'cyytmmlxsthywst.com', + 'damaka.com', 'datacricketuf.ru', 'deimingames.com', + 'dfhhdkdddqjda.start.tl', 'djerk.info', 'djpeterblue.com.br', + 'dlmsonisfzksioqq.org', 'domio.pwomega.ru', 'favdstgssdqdsfg.start.tl', + 'favoritopilodjd.com', 'favqnornkwvkwfxv.biz', 'fdhjkfhskas.com', + 'federalreserve-report.com', 'federetoktyt.net' ] if datastore['DNS_SERVER'] @@ -55,11 +60,11 @@ class MetasploitModule < Msf::Auxiliary while count < datastore['COUNT'] domain.each do |name| - query = @res.query(name, "A") + query = @res.query(name, 'A') time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - DNS Query sent for => #{name}") - if query.answer.length == 0 + if query.answer.empty? print_error("#{time} - #{name} => No Record Found") else a = query.answer[0].to_s.split(/[\s,]+/) @@ -68,7 +73,7 @@ class MetasploitModule < Msf::Auxiliary end unless count == (datastore['COUNT'] - 1) time = Time.new - time = time.strftime("%Y-%m-%d %H:%M:%S") + time = time.strftime('%Y-%m-%d %H:%M:%S') print_status("#{time} - Waiting #{datastore['DELAY']} seconds to query") select(nil, nil, nil, datastore['DELAY']) end diff --git a/modules/auxiliary/vsploit/pii/email_pii.rb b/modules/auxiliary/vsploit/pii/email_pii.rb index e46d2ea188..10a928a53c 100644 --- a/modules/auxiliary/vsploit/pii/email_pii.rb +++ b/modules/auxiliary/vsploit/pii/email_pii.rb @@ -12,24 +12,32 @@ class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::PII def initialize(info = {}) - super(update_info(info, - 'Name' => 'VSploit Email PII', - 'Description' => %q{ + super( + update_info( + info, + 'Name' => 'VSploit Email PII', + 'Description' => %q{ This auxiliary reads from a file and sends data which - should be flagged via an internal or external SMTP server. - }, - 'License' => MSF_LICENSE, - 'Author' => ['willis'] - )) - register_options( - [ - OptString.new('RHOST', [true, "SMTP server address",'127.0.0.1']), - OptPort.new('RPORT', [true, "SMTP server port", 25]) - ]) + should be flagged via an internal or external SMTP server. + }, + 'License' => MSF_LICENSE, + 'Author' => ['willis'], + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } + ) + ) + register_options( + [ + OptString.new('RHOST', [true, 'SMTP server address', '127.0.0.1']), + OptPort.new('RPORT', [true, 'SMTP server port', 25]) + ] + ) end def run - msg = Rex::MIME::Message.new msg.mime_defaults msg.subject = datastore['SUBJECT'] @@ -38,9 +46,9 @@ class MetasploitModule < Msf::Auxiliary data = create_pii - msg.add_part(data, "text/plain") + msg.add_part(data, 'text/plain') msg.add_part_attachment(data, rand_text_english(10)) - resp = send_message(msg.to_s) + send_message(msg.to_s) end end diff --git a/modules/auxiliary/vsploit/pii/web_pii.rb b/modules/auxiliary/vsploit/pii/web_pii.rb index 1a515648fc..d640ca994b 100644 --- a/modules/auxiliary/vsploit/pii/web_pii.rb +++ b/modules/auxiliary/vsploit/pii/web_pii.rb @@ -12,48 +12,55 @@ class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::PII def initialize(info = {}) - super(update_info(info, - 'Name' => 'VSploit Web PII', - 'Description' => 'This module emulates a webserver leaking PII data', - 'License' => MSF_LICENSE, - 'Author' => 'MJC', - 'References' => - [ - [ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework'] - ], - 'DefaultOptions' => { 'HTTP::server_name' => 'IIS'} - )) + super( + update_info( + info, + 'Name' => 'VSploit Web PII', + 'Description' => 'This module emulates a webserver leaking PII data', + 'License' => MSF_LICENSE, + 'Author' => 'MJC', + 'References' => [ + [ 'URL', 'https://www.rapid7.com/blog/post/2011/06/02/vsploit--virtualizing-exploitation-attributes-with-metasploit-framework'] + ], + 'DefaultOptions' => { 'HTTP::server_name' => 'IIS' }, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliability' => [] + } + ) + ) register_options( - [ - OptBool.new('META_REFRESH', [ false, "Set page to auto refresh.", false]), - OptInt.new('REFRESH_TIME', [ false, "Set page refresh interval.", 15]), - OptInt.new('ENTRIES', [ false, "PII Entry Count", 1000]) - ]) + [ + OptBool.new('META_REFRESH', [ false, 'Set page to auto refresh.', false]), + OptInt.new('REFRESH_TIME', [ false, 'Set page refresh interval.', 15]), + OptInt.new('ENTRIES', [ false, 'PII Entry Count', 1000]) + ] + ) end - def create_page # Webpage Title - title = "vSploit PII Webserver" - sheep = <<-EOS - __________ -< baaaaah! > - --------- - \\ - \\ - ,@;@, - ;@;@( \\@;@;@;@;@;@, - /x @\\_|@;@;@;@;@;@;, - / )@:@;@;@;@;@;@;@|) - *---;@;@;@;@;@;@;@;@; - ';@;\;@;\;@;@ - || | \\ ( - || | // / - // ( // / - ~~~~~ ~~~~ + title = 'vSploit PII Webserver' + sheep = <<~EOS + __________ + < baaaaah! > + --------- + \\ + \\ + ,@;@, + ;@;@( \\@;@;@;@;@;@, + /x @\\_|@;@;@;@;@;@;, + / )@:@;@;@;@;@;@;@|) + *---;@;@;@;@;@;@;@;@; + ';@;\;@;\;@;@ + || | \\ ( + || | // / + // ( // / + ~~~~~ ~~~~ -EOS - page = "" + EOS + page = '' page << "\n\n" if datastore['META_REFRESH'] @@ -71,21 +78,21 @@ EOS end # Start creating PII data - pii = create_pii() + pii = create_pii page << "\n" page << pii page << "\n\n" page end - def on_request_uri(cli,request) + def on_request_uri(cli, _request) # Transmit the response to the client - res = create_page() - print_status("Leaking PII...") + res = create_page + print_status('Leaking PII...') send_response(cli, res, { 'Content-Type' => 'text/html' }) end def run - exploit() + exploit end end