## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'readline' class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix include Msf::Post::Linux::System include Msf::Post::Linux::Priv HELP_COMMANDS = [ ['help', 'help', 0, 'Show current help'], ['?', 'help', 0, 'Show current help'], ['ls', 'dir', 1, 'List files and folders in a directory'], ['cat', 'read_file', 1, 'Show file contents'], ['whoami', 'whoami', 0, 'Show current user'], ['cd', 'cd', 1, 'Change current directory'], ['users', 'get_users', 0, 'Show list of users'], ['groups', 'get_groups', 0, 'Show list of groups'], ['pwd', 'pwd', 0, 'Show current PATH'], ['interfaces', 'interfaces', 0, 'Show list of network interfaces'], ['path', 'get_path', 0, 'Show current directories included in $PATH enviroment variable'], ['macs', 'macs', 0, 'Show list of MAC addresses'], ['shell', 'get_shell_name', 0, 'Show current SHELL'], ['hostname', 'get_hostname', 0, 'Show current Hostname'], ['ips', 'ips', 0, 'Show list of current IP addresses'], ['isroot?', 'is_root?', 0, 'Show if current user has root permisions'], ['exit', '', 0, 'Exit the Pseudo-shell'], ['tcp_ports', 'listen_tcp_ports', 0, 'Show list of listen TCP ports'], ['udp_ports', 'listen_udp_ports', 0, 'Show list of listen UDP ports'], ['clear', 'clear_screen', 0, 'Clear screen'] ].sort LIST = [].sort HELP_COMMANDS.each do |linea| LIST.insert(-1, linea[0]) end def initialize super( 'Name' => 'Pseudo-Shell Post-Exploitation Module', 'Description' => %q{ This module will run a Pseudo-Shell. }, 'Author' => 'Alberto Rafael Rodriguez Iglesias ', 'License' => MSF_LICENSE, 'Platform' => ['linux'], 'SessionTypes' => ['shell', 'meterpreter'] ) end def run @vhostname = get_hostname @vusername = whoami @vpromptchar = is_root? ? '#' : '$' prompt end def parse_cmd(cmd) parts = cmd.split(' ') return '' unless parts.length >= 1 cmd = parts[0] nargs = parts.length - 1 HELP_COMMANDS.each do |linea| next unless linea[0] == cmd func = linea[1] if nargs >= 1 if linea[2] == 1 args = parts[1] else nargs = 0 end else args = '' end return func, cmd, args, nargs end error = get_shell_name message = "#{error}: #{cmd}: Command does not exist\n" print message message end def help print "\n" print "Commands Help\n" print "==============\n" print "\n" printf("\t%-20s%-100s\n", 'Command', 'Description') printf("\t%-20s%-100s\n", '-------', '-----------') HELP_COMMANDS.each do |linea| printf("\t%-20s%-100s\n", linea[0], linea[3]) end print "\n" end def prompt_show promptshell = "#{@vusername}@#{@vhostname}:#{pwd.strip}#{@vpromptchar} " comp = proc { |s| LIST.grep(/^#{Regexp.escape(s)}/) } Readline.completion_append_character = ' ' Readline.completion_proc = comp input = Readline.readline(promptshell, true) return nil if input.nil? input end def prompt while (input = prompt_show) break if input == 'exit' break if input == 'exit ' begin func, command, args, nargs = parse_cmd(input) nargs = nargs.to_i if command == 'ls' && (nargs == 0) nargs += 1 ruta = pwd args = ruta end if nargs > 0 args = args.strip resultado = public_send(func.to_s, args.to_s) elsif input == '' resultado = [] resultado.insert(-1, '') else resultado = public_send(func.to_s) end if !resultado.nil? == resultado if command == 'isroot?' print resultado ? "true\n" : "false\n" end elsif resultado.instance_of?(Array) print resultado.join("\n") print "\n" elsif resultado.strip != '' print resultado.chomp + "\n" end rescue StandardError # begin next end end end end