Michael Schierl
21f6127e29
Change all Platform 'windows' to 'win', as it internally is an alias anyway and only causes unnecessary confusion to have two platform names that mean the same.
104 lines
3.0 KiB
Ruby
104 lines
3.0 KiB
Ruby
##
|
|
# $Id$
|
|
##
|
|
|
|
##
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
# web site for more information on licensing and terms of use.
|
|
# http://metasploit.com/
|
|
##
|
|
|
|
|
|
require 'msf/core'
|
|
require 'rex'
|
|
require 'msf/core/post/windows/services'
|
|
|
|
class Metasploit3 < Msf::Post
|
|
|
|
include Msf::Post::Windows::WindowsServices
|
|
|
|
def initialize(info={})
|
|
super(update_info(info,
|
|
'Name' => "Windows Gather Service Info Enumeration",
|
|
'Description' => %q{
|
|
This module will query the system for services and display name and configuration
|
|
info for each returned service. It allows you to optionally search the credentials, path, or start
|
|
type for a string and only return the results that match. These query operations
|
|
are cumulative and if no query strings are specified, it just returns all services.
|
|
NOTE: If the script hangs, windows firewall is most likely on and you did not
|
|
migrate to a safe process (explorer.exe for example).
|
|
},
|
|
'License' => MSF_LICENSE,
|
|
'Version' => '$Revision$',
|
|
'Platform' => ['win'],
|
|
'SessionTypes' => ['meterpreter'],
|
|
'Author' => ['Keith Faber', 'Kx499']
|
|
))
|
|
register_options(
|
|
[
|
|
OptString.new('CRED', [ false, 'String to search credentials for' ]),
|
|
OptString.new('PATH', [ false, 'String to search path for' ]),
|
|
OptEnum.new('TYPE', [false, 'Service startup Option', 'All', ['All', 'Auto', 'Manual', 'Disabled' ]])
|
|
], self.class)
|
|
end
|
|
|
|
|
|
def run
|
|
|
|
# set vars
|
|
qcred = datastore["CRED"] || nil
|
|
qpath = datastore["PATH"] || nil
|
|
if datastore["TYPE"] == "All"
|
|
qtype = nil
|
|
else
|
|
qtype = datastore["TYPE"]
|
|
end
|
|
if qcred
|
|
print_status("Credential Filter: " + qcred)
|
|
end
|
|
if qpath
|
|
print_status("Executable Path Filter: " + qpath)
|
|
end
|
|
if qtype
|
|
print_status("Start Type Filter: " + qtype)
|
|
end
|
|
|
|
print_status("Listing Service Info for matching services:")
|
|
service_list.each do |sname|
|
|
srv_conf = {}
|
|
isgood = true
|
|
#make sure we got a service name
|
|
if sname
|
|
begin
|
|
srv_conf = service_info(sname)
|
|
#filter service based on filters passed, the are cumulative
|
|
if qcred and ! srv_conf['Credentials'].downcase.include? qcred.downcase
|
|
isgood = false
|
|
end
|
|
if qpath and ! srv_conf['Command'].downcase.include? qpath.downcase
|
|
isgood = false
|
|
end
|
|
if qtype and ! srv_conf['Startup'].downcase.include? qtype.downcase
|
|
isgood = false
|
|
end
|
|
|
|
#if we are still good return the info
|
|
if isgood
|
|
vprint_status("\tName: #{sname}")
|
|
vprint_good("\t\tStartup: #{srv_conf['Startup']}")
|
|
vprint_good("\t\tCommand: #{srv_conf['Command']}")
|
|
vprint_good("\t\tCredentials: #{srv_conf['Credentials']}")
|
|
end
|
|
rescue
|
|
print_error("An error occured enumerating service: #{sname}")
|
|
end
|
|
else
|
|
print_error("Problem enumerating services")
|
|
end
|
|
|
|
end
|
|
end
|
|
|
|
end
|