dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/auxiliary/scanner/gopher/gopher_gophermap.md

5.5 KiB
Raw Permalink Blame History

Vulnerable Application

Any gopher server will work. There seems to only be a few left in 2017.

A few options for local installation and testing are below.

Docker Install

A dockerized gopher server written in Go is available. To install and run this, with content being served out of a temporary directory in which you'll be left:

$  docker pull prodhe/gopher
Using default tag: latest
latest: Pulling from prodhe/gopher
627beaf3eaaf: Already exists
8800e3417eb1: Pull complete
d9f3bcdad0eb: Pull complete
c018073abd26: Pull complete
b2855f535c50: Pull complete
23480a2f73d8: Pull complete
1555a5435ec5: Pull complete
0728d289e0fc: Pull complete
6f6f265b58ee: Pull complete
Digest: sha256:69931d56946d192d9bd155a88b6f365cb276e9edf453129d374e64d244d1edaa
Status: Downloaded newer image for prodhe/gopher:latest
$  cd `mktemp -d`;
$  sudo docker run --rm -d -it --name gopher_test -v `pwd -P`:/public  -p 70:70  prodhe/gopher
2017/10/20 16:45:01 Serving /public/ at localhost:70
$ date > test.txt
$ echo HELLO > README.md

NOTE: Don't forget to docker stop the container ID returned from the docker run command just run above:

$ docker stop X
X

Ubuntu 16.04 Install

First we need to install the server:

sudo apt-get install gopher-server

Next, we need to build content for the scanner to find. Gopher works off of a gophermap, somewhat similar to a content index page, where files are listed in a menu type system.

echo "<html><h1>hello world</h1></html>" | sudo tee /var/gopher/example.html
echo "foobarbaz" | sudo tee /var/gopher/foobar.txt
sudo mkdir /var/gopher/msf
echo "meterpreter rules" | sudo tee /var/gopher/msf/meterp.txt
sudo wget "https://pbs.twimg.com/profile_images/580131056629735424/2ENTk2K2.png" -O /var/gopher/msf/logo.png

echo -ne "gopher custom gophermap\n\nhHello World\t/example.html\t1.1.1.1\t70\n0Foo File\t/foobar.txt\t1.1.1.1\t70\n1msf\t/msf\t1.1.1.1\t70\nhmetasploit homepage\tURL:http://metasploit.com/\n" | sudo tee /var/gopher/gophermap
sudo chmod +r -R /var/gopher

In this case we create an html file, text file, a directory with a text file and png file in it. Enough content so its nice to look at. Next we write our gophermap file. The first line is just an intro. After that, we list our files that the client can access.

The format of these lines is: XSome text here[TAB]/path/to/content[TAB]example.org[TAB]port. The first character, X is the file type which can be referenced in the table below. The final address (example.org) and PORT are optional.

The following table contains the file types associated with the characters:

Itemtype Content
0 Text file
1 Directory
2 CSO name server
3 Error
4 Mac HQX filer
5 PC binary
6 UNIX uuencoded file
7 Search server
8 Telnet Session
9 Binary File
c Calendar (not in 2.06)
e Event (not in 2.06)
g GIF image
h HTML, Hypertext Markup Language
i inline text type
s Sound
I Image (other than GIF)
M MIME multipart/mixed message
T TN3270 Session

Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: use auxiliary/scanner/gopher/gopher_gophermap
  4. Do: set rhosts [IPs]
  5. Do: run
  6. You should see the gophermap file printed in a parsed format

Options

PATH

It is possible to view content within a directory of the gophermap. If the initial run shows directory Directory: foobar, setting path to /foobar will enumerate the contents of that folder. Default: [empty string].

Scenarios

Docker Gopher Server

msf > use auxiliary/scanner/gopher/gopher_gophermap
msf auxiliary(gopher_gophermap) > set RHOSTS localhost
RHOSTS => localhost
msf auxiliary(gopher_gophermap) > run

[+] 127.0.0.1:70          -   Text file: README.md
[+] 127.0.0.1:70          -     Path: localhost:70/README.md
[+] 127.0.0.1:70          -   Text file: test.txt
[+] 127.0.0.1:70          -     Path: localhost:70/test.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Gopher-server on Ubuntu 16.04

msf > use auxiliary/scanner/gopher/gopher_gophermap
msf auxiliary(gopher_gophermap) > set rhosts 1.1.1.1
rhosts => 1.1.1.1
msf auxiliary(gopher_gophermap) > set verbose true
verbose => true
msf auxiliary(gopher_gophermap) > run

[+] 1.1.1.1:70      - gopher custom gophermap
[+] 1.1.1.1:70      -
[+] 1.1.1.1:70      -   HTML: Hello World
[+] 1.1.1.1:70      -     Path: 1.1.1.1:70/example.html
[+] 1.1.1.1:70      -   Text file: Foo File
[+] 1.1.1.1:70      -     Path: 1.1.1.1:70/foobar.txt
[+] 1.1.1.1:70      -   Directory: msf
[+] 1.1.1.1:70      -     Path: 1.1.1.1:70/msf
[+] 1.1.1.1:70      -   HTML: metasploit homepage
[+] 1.1.1.1:70      -     Path: 1.1.1.1:70/URL:http://metasploit.com/
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed