Skip to content

Commit 57a3a28

Browse files
author
Brent Cook
committed
remove various session manipulation hacks since session.platform should always contain an os identifier
1 parent f466464 commit 57a3a28

File tree

8 files changed

+27
-121
lines changed

8 files changed

+27
-121
lines changed

modules/post/multi/gather/dns_bruteforce.rb

Lines changed: 4 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -32,23 +32,11 @@ def initialize(info={})
3232

3333
# Run Method for when run command is issued
3434
def run
35-
3635
domain = datastore['DOMAIN']
3736
hostlst = datastore['NAMELIST']
3837
a = []
3938

4039
print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}")
41-
if session.type =~ /shell/
42-
# Only one thread possible when shell
43-
thread_num = 1
44-
# Use the shell platform for selecting the command
45-
platform = session.platform
46-
else
47-
# When in Meterpreter the safest thread number is 10
48-
thread_num = 10
49-
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
50-
platform = session.sys.config.sysinfo['OS']
51-
end
5240

5341
name_list = []
5442
if ::File.exist?(hostlst)
@@ -57,18 +45,17 @@ def run
5745
end
5846
end
5947

60-
platform = session.platform
61-
62-
case platform
48+
case session.platform
6349
when /win/i
6450
cmd = "nslookup"
6551
when /solaris/i
6652
cmd = "/usr/sbin/host "
6753
else
6854
cmd = "/usr/bin/host "
6955
end
70-
while(not name_list.nil? and not name_list.empty?)
71-
1.upto(thread_num) do
56+
57+
while !name_list.nil? && !name_list.empty?
58+
1.upto session.max_threads do
7259
a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n|
7360
next if n.nil?
7461
vprint_status("Trying #{n.strip}.#{domain}")

modules/post/multi/gather/dns_reverse_lookup.rb

Lines changed: 5 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -44,34 +44,21 @@ def run
4444
iplst << ipa
4545
end
4646

47-
if session.type =~ /shell/
48-
# Only one thread possible when shell
49-
thread_num = 1
50-
# Use the shell platform for selecting the command
51-
platform = session.platform
52-
else
53-
# When in Meterpreter the safest thread number is 10
54-
thread_num = 10
55-
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
56-
platform = session.sys.config.sysinfo['OS']
57-
end
58-
59-
platform = session.platform
60-
61-
case platform
47+
case session.platform
6248
when /win/i
6349
cmd = "nslookup"
6450
when /solaris/i
6551
cmd = "/usr/sbin/host"
6652
else
6753
cmd = "/usr/bin/host"
6854
end
69-
while(not iplst.nil? and not iplst.empty?)
70-
1.upto(thread_num) do
55+
56+
while !iplst.nil? && !iplst.empty?
57+
1.upto session.max_threads do
7158
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
7259
next if ip_add.nil?
7360
r = cmd_exec(cmd, " #{ip_add}")
74-
case platform
61+
case session.platform
7562
when /win/
7663
if r =~ /(Name)/
7764
r.scan(/Name:\s*\S*\s/) do |n|

modules/post/multi/gather/dns_srv_lookup.rb

Lines changed: 4 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -55,22 +55,7 @@ def run
5555

5656
a = []
5757

58-
59-
if session.type =~ /shell/
60-
# Only one thread possible when shell
61-
thread_num = 1
62-
# Use the shell platform for selecting the command
63-
platform = session.platform
64-
else
65-
# When in Meterpreter the safest thread number is 10
66-
thread_num = 10
67-
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
68-
platform = session.sys.config.sysinfo['OS']
69-
end
70-
71-
platform = session.platform
72-
73-
case platform
58+
case session.platform
7459
when /win/i
7560
ns_opt = " -query=srv "
7661
cmd = "nslookup"
@@ -82,13 +67,13 @@ def run
8267
cmd = "/usr/bin/host"
8368
end
8469

85-
while(not srvrcd.nil? and not srvrcd.empty?)
86-
1.upto(thread_num) do
70+
while !srvrcd.nil? && !srvrcd.empty?
71+
1.upto session.max_threads do
8772
a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv|
8873
next if srv.nil?
8974
r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}")
9075

91-
case platform
76+
case session.platform
9277
when /win/
9378
if r =~ /\s*internet\saddress\s\=\s/
9479
nslookup_srv_consume("#{srv}#{domain}", r).each do |f|

modules/post/multi/gather/ping_sweep.rb

Lines changed: 3 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -40,21 +40,8 @@ def run
4040
end
4141
iplst << ipa
4242
end
43-
if session.type =~ /shell/
44-
# Only one thread possible when shell
45-
thread_num = 1
46-
# Use the shell platform for selecting the command
47-
platform = session.platform
48-
else
49-
# When in Meterpreter the safest thread number is 10
50-
thread_num = 10
51-
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
52-
platform = session.sys.config.sysinfo['OS']
53-
end
54-
55-
platform = session.platform
5643

57-
case platform
44+
case session.platform
5845
when /win/i
5946
count = " -n 1 "
6047
cmd = "ping"
@@ -69,10 +56,10 @@ def run
6956

7057
while(not iplst.nil? and not iplst.empty?)
7158
a = []
72-
1.upto(thread_num) do
59+
1.upto session.max_threads do
7360
a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
7461
next if ip_add.nil?
75-
if platform =~ /solaris/i
62+
if session.platform =~ /solaris/i
7663
r = cmd_exec(cmd, "-n #{ip_add} 1")
7764
else
7865
r = cmd_exec(cmd, count + ip_add)

modules/post/multi/gather/skype_enum.rb

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,19 +7,12 @@
77
require 'rex'
88
require 'csv'
99

10-
11-
12-
13-
1410
class MetasploitModule < Msf::Post
1511

1612
include Msf::Post::File
1713
include Msf::Post::Windows::UserProfiles
18-
1914
include Msf::Post::OSX::System
2015

21-
22-
2316
def initialize(info={})
2417
super( update_info( info,
2518
'Name' => 'Multi Gather Skype User Data Enumeration',
@@ -52,9 +45,9 @@ def run
5245
return
5346
end
5447

55-
if (session.platform =~ /java/) || (session.platform =~ /osx/)
56-
# Make sure a Java Meterpreter on anything but OSX will exit
57-
if session.platform =~ /java/ and sysinfo['OS'] !~ /Mac OS X/
48+
if session.platform =~ /java/
49+
# Make sure that Java Meterpreter on anything but OSX will exit
50+
if session.platform !~ /osx/
5851
print_error("This session type and platform are not supported.")
5952
return
6053
end
@@ -105,7 +98,7 @@ def check_skype(path, user)
10598
# Download file using Meterpreter functionality and returns path in loot for the file
10699
def download_db(profile)
107100
if session.type =~ /meterpreter/
108-
if sysinfo['OS'] =~ /Mac OS X/
101+
if session.platform =~ /osx/
109102
file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true)
110103
else
111104
file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true)

modules/post/multi/gather/wlan_geolocate.rb

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -108,18 +108,8 @@ def perform_geolocation(wlan_list)
108108

109109
# Run Method for when run command is issued
110110
def run
111-
if session.type =~ /shell/
112-
# Use the shell platform for selecting the command
113-
platform = session.platform
114-
else
115-
# For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
116-
platform = session.sys.config.sysinfo['OS']
117-
platform = 'osx' if platform =~ /darwin/i
118-
end
119-
120-
case platform
111+
case session.platform
121112
when /win/i
122-
123113
listing = cmd_exec('netsh wlan show networks mode=bssid')
124114
if listing.nil?
125115
print_error("Unable to generate wireless listing.")
@@ -136,7 +126,6 @@ def run
136126
end
137127

138128
when /osx/i
139-
140129
listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
141130
if listing.nil?
142131
print_error("Unable to generate wireless listing.")
@@ -152,7 +141,6 @@ def run
152141
end
153142

154143
when /linux/i
155-
156144
listing = cmd_exec('iwlist scanning')
157145
if listing.nil?
158146
print_error("Unable to generate wireless listing.")
@@ -169,7 +157,6 @@ def run
169157
end
170158

171159
when /solaris/i
172-
173160
listing = cmd_exec('dladm scan-wifi')
174161
if listing.blank?
175162
print_error("Unable to generate wireless listing.")
@@ -182,7 +169,6 @@ def run
182169
end
183170

184171
when /bsd/i
185-
186172
interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
187173
# Printing interface as this platform requires the interface to be specified
188174
# it might not be detected correctly.

modules/post/multi/manage/set_wallpaper.rb

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -71,12 +71,7 @@ def android_set_wallpaper(file)
7171
end
7272

7373
def os_set_wallpaper(file)
74-
if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i
75-
platform = 'osx'
76-
else
77-
platform = session.platform
78-
end
79-
case platform
74+
case session.platform
8075
when /osx/
8176
osx_set_wallpaper(file)
8277
when /win/

modules/post/osx/gather/enum_osx.rb

Lines changed: 5 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,6 @@ def run
5353

5454
#parse the dslocal plist in lion
5555
def read_ds_xml_plist(plist_content)
56-
5756
require "rexml/document"
5857

5958
doc = REXML::Document.new(plist_content)
@@ -132,11 +131,7 @@ def check_server
132131
when /shell/
133132
osx_ver = cmd_exec("/usr/bin/sw_vers -productName").chomp
134133
end
135-
if osx_ver =~/Server/
136-
return true
137-
else
138-
return false
139-
end
134+
return osx_ver =~/Server/
140135
end
141136

142137
# Enumerate the OS Version
@@ -148,13 +143,10 @@ def get_ver
148143
when /shell/
149144
osx_ver_num = cmd_exec('/usr/bin/sw_vers -productVersion').chomp
150145
end
151-
152146
return osx_ver_num
153147
end
154148

155149
def enum_conf(log_folder)
156-
157-
session_type = session.type
158150
profile_datatypes = {
159151
'OS' => 'SPSoftwareDataType',
160152
'Network' => 'SPNetworkDataType',
@@ -188,11 +180,11 @@ def enum_conf(log_folder)
188180
profile_datatypes.each do |name, profile_datatypes|
189181
print_status("\tEnumerating #{name}")
190182
# Run commands according to the session type
191-
if session_type =~ /meterpreter/
183+
if session.type =~ /meterpreter/
192184
returned_data = cmd_exec('system_profiler', profile_datatypes)
193185
# Save data lo log folder
194186
file_local_write(log_folder+"//#{name}.txt",returned_data)
195-
elsif session_type =~ /shell/
187+
elsif session.type =~ /shell/
196188
begin
197189
returned_data = cmd_exec("/usr/sbin/system_profiler #{profile_datatypes}", 15)
198190
# Save data lo log folder
@@ -207,11 +199,11 @@ def enum_conf(log_folder)
207199
print_status("\tEnumerating #{name}")
208200
# Run commands according to the session type
209201
begin
210-
if session_type =~ /meterpreter/
202+
if session.type =~ /meterpreter/
211203
command_output = cmd_exec(command[0],command[1])
212204
# Save data lo log folder
213205
file_local_write(log_folder+"//#{name}.txt",command_output)
214-
elsif session_type =~ /shell/
206+
elsif session.type =~ /shell/
215207
command_output = cmd_exec(command[0], command[1])
216208
# Save data lo log folder
217209
file_local_write(log_folder+"//#{name}.txt",command_output)
@@ -222,9 +214,7 @@ def enum_conf(log_folder)
222214
end
223215
end
224216

225-
226217
def enum_accounts(log_folder,ver_num)
227-
228218
# Specific commands for Leopard and Snow Leopard
229219
leopard_commands = {
230220
'Users' => ['/usr/bin/dscacheutil', '-q user'],
@@ -261,13 +251,11 @@ def enum_accounts(log_folder,ver_num)
261251
file_local_write(log_folder + "//#{name}.txt", command_output)
262252
end
263253
end
264-
265254
end
266255

267256

268257
# Method for getting SSH and GPG Keys
269258
def get_crypto_keys(log_folder)
270-
271259
# Run commands according to the session type
272260
if session.type =~ /shell/
273261

@@ -349,7 +337,6 @@ def get_crypto_keys(log_folder)
349337
end
350338
end
351339
end
352-
353340
end
354341
end
355342
end
@@ -381,7 +368,6 @@ def screenshot(log_folder, ver_num)
381368
end
382369
end
383370
print_status("Screenshot Captured")
384-
385371
end
386372
end
387373

0 commit comments

Comments
 (0)