-
-
Save wchen-r7/f8fc3dca691df1555c49d4c6a4951e4a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<ruby> | |
@job_ids = [] | |
def wait_until_jobs_done | |
while true | |
@job_ids.each do |job_id| | |
current_job_ids = framework.jobs.keys.map { |e| e.to_i } | |
sleep 1 if current_job_ids.include?(job_id) | |
end | |
return | |
end | |
end | |
def check_ms17_010(host, serv) | |
print_status("Checking MS17-010 on #{host.address}") | |
mod = framework.modules.create('auxiliary/scanner/smb/smb_ms17_010') | |
mod.datastore['RHOSTS'] = host.address | |
mod.datastore['RPORT'] = serv.port | |
mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output }) | |
print_status("MS17-010 job ID for target #{host.address} is: #{mod.job_id}") | |
@job_ids << mod.job_id | |
end | |
def check_ms08_067_netapi(host, serv) | |
print_status("Checking MS08-067 on #{host.address}") | |
mod = framework.exploits.create('windows/smb/ms08_067_netapi') | |
mod.datastore['RHOST'] = host.address | |
begin | |
check_code = mod.check_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output }) | |
if mod.job_id | |
print_status("MS08-067 job ID for target #{host.address} is: #{mod.job_id}") | |
@job_ids << mod.job_id | |
end | |
if check_code == Msf::Exploit::CheckCode::Vulnerable | |
framework.db.report_vuln( | |
workspace: mod.workspace, | |
host: mod.rhost, | |
name: mod.name, | |
info: "This was flagged as vulnerable by the explicit check of #{mod.fullname}.", | |
refs: mod.references | |
) | |
end | |
rescue ::Exception => e | |
print_error(e.message) | |
end | |
end | |
def check_smbv1(host, serv) | |
print_status("Checking SMBv1 on #{host.address}") | |
mod = framework.modules.create('auxiliary/scanner/smb/smb1') | |
mod.datastore['RHOSTS'] = host.address | |
mod.datastore['RPORT'] = serv.port | |
mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output }) | |
print_status("SMBv1 check job ID for target #{host.address} is: #{mod.job_id}") | |
@job_ids << mod.job_id | |
end | |
def is_smb?(host, serv) | |
return false unless serv.host | |
return false if serv.state != Msf::ServiceState::Open | |
return false if serv.port != 445 | |
true | |
end | |
def do_checks | |
print_status("Number of hosts to check: #{framework.db.workspace.hosts.length}") | |
framework.db.workspace.hosts.each do |host| | |
host.services.each do |serv| | |
next unless is_smb?(host, serv) | |
print_status("Checking #{host.address}:#{serv.port} (#{serv.name})") | |
check_smbv1(host, serv) | |
check_ms17_010(host, serv) | |
check_ms08_067_netapi(host, serv) | |
end | |
end | |
end | |
def setup | |
run_single("setg verbose true") | |
end | |
def main | |
print_status('Performing checks...') | |
do_checks | |
wait_until_jobs_done | |
end | |
setup | |
main | |
</ruby> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment