wchen-r7/smb_checks.rc Secret

## smb_checks.rc
<ruby>
@job_ids = []

def wait_until_jobs_done
    while true
        @job_ids.each do |job_id|
            current_job_ids = framework.jobs.keys.map { |e| e.to_i }
            sleep 1 if current_job_ids.include?(job_id)
        end

        return
    end
end

def check_ms17_010(host, serv)
    print_status("Checking MS17-010 on #{host.address}")
    mod = framework.modules.create('auxiliary/scanner/smb/smb_ms17_010')
    mod.datastore['RHOSTS'] = host.address
    mod.datastore['RPORT'] = serv.port
    mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
    print_status("MS17-010 job ID for target #{host.address} is: #{mod.job_id}")
    @job_ids << mod.job_id
end

def check_ms08_067_netapi(host, serv)
    print_status("Checking MS08-067 on #{host.address}")
    mod = framework.exploits.create('windows/smb/ms08_067_netapi')
    mod.datastore['RHOST'] = host.address
    begin
        check_code = mod.check_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
        if mod.job_id
            print_status("MS08-067 job ID for target #{host.address} is: #{mod.job_id}")
            @job_ids << mod.job_id
        end

        if check_code == Msf::Exploit::CheckCode::Vulnerable
            framework.db.report_vuln(
                workspace: mod.workspace,
                host: mod.rhost,
                name: mod.name,
                info: "This was flagged as vulnerable by the explicit check of #{mod.fullname}.",
                refs: mod.references
            )
        end
    rescue ::Exception => e
        print_error(e.message)
    end
end

def check_smbv1(host, serv)
    print_status("Checking SMBv1 on #{host.address}")
    mod = framework.modules.create('auxiliary/scanner/smb/smb1')
    mod.datastore['RHOSTS'] = host.address
    mod.datastore['RPORT'] = serv.port
    mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
    print_status("SMBv1 check job ID for target #{host.address} is: #{mod.job_id}")
    @job_ids << mod.job_id
end

def is_smb?(host, serv)
    return false unless serv.host
    return false if serv.state != Msf::ServiceState::Open
    return false if serv.port != 445
    true
end

def do_checks
    print_status("Number of hosts to check: #{framework.db.workspace.hosts.length}")
    framework.db.workspace.hosts.each do |host|
        host.services.each do |serv|
            next unless is_smb?(host, serv)
            print_status("Checking #{host.address}:#{serv.port} (#{serv.name})")
            check_smbv1(host, serv)
            check_ms17_010(host, serv)
            check_ms08_067_netapi(host, serv)
        end
    end
end

def setup
    run_single("setg verbose true")
end

def main
    print_status('Performing checks...')
    do_checks
    wait_until_jobs_done
end

setup
main

</ruby>
	<ruby>
	@job_ids = []

	def wait_until_jobs_done
	while true
	@job_ids.each do \|job_id\|
	current_job_ids = framework.jobs.keys.map { \|e\| e.to_i }
	sleep 1 if current_job_ids.include?(job_id)
	end

	return
	end
	end

	def check_ms17_010(host, serv)
	print_status("Checking MS17-010 on #{host.address}")
	mod = framework.modules.create('auxiliary/scanner/smb/smb_ms17_010')
	mod.datastore['RHOSTS'] = host.address
	mod.datastore['RPORT'] = serv.port
	mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
	print_status("MS17-010 job ID for target #{host.address} is: #{mod.job_id}")
	@job_ids << mod.job_id
	end

	def check_ms08_067_netapi(host, serv)
	print_status("Checking MS08-067 on #{host.address}")
	mod = framework.exploits.create('windows/smb/ms08_067_netapi')
	mod.datastore['RHOST'] = host.address
	begin
	check_code = mod.check_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
	if mod.job_id
	print_status("MS08-067 job ID for target #{host.address} is: #{mod.job_id}")
	@job_ids << mod.job_id
	end

	if check_code == Msf::Exploit::CheckCode::Vulnerable
	framework.db.report_vuln(
	workspace: mod.workspace,
	host: mod.rhost,
	name: mod.name,
	info: "This was flagged as vulnerable by the explicit check of #{mod.fullname}.",
	refs: mod.references
	)
	end
	rescue ::Exception => e
	print_error(e.message)
	end
	end

	def check_smbv1(host, serv)
	print_status("Checking SMBv1 on #{host.address}")
	mod = framework.modules.create('auxiliary/scanner/smb/smb1')
	mod.datastore['RHOSTS'] = host.address
	mod.datastore['RPORT'] = serv.port
	mod.run_simple({ 'RunAsJob' => true, 'LocalOutput' => self.output })
	print_status("SMBv1 check job ID for target #{host.address} is: #{mod.job_id}")
	@job_ids << mod.job_id
	end

	def is_smb?(host, serv)
	return false unless serv.host
	return false if serv.state != Msf::ServiceState::Open
	return false if serv.port != 445
	true
	end

	def do_checks
	print_status("Number of hosts to check: #{framework.db.workspace.hosts.length}")
	framework.db.workspace.hosts.each do \|host\|
	host.services.each do \|serv\|
	next unless is_smb?(host, serv)
	print_status("Checking #{host.address}:#{serv.port} (#{serv.name})")
	check_smbv1(host, serv)
	check_ms17_010(host, serv)
	check_ms08_067_netapi(host, serv)
	end
	end
	end

	def setup
	run_single("setg verbose true")
	end

	def main
	print_status('Performing checks...')
	do_checks
	wait_until_jobs_done
	end

	setup
	main

	</ruby>