Linux Post Gather Modules

From Metasploit Unleashed
Jump to: navigation, search

checkvm

The checkvm module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, and QEMU/KVM.

msf > use post/linux/gather/checkvm
msf post(checkvm) > show options

Module options (post/linux/gather/checkvm):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.

msf post(checkvm) > run

[*] Gathering System info ....
[+] This appears to be a 'VMware' virtual machine
[*] Post module execution completed

enum_configs

The enum_configs module collects configuration files found on commonly installed applications and services, such as Apache, MySQL, Samba, Sendmail, etc. If a config file is found in its default path, the module will assume that is the file we want.

msf  > use post/linux/gather/enum_configs 
msf post(enum_configs) > show options

Module options (post/linux/gather/enum_configs):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.

msf post(enum_configs) > run

[*] Running module against kali
[*] Info:
[*] 	Kali GNU/Linux 1.0.6  
[*] 	Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] apache2.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_735045.txt
[*] ports.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_787442.txt
[*] nginx.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_248658.txt
[*] my.cnf stored in /root/.msf4/loot/20140228005505_default_192.168.1.109_linux.enum.conf_577389.txt
[*] shells stored in /root/.msf4/loot/20140228005507_default_192.168.1.109_linux.enum.conf_583272.txt
[*] sepermit.conf stored in /root/.msf4/loot/20140228005507_default_192.168.1.109_linux.enum.conf_027227.txt
[*] ca-certificates.conf stored in /root/.msf4/loot/20140228005508_default_192.168.1.109_linux.enum.conf_626893.txt
[*] access.conf stored in /root/.msf4/loot/20140228005508_default_192.168.1.109_linux.enum.conf_619382.txt
[*] rpc stored in /root/.msf4/loot/20140228005509_default_192.168.1.109_linux.enum.conf_666867.txt
[*] debian.cnf stored in /root/.msf4/loot/20140228005509_default_192.168.1.109_linux.enum.conf_173984.txt
[*] chkrootkit.conf stored in /root/.msf4/loot/20140228005510_default_192.168.1.109_linux.enum.conf_025881.txt
[*] logrotate.conf stored in /root/.msf4/loot/20140228005510_default_192.168.1.109_linux.enum.conf_438551.txt
[*] smb.conf stored in /root/.msf4/loot/20140228005511_default_192.168.1.109_linux.enum.conf_545804.txt
[*] ldap.conf stored in /root/.msf4/loot/20140228005511_default_192.168.1.109_linux.enum.conf_464721.txt
[*] sysctl.conf stored in /root/.msf4/loot/20140228005513_default_192.168.1.109_linux.enum.conf_077261.txt
[*] proxychains.conf stored in /root/.msf4/loot/20140228005513_default_192.168.1.109_linux.enum.conf_855958.txt
[*] snmp.conf stored in /root/.msf4/loot/20140228005514_default_192.168.1.109_linux.enum.conf_291777.txt
[*] Post module execution completed

enum_network

The enum_network module gathers network information from the target system IPTables rules, interfaces, wireless information, open and listening ports, active network connections, DNS information and SSH information.

msf > use post/linux/gather/enum_network 
msf post(enum_network) > show options

Module options (post/linux/gather/enum_network):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.

msf post(enum_network) > run

[*] Running module against kali
[*] Module running as root
[+] Info:
[+] 	Kali GNU/Linux 1.0.6  
[+] 	Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Collecting data...
[*] Network config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_533784.txt
[*] Route table stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_173980.txt
[*] Firewall config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_332941.txt
[*] DNS config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_007812.txt
[*] SSHD config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_912697.txt
[*] Host file stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_477226.txt
[*] Active connections stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_052505.txt
[*] Wireless information stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_069586.txt
[*] Listening ports stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_574507.txt
[*] If-Up/If-Down stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_848840.txt
[*] Post module execution completed

enum_protections

The enum_protections module tries to find certain installed applications that can be used to prevent, or detect our attacks, which is done by locating certain binary locations, and see if they are indeed executables. For example, if we are able to run 'snort' as a command, we assume it's one of the files we are looking for. This module is meant to cover various antivirus, rootkits, IDS/IPS, firewalls, and other software.

msf > use post/linux/gather/enum_protections
msf post(enum_protections) > show options

Module options (post/linux/gather/enum_protections):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on. 

msf post(enum_protections) > run

[*] Running module against kali
[*] Info:
[*] 	Kali GNU/Linux 1.0.6  
[*] 	Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Finding installed applications...
[+] truecrypt found: /usr/bin/truecrypt
[+] logrotate found: /usr/sbin/logrotate
[+] chkrootkit found: /usr/sbin/chkrootkit
[+] lynis found: /usr/sbin/lynis
[+] tcpdump found: /usr/sbin/tcpdump
[+] proxychains found: /usr/bin/proxychains
[+] wireshark found: /usr/bin/wireshark
[*] Installed applications saved to notes.
[*] Post module execution completed

enum_system

The enum_system module gathers system information. It collects installed packages, installed services, mount information, user list, user bash history and cron jobs

msf > use post/linux/gather/enum_system 
msf post(enum_system) > show options

Module options (post/linux/gather/enum_system):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.

msf post(enum_system) > run

[+] Info:
[+] 	Kali GNU/Linux 1.0.6  
[+] 	Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Linux version stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_186949.txt
[*] User accounts stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_538758.txt
[*] Installed Packages stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_116127.txt
[*] Running Services stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_805781.txt
[*] Cron jobs stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_460600.txt
[*] Disk info stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_538625.txt
[*] Logfiles stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_922920.txt
[*] Setuid/setgid files stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_076798.txt
[*] Post module execution completed

enum_users_history

The enum_users_history module gathers user specific information. User list, bash history, mysql history, vim history, lastlog and sudoers.

msf > use post/linux/gather/enum_users_history
msf post(enum_users_history) > show options

Module options (post/linux/gather/enum_users_history):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on. 

msf post(enum_users_history) > run

[+] Info:
[+] 	Kali GNU/Linux 1.0.6  
[+] 	Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] History for root stored in /root/.msf4/loot/20140228005914_default_192.168.1.109_linux.enum.users_491309.txt
[*] History for root stored in /root/.msf4/loot/20140228005930_default_192.168.1.109_linux.enum.users_349754.txt
[*] Last logs stored in /root/.msf4/loot/20140228010003_default_192.168.1.109_linux.enum.users_170027.txt
[*] Sudoers stored in /root/.msf4/loot/20140228010003_default_192.168.1.109_linux.enum.users_210141.txt
[*] Post module execution completed




Module Reference > Post Modules > Linux Post Modules > Linux Post Gather Modules