Write Messages to Users

2015-11-11T17:15:32
ID MSF:POST/MULTI/GENERAL/WALL
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

This module utilizes the wall(1) or write(1) utilities, as appropriate, to send messages to users on the target system.

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  def initialize(info = {})
    super(
      update_info(
        info,
        'Name'          => 'Write Messages to Users',
        'Description'   => %q{
          This module utilizes the wall(1) or write(1) utilities, as appropriate,
          to send messages to users on the target system.
        },
        'License'       => MSF_LICENSE,
        'Author'        => [
          'Jon Hart <jon_hart[at]rapid7.com>' # original metasploit module
        ],
        # TODO: is there a way to do this on Windows?
        'Platform'      => %w(linux osx unix),
        'SessionTypes'  => %w(shell meterpreter)
      )
    )
    register_options(
      [
        OptString.new('MESSAGE', [false, 'The message to send', '']),
        OptString.new('USERS', [false, 'List of users to write(1) to, separated by commas. ' \
                      ' wall(1)s to all users by default']),
        OptBool.new('COWSAY', [true, 'Display MESSAGE in a ~cowsay way', false])
      ])
  end

  def users
    datastore['USERS'] ? datastore['USERS'].split(/\s*,\s*/) : nil
  end

  def message
    if datastore['MESSAGE'].blank?
      text = "Hello from a metasploit session at #{Time.now}"
    else
      text = datastore['MESSAGE']
    end

    datastore['COWSAY'] ? Rex::Text.cowsay(text) : text
  end

  def run
    if users
      # this requires that the target user has write turned on
      users.map { |user| cmd_exec("echo '#{message}' | write #{user}") }
    else
      # this will send the messages to all users, regardless of whether or
      # not they have write turned on.  If the session is root, the -n will disable
      # the annoying banner
      cmd_exec("echo '#{message}' | wall -n")
    end
  end
end