Skip to content

Metasploit plugin: notify_mail.rb (email notification)

by foip on October 12th, 2012

1. Introduction

Here is a Metasploit plug-in which allows you to get e-mail notifications when new sessions open. The usage of this plug-in makes sense during Social Engineering attacks, or during client-side exploitations since you don’t always know when the payload will be executed on the victim computer.

In order to use this plug-in:

  • Copy the Ruby script (notify_mail.rb) into the “/plugin/” folder of Metasploit.
  • Load an exploit module (or multi/handler) and activate the plug-in by typing “load notify_mail“.
  • Setup your sender/recipient email addresses and the SMTP server you want to use.

Note that you may need to set up a valid sender email address (at least a valid domain name) depending on the configuration of the SMTP server you use.

2. Usage example

msf exploit(handler) > load notify_mail
[*] Successfully loaded plugin: notify_mail
msf exploit(handler) > help

notify_mail Commands
====================

    Command               Description
    -------               -----------
    notify_mail_load      Load settings from configuration file
    notify_mail_mailfrom  Set sender e-mail address
    notify_mail_mailto    Set recipient e-mail address
    notify_mail_save      Save settings to configuration file
    notify_mail_show      Show current settings
    notify_mail_smtpport  Set SMTP server port
    notify_mail_smtpsrv   Set SMTP server hostname/IP

....

msf exploit(handler) > notify_mail_mailfrom me@domain.com
MAILFROM => me@domain.com
msf exploit(handler) > notify_mail_mailto me@domain.com
MAILTO => me@domain.com
msf exploit(handler) > notify_mail_smtpsrv 127.0.0.1
SMTPSRV => 127.0.0.1
msf exploit(handler) > notify_mail_smtpport 25
SMTPPORT => 25
msf exploit(handler) > notify_mail_show
MAILFROM : me@domain.com
MAILTO   : me@domain.com
SMTPSRV  : 127.0.0.1
SMTPPORT : 25
msf exploit(handler) > notify_mail_save
[*] Saving paramters to config file
[+] All parameters saved to /root/.msf4/notify_mail.yaml
msf exploit(handler) >

3. Download

Save the following file into <msf>/plugins/ folder

Source: notify_mail.rb.gz

4. Other suggested plugins

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...Loading...

© 2012 – 2014, Fun Over IP. All rights reserved.

From → Hacking, Metasploit

6 Comments
  1. DeeGee permalink

    Hi , Great blog loved your browser av evasion post. Can you enlighten me on the requirements to get this working pls!!!

    Does sendmail need to be running or are you running your own smtp server on the box.

    Kind Regards Dee

    • foip permalink

      Hi Dee,
      Thanks for your comment.

      In the example, I use a local SMTP daemon (127.0.0.1), but you can use any SMTP server you want (e.g. the SMTP server of your ISP).
      Just pay attention to the Sender address you will use. If you set an non-existing domain name, your mails might be treated as SPAM by your ISP, and then rejected.

      Cheers.

      • DeeGee permalink

        Thanks for you reply, if using gmail do i need a sendmail deamon running or does msf take care of it? not clued up on ruby.

        cheers

        • foip permalink

          Well, you have several options. Typically:

          1) use the SMTP server provided by your ISP. Probably the easiest solution. Ask your ISP for the SMTP server address

          2) Install postfix or sendmail or exim (or …) on your Metasploit box to run a local SMTP daemon. Maybe there is already an SMTP daemon installed on backtrack, I don’t know.

          3) Use Google SMTP service. This requires some hack of my plugin because you need to provide with your Google username/password for the email to be accepted. Check here:
          http://lifehacker.com/111166/how-to-use-gmail-as-your-smtp-server
          Also some examples of Net::SMTP class usage with authentication:
          http://www.ruby-doc.org/stdlib-2.0/libdoc/net/smtp/rdoc/Net/SMTP.html
          (I never tested this option)

          Good luck.

          • DeeGee permalink

            Hi again,

            Im still having issues, no errors though.

            Im guessing ruby takes care of the mailing (Net::SMTP.start)

            Would appreciate your help on this…

            My multi/handler commands are as follows:

            use exploit/multi/handler
            set payload windows/meterpreter/reverse_https
            set lport 9091
            set lhost 192.68.0.2
            set AutoRunScript migrate -n explorer
            load notify_mail
            notify_mail_mailfrom from-my-email@googlemail.com
            notify_mail_mailto to-my-email@googlemail.com
            notify_mail_smtpsrv smtp.gmail.com
            notify_mail_smtpport 587
            notify_mail_save

            I’ve cat the .yaml file and its all in there..
            I get the session and it migrates but nothing more.

            now, mail works from command line :

            root@kali:~# mail -s “Subject” to-my-email@googlemail.com
            Meterpreter session created from attax-suite!!!!
            .
            EOT
            root@kali:~#

            receives right away!!!!

            As you can see im using Kali

            root@kali:~# ruby -v
            ruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux]

            Kind Regards Dee

          • foip permalink

            Hi,
            I just checked Kali. exim is installed. Just start it and set the SMTP server ip to 127.0.0.1.

Comments are closed.

© 2010-2014 Fun Over IP All Rights Reserved -- Copyright notice by Blog Copyright