CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/scripts/meterpreter/autoroute.rb
Views: 1904
1
##

2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.

3
# If you'd like to improve this script, please try to port it as a post

4
# module instead. Thank you.

5
##

6


7


8
#

9
# Meterpreter script for setting up a route from within a

10
# Meterpreter session, without having to background the

11
# current session.

12


13
# Default options

14
session = client

15
subnet = nil

16
netmask = "255.255.255.0"

17
print_only = false

18
remove_route = false

19
remove_all_routes = false

20


21
# Options parsing

22
@@exec_opts = Rex::Parser::Arguments.new(

23
  "-h" => [false, "Help and usage"],

24
  "-s" => [true, "Subnet (IPv4, for example, 10.10.10.0)"],

25
  "-n" => [true, "Netmask (IPv4, for example, 255.255.255.0"],

26
  "-p" => [false, "Print active routing table. All other options are ignored"],

27
  "-d" => [false, "Delete the named route instead of adding it"],

28
  "-D" => [false, "Delete all routes (does not require a subnet)"]

29
)

30


31
# Defines usage

32
def usage()

33
  print_status "Usage:   run autoroute [-r] -s subnet -n netmask"

34
  print_status "Examples:"

35
  print_status "  run autoroute -s 10.1.1.0 -n 255.255.255.0  # Add a route to 10.10.10.1/255.255.255.0"

36
  print_status "  run autoroute -s 10.10.10.1                 # Netmask defaults to 255.255.255.0"

37
  print_status "  run autoroute -s 10.10.10.1/24              # CIDR notation is also okay"

38
  print_status "  run autoroute -p                            # Print active routing table"

39
  print_status "  run autoroute -d -s 10.10.10.1              # Deletes the 10.10.10.1/255.255.255.0 route"

40
  print_status "Use the \"route\" and \"ipconfig\" Meterpreter commands to learn about available routes"

41
  print_error "Deprecation warning: This script has been replaced by the post/multi/manage/autoroute module"

42
end

43


44


45
@@exec_opts.parse(args) { |opt, idx, val|

46
  v = val.to_s.strip

47
  case opt

48
  when "-h"

49
    usage

50
    raise Rex::Script::Completed

51
  when "-s"

52
    if v =~ /[0-9\x2e]+\x2f[0-9]{1,2}/

53
      subnet,cidr = v.split("\x2f")

54
      netmask = Rex::Socket.addr_ctoa(cidr.to_i)

55
    else

56
      subnet = v

57
    end

58
  when "-n"

59
    if (0..32) === v.to_i

60
      netmask = Rex::Socket.addr_ctoa(v.to_i)

61
    else

62
      netmask = v

63
    end

64
  when "-p"

65
    print_only = true

66
  when "-d"

67
    remove_route = true

68
  when "-D"

69
    remove_all_routes = true

70
  end

71
}

72


73
def delete_all_routes

74
  if Rex::Socket::SwitchBoard.routes.size > 0

75
    routes = []

76
    Rex::Socket::SwitchBoard.each do |route|

77
      routes << {:subnet => route.subnet, :netmask => route.netmask}

78
    end

79
    routes.each {|route_opts| delete_route(route_opts)}

80


81
    print_status "Deleted all routes"

82
  else

83
    print_status "No routes have been added yet"

84
  end

85
  raise Rex::Script::Completed

86
end

87


88
# Identical functionality to command_dispatcher/core.rb, and

89
# nearly identical code

90
def print_routes

91
  if Rex::Socket::SwitchBoard.routes.size > 0

92
    tbl =	Msf::Ui::Console::Table.new(

93
      Msf::Ui::Console::Table::Style::Default,

94
      'Header'  => "Active Routing Table",

95
      'Prefix'  => "\n",

96
      'Postfix' => "\n",

97
      'Columns' =>

98
        [

99
          'Subnet',

100
          'Netmask',

101
          'Gateway',

102
        ],

103
      'ColProps' =>

104
        {

105
          'Subnet'  => { 'Width' => 17 },

106
          'Netmask' => { 'Width' => 17 },

107
        })

108
    ret = []

109


110
    Rex::Socket::SwitchBoard.each { |route|

111
      if (route.comm.kind_of?(Msf::Session))

112
        gw = "Session #{route.comm.sid}"

113
      else

114
        gw = route.comm.name.split(/::/)[-1]

115
      end

116
      tbl << [ route.subnet, route.netmask, gw ]

117
    }

118
      print tbl.to_s

119
  else

120
    print_status "No routes have been added yet"

121
  end

122
  raise Rex::Script::Completed

123
end

124


125
# Yet another IP validator. I'm sure there's some Rex

126
# function that can just do this.

127
def check_ip(ip=nil)

128
  return false if(ip.nil? || ip.strip.empty?)

129
  begin

130
    rw = Rex::Socket::RangeWalker.new(ip.strip)

131
    (rw.valid? && rw.length == 1) ? true : false

132
  rescue

133
    false

134
  end

135
end

136


137
# Adds a route to the framework instance

138
def add_route(opts={})

139
  subnet = opts[:subnet]

140
  netmask = opts[:netmask] || "255.255.255.0" # Default class C

141
  Rex::Socket::SwitchBoard.add_route(subnet, netmask, session)

142
end

143


144
# Removes a route to the framework instance

145
def delete_route(opts={})

146
  subnet = opts[:subnet]

147
  netmask = opts[:netmask] || "255.255.255.0" # Default class C

148
  Rex::Socket::SwitchBoard.remove_route(subnet, netmask, session)

149
end

150


151
# Validates the command options

152
def validate_cmd(subnet=nil,netmask=nil)

153
  if subnet.nil?

154
    print_error "Missing -s (subnet) option"

155
    return false

156
  end

157


158
  unless(check_ip(subnet))

159
    print_error "Subnet invalid (must be IPv4)"

160
    usage

161
    return false

162
  end

163


164
  if(netmask and !(Rex::Socket.addr_atoc(netmask)))

165
    print_error "Netmask invalid (must define contiguous IP addressing)"

166
    usage

167
    return false

168
  end

169


170
  if(netmask and !check_ip(netmask))

171
    print_error "Netmask invalid"

172
    return usage

173
  end

174
  true

175
end

176


177
if print_only

178
  print_routes()

179
  raise Rex::Script::Completed

180
end

181


182
if remove_all_routes

183
  delete_all_routes()

184
  raise Rex::Script::Completed

185
end

186


187
raise Rex::Script::Completed unless validate_cmd(subnet,netmask)

188


189
if remove_route

190
  print_status("Deleting route to %s/%s..." % [subnet,netmask])

191
  route_result = delete_route(:subnet => subnet, :netmask => netmask)

192
else

193
  print_status("Adding a route to %s/%s..." % [subnet,netmask])

194
  route_result = add_route(:subnet => subnet, :netmask => netmask)

195
end

196


197
if route_result

198
  print_good "%s route to %s/%s via %s" % [

199
    (remove_route ? "Deleted" : "Added"),

200
    subnet,netmask,client.sock.peerhost

201
  ]

202
else

203
  print_error "Could not %s route" % [(remove_route ? "delete" : "add")]

204
end

205


206
if Rex::Socket::SwitchBoard.routes.size > 0

207
  print_status "Use the -p option to list all active routes"

208
end

209


210


211