Adjusted to include import

Author: OJ

lib/rex/post/meterpreter/extensions/python/python.rb

@@ -17,6 +17,17 @@ module Python
 
 class Python < Extension
 
+  PY_CODE_TYPE_STRING = 0
+  PY_CODE_TYPE_PY     = 1
+  PY_CODE_TYPE_PYC    = 2
+
+  PY_CODE_FILE_TYPES = [ '.py', '.pyc' ]
+
+  PY_CODE_FILE_TYPE_MAP = {
+    '.py'  => PY_CODE_TYPE_PY,
+    '.pyc' => PY_CODE_TYPE_PYC
+  }
+
   #
   # Typical extension initialization routine.
   #
@@ -40,15 +51,44 @@ def reset
     return true
   end
 
+  def import(file, mod_name, result_var)
+    unless ::File.file?(file)
+      raise ArgumentError, "File not found: #{file}"
+    end
+
+    ext = ::File.extname(file).downcase
+    unless PY_CODE_FILE_TYPES.include?(ext)
+      raise ArgumentError, "File not a valid type: #{file}"
+    end
+
+    code = ::File.read(file)
+
+    request = Packet.create_request('python_execute')
+    request.add_tlv(TLV_TYPE_PYTHON_CODE, code)
+    request.add_tlv(TLV_TYPE_PYTHON_CODE_LEN, code.length)
+    request.add_tlv(TLV_TYPE_PYTHON_CODE_TYPE, PY_CODE_FILE_TYPE_MAP[ext])
+    request.add_tlv(TLV_TYPE_PYTHON_NAME, mod_name) if mod_name
+    request.add_tlv(TLV_TYPE_PYTHON_RESULT_VAR, result_var) if result_var
+
+    run_exec_request(request)
+  end
+
   #
   # Dump the LSA secrets from the target machine.
   #
   # @return [Hash<Symbol,Object>]
   def execute_string(code, result_var)
-    request = Packet.create_request('python_execute_string')
+    request = Packet.create_request('python_execute')
     request.add_tlv(TLV_TYPE_PYTHON_CODE, code)
+    request.add_tlv(TLV_TYPE_PYTHON_CODE_TYPE, PY_CODE_TYPE_STRING)
     request.add_tlv(TLV_TYPE_PYTHON_RESULT_VAR, result_var) if result_var
 
+    run_exec_request(request)
+  end
+
+private
+
+  def run_exec_request(request)
     response = client.send_request(request)
 
     result = {

lib/rex/post/meterpreter/extensions/python/tlv.rb

@@ -7,9 +7,12 @@ module Python
 
 TLV_TYPE_PYTHON_STDOUT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_PYTHON_STDERR             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
-TLV_TYPE_PYTHON_CODE               = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
-TLV_TYPE_PYTHON_RESULT_VAR         = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4)
-TLV_TYPE_PYTHON_RESULT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 5)
+TLV_TYPE_PYTHON_CODE               = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 3)
+TLV_TYPE_PYTHON_CODE_LEN           = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 4)
+TLV_TYPE_PYTHON_CODE_TYPE          = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 5)
+TLV_TYPE_PYTHON_NAME               = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 6)
+TLV_TYPE_PYTHON_RESULT_VAR         = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 7)
+TLV_TYPE_PYTHON_RESULT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 8)
 
 end
 end

lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb

@@ -30,7 +30,8 @@ def name
   def commands
     {
       'python_reset'              => 'Resets/restarts the Python interpreter',
-      'python_execute'            => 'Execute a python command string'
+      'python_execute'            => 'Execute a python command string',
+      'python_import'             => 'Import/run a python run'
     }
   end
 
@@ -39,9 +40,57 @@ def cmd_python_reset(*args)
     print_good('Python interpreter successfully reset')
   end
 
+  @@python_import_opts = Rex::Parser::Arguments.new(
+    '-h' => [false, 'Help banner'],
+    '-f' => [true,  'Path to the file (.py, .pyc) to import'],
+    '-m' => [true,  'Name of the module (optional)'],
+    '-r' => [true,  'Name of the variable containing the result (optional)']
+  )
+
+  def python_import_usage
+    print_line('Usage: python_imoprt <-f file path> [-m mod name] [-r result var name]')
+    print_line
+    print_line('Loads a python code file from disk into memory on the target.')
+    print_line(@@python_import_opts.usage)
+  end
+
+  #
+  # Import/run a python file
+  #
+  def cmd_python_import(*args)
+    if args.length == 0 || args.include?('-h')
+      python_import_usage
+      return false
+    end
+
+    result_var = nil
+    file = nil
+    mod_name = nil
+
+    @@python_import_opts.parse(args) { |opt, idx, val|
+      case opt
+      when '-f'
+        file = val
+      when '-m'
+        mod_name = val
+      when '-r'
+        result_var = val
+      end
+    }
+
+    unless file
+      print_error("File path must be specified")
+      return false
+    end
+
+    result = client.python.import(file, mod_name, result_var)
+
+    handle_exec_result(result, result_var)
+  end
+
   @@python_execute_opts = Rex::Parser::Arguments.new(
     '-h' => [false, 'Help banner'],
-    '-r' => [true,  'Name of the variable containing the result']
+    '-r' => [true,  'Name of the variable containing the result (optional)']
   )
 
   def python_execute_usage
@@ -73,6 +122,13 @@ def cmd_python_execute(*args)
     }
 
     result = client.python.execute_string(code, result_var)
+
+    handle_exec_result(result, result_var)
+  end
+
+private
+
+  def handle_exec_result(result, result_var)
     if result[:result]
       print_good("#{result_var} = #{result[:result]}")
     elsif result[:stdout].length == 0 and result[:stderr].length == 0