Feature: Autoadd for /post/windows/manage/autoroute.rb #6515
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
While working on a project demonstration, I noticed that the auto_add_route plugin wasn't wanting to work for Meterpreter Reverse HTTPS payloads. It was even preventing the running of AutoRunScripts after session creation. So I turned to the /post/windows/manage/autoroute module as a different option. However, it didn't have the same functionality to search for subnets and add them to routing automatically.
Work
I took the core functionality of the auto_add_route plugin and added it to the autoroute post module. Cleaned up the code from the plugin and added some error handling. Added an "autoadd" switch to the "CMD" datastore. In this PR the "autoadd" switch is set to default, but the default can be switched back to "add" if it looks like it may break people's scripts.
Testing
The added feature was successfully tested on the following:
(Using both Reverse TCP and Reverse HTTPS payloads)
Win XP
Win Vista
Win 7
Win 8.1
Win 10
Server 2008 R2
Server 2012 RT
Testing method
Screenshots
Operation with session that has additional subnets.
Operation with session that has no new subnets.
Pivot test - Attack WinXP SP0 machine on internal subnet.