metasploit-framework/modules/post/windows/manage/vss_mount.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'
require 'rex'
require 'msf/core/post/windows/shadowcopy'
require 'msf/core/post/windows/priv'

class Metasploit3 < Msf::Post

	include Msf::Post::Windows::Priv
	include Msf::Post::Windows::ShadowCopy

	def initialize(info={})
		super(update_info(info,
			'Name'                 => "Windows Manage Mount Shadow Copy",
			'Description'          => %q{
				This module will attempt to mount a Volume Shadow Copy
				on the system. This is based on the VSSOwn Script 
				originally posted by Tim Tomes and Mark Baggett.
				
				Works on win2k3 and later.
				},
			'License'              => MSF_LICENSE,
			'Platform'             => ['windows'],
			'SessionTypes'         => ['meterpreter'],
			'Author'               => ['thelightcosine <thelightcosine[at]metasploit.com']
		))
		register_options(
			[
				OptString.new('DEVICE', [ true, 'DeviceObject of Shadowcopy to mount.' ]),
				OptString.new('PATH', [ true, 'Path to mount it to.' ])
			], self.class)
		
		
	end


	def run
		unless is_admin?
			print_error("This module requires admin privs to run")
			return
		end
		unless start_vss
			return
		end
		
		r = session.sys.process.execute("cmd.exe /C mklink /D #{datastore['DEVICE']} #{datastore['PATH']}", nil, {'Hidden' => true})
		
	end


end
Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 23:03:04 +00:00			`##`
			`# $Id$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/framework/`
			`##`


			`require 'msf/core'`
			`require 'rex'`
			`require 'msf/core/post/windows/shadowcopy'`
			`require 'msf/core/post/windows/priv'`

			`class Metasploit3 < Msf::Post`

			`include Msf::Post::Windows::Priv`
			`include Msf::Post::Windows::ShadowCopy`

			`def initialize(info={})`
			`super(update_info(info,`
			`'Name' => "Windows Manage Mount Shadow Copy",`
			`'Description' => %q{`
			`This module will attempt to mount a Volume Shadow Copy`
			`on the system. This is based on the VSSOwn Script`
			`originally posted by Tim Tomes and Mark Baggett.`

			`Works on win2k3 and later.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Platform' => ['windows'],`
			`'SessionTypes' => ['meterpreter'],`
			`'Author' => ['thelightcosine <thelightcosine[at]metasploit.com']`
			`))`
			`register_options(`
			`[`
			`OptString.new('DEVICE', [ true, 'DeviceObject of Shadowcopy to mount.' ]),`
			`OptString.new('PATH', [ true, 'Path to mount it to.' ])`
			`], self.class)`


			`end`


			`def run`
			`unless is_admin?`
			`print_error("This module requires admin privs to run")`
			`return`
			`end`
			`unless start_vss`
			`return`
			`end`

			`r = session.sys.process.execute("cmd.exe /C mklink /D #{datastore['DEVICE']} #{datastore['PATH']}", nil, {'Hidden' => true})`

			`end`



			`end`