From caddf545c48a7293f8ba9ed47f24d4b31129c34f Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Wed, 1 Jul 2015 20:49:14 -0500 Subject: [PATCH] Make getsystem more verbose Resolves #4401 --- .../command_dispatcher/priv/elevate.rb | 63 ++++++++++++++----- 1 file changed, 49 insertions(+), 14 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb index 19c606f42f..2ed17dc21c 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb @@ -17,17 +17,20 @@ class Console::CommandDispatcher::Priv::Elevate include Console::CommandDispatcher - ELEVATE_TECHNIQUE_NONE = -1 - ELEVATE_TECHNIQUE_ANY = 0 - ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE = 1 - ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 = 2 - ELEVATE_TECHNIQUE_SERVICE_TOKENDUP = 3 + ELEVATE_TECHNIQUE_NONE = -1 + ELEVATE_TECHNIQUE_ANY = 0 + ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE = 1 + ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 = 2 + ELEVATE_TECHNIQUE_SERVICE_TOKENDUP = 3 + + ELEVATE_TECHNIQUE_DESCRIPTION = + [ + "All techniques available", + "Service - Named Pipe Impersonation (In Memory/Admin)", + "Service - Named Pipe Impersonation (Dropper/Admin)", + "Service - Token Duplication (In Memory/Admin)" + ] - ELEVATE_TECHNIQUE_DESCRIPTION = [ "All techniques available", - "Service - Named Pipe Impersonation (In Memory/Admin)", - "Service - Named Pipe Impersonation (Dropper/Admin)", - "Service - Token Duplication (In Memory/Admin)" - ] # # List of supported commands. # @@ -45,6 +48,26 @@ class Console::CommandDispatcher::Priv::Elevate end + # + # Returns the description of the technique(s) + # + def translate_technique_index(index) + translation = '' + desc = ELEVATE_TECHNIQUE_DESCRIPTION.dup + desc.each {|e| e.gsub!(/^Service - /, '')} + + case index + when 0 + desc.shift + translation = desc + else + translation = [ ELEVATE_TECHNIQUE_DESCRIPTION[index] ] + end + + translation + end + + # # Attempt to elevate the meterpreter to that of local system. # @@ -73,17 +96,29 @@ class Console::CommandDispatcher::Priv::Elevate } if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length ) - print_error( "Technique '#{technique}' is out of range." ); + print_error( "Technique '#{technique}' is out of range." ) return false; end - result = client.priv.getsystem( technique ) + begin + result = client.priv.getsystem( technique ) + rescue Rex::Post::Meterpreter::RequestError => e + print_error("#{e.message} The following was attempted:") + translate_technique_index(technique).each do |desc| + print_error(desc) + end + elog("#{e.class} #{e.message} (Technique: #{technique})\n#{e.backtrace * "\n"}") + return + end # got system? if result[0] - print_line( "...got system (via technique #{result[1]})." ); + print_line( "...got system via technique #{result[1]} (#{translate_technique_index(result[1]).first})." ) else - print_line( "...failed to get system." ); + print_line( "...failed to get system while attempting the following:" ) + translate_technique_index(technique).each do |desc| + print_error(desc) + end end return result