Make getsystem more verbose

Resolves #4401
2015-07-01 20:49:14 -05:00 · 2015-07-01 20:49:14 -05:00 · caddf545c4
parent 32d5e7f3de
commit caddf545c4
1 changed files with 49 additions and 14 deletions
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
@ -23,11 +23,14 @@ class Console::CommandDispatcher::Priv::Elevate
  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 = 2
  ELEVATE_TECHNIQUE_SERVICE_TOKENDUP   = 3

-  ELEVATE_TECHNIQUE_DESCRIPTION = [ 	"All techniques available",
+  ELEVATE_TECHNIQUE_DESCRIPTION =
+    [
+      "All techniques available",
      "Service - Named Pipe Impersonation (In Memory/Admin)",
      "Service - Named Pipe Impersonation (Dropper/Admin)",
      "Service - Token Duplication (In Memory/Admin)"
    ]
+
  #
  # List of supported commands.
  #
@ -45,6 +48,26 @@ class Console::CommandDispatcher::Priv::Elevate
  end


+  #
+  # Returns the description of the technique(s)
+  #
+  def translate_technique_index(index)
+    translation = ''
+    desc = ELEVATE_TECHNIQUE_DESCRIPTION.dup
+    desc.each {|e| e.gsub!(/^Service - /, '')}
+
+    case index
+    when 0
+      desc.shift
+      translation = desc
+    else
+      translation = [ ELEVATE_TECHNIQUE_DESCRIPTION[index] ]
+    end
+
+    translation
+  end
+
+
  #
  # Attempt to elevate the meterpreter to that of local system.
  #
@ -73,17 +96,29 @@ class Console::CommandDispatcher::Priv::Elevate
    }

    if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length )
-      print_error( "Technique '#{technique}' is out of range." );
+      print_error( "Technique '#{technique}' is out of range." )
      return false;
    end

+    begin
      result = client.priv.getsystem( technique )
+    rescue Rex::Post::Meterpreter::RequestError => e
+      print_error("#{e.message} The following was attempted:")
+      translate_technique_index(technique).each do |desc|
+        print_error(desc)
+      end
+      elog("#{e.class} #{e.message} (Technique: #{technique})\n#{e.backtrace * "\n"}")
+      return
+    end

    # got system?
    if result[0]
-      print_line( "...got system (via technique #{result[1]})." );
+      print_line( "...got system via technique #{result[1]} (#{translate_technique_index(result[1]).first})." )
    else
-      print_line( "...failed to get system." );
+      print_line( "...failed to get system while attempting the following:" )
+      translate_technique_index(technique).each do |desc|
+        print_error(desc)
+      end
    end

    return result