Merge pull request #1 from bwatters-r7/land-7730

Please the rubocop gods (unless they are dumb)
bug/bundler_fix
Louis Nacfaire 2016-12-23 08:37:41 +11:00 committed by GitHub
commit d31846c5be
1 changed files with 76 additions and 73 deletions

View File

@ -1,6 +1,6 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -9,15 +9,18 @@ require 'msf/core/post/windows/powershell'
class MetasploitModule < Msf::Post
include Msf::Post::Windows::Powershell
def initialize(info={})
super( update_info( info,
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Windows \'Run As\' Using Powershell',
'Description' => %q{ This module will start a process as another user using powershell. },
'Description' => %q( This module will start a process as another user using powershell. ),
'License' => MSF_LICENSE,
'Author' => [ 'p3nt4' ],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
)
)
register_options(
[
OptString.new('USER', [true, 'User to run executable as', nil]),
@ -28,33 +31,33 @@ class MetasploitModule < Msf::Post
OptString.new('PATH', [true, 'Working Directory', 'C:\\']),
OptBool.new('CHANNELIZE', [true, 'Chanelize output, required for reading output or interracting', true]),
OptBool.new('INTERACTIVE', [true, 'Run interactively', true]),
OptBool.new('HIDDEN', [true, 'Hide the window', true]),
OptBool.new('HIDDEN', [true, 'Hide the window', true])
], self.class)
end
def run
raise "Powershell is required" if !have_powershell?
#Variable Setup
# Variable Setup
user = datastore['user']
pass = datastore['pass']
domain = datastore['domain']
exe = datastore['exe'].gsub("\\","\\\\\\\\")
exe = datastore['exe'].gsub("\\", "\\\\\\\\")
inter = datastore['interactive']
args = datastore['args']
path = datastore['path'].gsub("\\","\\\\\\\\")
path = datastore['path'].gsub("\\", "\\\\\\\\")
channelized = datastore['channelize']
hidden = datastore['hidden']
#Check if session is interactive
# Check if session is interactive
if (!session.interacting and inter)
print_error("Interactive mode can only be used in a meterpreter console")
print_error("Use 'run post/windows/manage/run_as_psh USER=x PASS=X EXE=X' or 'SET INTERACTIVE false'")
raise 'Invalide console'
end
#Prepare powershell script
# Prepare powershell script
scr = "$pw = convertto-securestring '#{pass}' -asplaintext -force; "
scr << "$pp = new-object -typename System.Management.Automation.PSCredential -argumentlist '#{domain}\\\\#{user}',$pw; "
scr << "Start-process '#{exe}' -WorkingDirectory '#{path}' -Credential $pp"
if args and args!=''
if (args and args != '')
scr << " -argumentlist '#{args}' "
end
if hidden
@ -62,7 +65,7 @@ class MetasploitModule < Msf::Post
scr << " -WindowStyle hidden"
end
scr = " -c \"#{scr}\""
#Execute script
# Execute script
p = client.sys.process.execute("powershell.exe", scr,
'Channelized' => channelized,
'Desktop' => false,
@ -73,7 +76,7 @@ class MetasploitModule < Msf::Post
'UseThreadToken' => false)
print_status("Process #{p.pid} created.")
print_status("Channel #{p.channel.cid} created.") if (p.channel)
#Process output
# Process output
if (inter and p.channel)
client.console.interact_with_channel(p.channel)
elsif p.channel