Metasploit mailing list archives
Meterpreter script to auto-migrate
From: natron at invisibledenizen.org (natron)
Date: Fri, 12 Dec 2008 16:44:57 -0600
Playing with the new ie_xml_corruption module, I needed a way to automatically migrate outside of the current process (iexplore.exe), because iexplore locks up on exploitation. Should a user taskkill iexplore.exe, I didn't want to lose the session. Additionally, if meterpreter crashes (or you close it), it'll kill the whole process, so you don't want to migrate to an existing process automatically (e.g. scripts/meterpreter/migrate.rb). If anyone else would find this useful: http://sites.google.com/a/invisibledenizen.org/upload/asdf/launch_and_migrate.rb http://blog.invisibledenizen.org/2008/12/automatic-migration-to-new-process-with.html Also, I was unable to get the advanced AutoRunScript option to work on Windows with this script. Has anyone successfully used this on Windows? I'm suspecting some path issues ("\\", "\", or "/".. relative vs absolute, etc). -n run launch_and_migrate [*] Launching hidden cmd.exe... [*] Process 2340 created. [*] Current process is IEXPLORE.EXE (4520). Migrating to 2340. [*] Migration completed successfully. [*] New server process: cmd.exe (2340) [*] Old process 4520 killed. run launch_and_migrate mspaint.exe [*] Launching hidden mspaint.exe... [*] Process 5420 created. [*] Current process is cmd.exe (2340). Migrating to 5420. [*] Migration completed successfully. [*] New server process: mspaint.exe (5420) [*] Old process 2340 killed.
Current thread:
- Meterpreter script to auto-migrate natron (Dec 12)
- Meterpreter script to auto-migrate Carlos PĂ©rez (Dec 12)
- Meterpreter script to auto-migrate Lukas Kuzmiak (Dec 13)
- Meterpreter script to auto-migrate jeffs (Dec 13)
- Meterpreter script to auto-migrate natron (Dec 13)
- Meterpreter script to auto-migrate H D Moore (Dec 13)
- Meterpreter script to auto-migrate H D Moore (Dec 13)
- Meterpreter script to auto-migrate natron (Dec 13)
- Meterpreter script to auto-migrate Lukas Kuzmiak (Dec 13)