Metasploit mailing list archives
Meterpreter script to auto-migrate
From: natron at invisibledenizen.org (natron)
Date: Sat, 13 Dec 2008 09:53:08 -0600
I think this may be a combination of two bugs, one is known and labeled in the code, but I think the other one is new. 1) When I run it with AutoRunScript it hangs on the client.sys.process.execute call. Is it possible that something with the client object isn't set up until you do an "interact -i #"? It works almost 100% of the time for me within a session. If that's it, would it be possible to manually set up the client object somehow? 2) Regarding the migrate code, it was apparently never intended to be ultra reliable. The code for it is located in http://metasploit.com/svn/framework3/trunk/lib/rex/post/meterpreter/client_core.rb. It uses a hardcoded library for injection and contains the following: # FIXME: This is just here for a proof of concept. This should use something # else to grab the payload at some point. I'm betting that whatever's hardcoded in that block doesn't work in all environments. Regarding DEP, I'm running SP3 and also have hardware DEP enabled, and it runs just fine within a session. So dunno there. n On Sat, Dec 13, 2008 at 8:54 AM, Lukas Kuzmiak <metasploit at backstep.net> wrote:
Hi, great idea! However, i'm having some problems with migrations at all .. If I run "migrate <pid>" or "run <your script>" in meterpreter session, IE crashes and migration wont be completed, it looks like: meterpreter > migrate 1076 [*] Migrating to 1076... or [*] Launching hidden cmd.exe... [*] Process 4988 created. [*] Current process is iexplore.exe (4768). Migrating to 4988. anyone knows if its possible to fix this? another problem is with AutoRunScript and launch_and_migrate.rb, while I run it from meterpreter session manually, it launches cmd.exe without problems, but if i try to run it via AutoRunScript it hangs on [*] Launching hidden cmd.exe... and that's all .. whole session is gone :) however fe. scraper.rb runs without problems, but it takes too long to do something, everyone will kill that frozen IE :) thanks for any advices. lukash On Fri, Dec 12, 2008 at 11:44 PM, natron <natron at invisibledenizen.org> wrote:Playing with the new ie_xml_corruption module, I needed a way to automatically migrate outside of the current process (iexplore.exe), because iexplore locks up on exploitation. Should a user taskkill iexplore.exe, I didn't want to lose the session. Additionally, if meterpreter crashes (or you close it), it'll kill the whole process, so you don't want to migrate to an existing process automatically (e.g. scripts/meterpreter/migrate.rb). If anyone else would find this useful: http://sites.google.com/a/invisibledenizen.org/upload/asdf/launch_and_migrate.rb http://blog.invisibledenizen.org/2008/12/automatic-migration-to-new-process-with.html Also, I was unable to get the advanced AutoRunScript option to work on Windows with this script. Has anyone successfully used this on Windows? I'm suspecting some path issues ("\\", "\", or "/".. relative vs absolute, etc). -n run launch_and_migrate [*] Launching hidden cmd.exe... [*] Process 2340 created. [*] Current process is IEXPLORE.EXE (4520). Migrating to 2340. [*] Migration completed successfully. [*] New server process: cmd.exe (2340) [*] Old process 4520 killed. run launch_and_migrate mspaint.exe [*] Launching hidden mspaint.exe... [*] Process 5420 created. [*] Current process is cmd.exe (2340). Migrating to 5420. [*] Migration completed successfully. [*] New server process: mspaint.exe (5420) [*] Old process 2340 killed. _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework-- Only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world mirror it ;). Torvalds, Linus (1996-07-20).
Current thread:
- Meterpreter script to auto-migrate natron (Dec 12)
- Meterpreter script to auto-migrate Carlos PĂ©rez (Dec 12)
- Meterpreter script to auto-migrate Lukas Kuzmiak (Dec 13)
- Meterpreter script to auto-migrate jeffs (Dec 13)
- Meterpreter script to auto-migrate natron (Dec 13)
- Meterpreter script to auto-migrate H D Moore (Dec 13)
- Meterpreter script to auto-migrate H D Moore (Dec 13)
- Meterpreter script to auto-migrate natron (Dec 13)
- Meterpreter script to auto-migrate Lukas Kuzmiak (Dec 13)