Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate

Inherits:

Object

Object
Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate

show all

Includes:: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:: lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb

Overview

The local privilege escalation portion of the extension.

Constant Summary collapse

Klass =

Console::CommandDispatcher::Priv::Elevate

ELEVATE_TECHNIQUE_NONE =

-1

ELEVATE_TECHNIQUE_ANY =

ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE =

ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 =

ELEVATE_TECHNIQUE_SERVICE_TOKENDUP =

ELEVATE_TECHNIQUE_VULN_KITRAP0D =

ELEVATE_TECHNIQUE_DESCRIPTION =

[ 	"All techniques available",
	"Service - Named Pipe Impersonation (In Memory/Admin)",
	"Service - Named Pipe Impersonation (Dropper/Admin)",
	"Service - Token Duplication (In Memory/Admin)",
	"Exploit - KiTrap0D (In Memory/User)"
]

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary collapse

#cmd_getsystem(*args) ⇒ Object

Attempt to elevate the meterpreter to that of local system.
#commands ⇒ Object

List of supported commands.
#name ⇒ Object

Name for this dispatcher.

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #tab_complete_filenames, #update_prompt

Instance Method Details

#cmd_getsystem(*args) ⇒ `Object`

Attempt to elevate the meterpreter to that of local system.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 53

def cmd_getsystem( *args )

	technique = ELEVATE_TECHNIQUE_ANY

	desc = ""
	ELEVATE_TECHNIQUE_DESCRIPTION.each_index { |i| desc += "\n\t\t#{i} : #{ELEVATE_TECHNIQUE_DESCRIPTION[i]}" }

	getsystem_opts = Rex::Parser::Arguments.new(
		"-h" => [ false, "Help Banner." ],
		"-t" => [ true, "The technique to use. (Default to \'#{technique}\')." + desc ]
	)

	getsystem_opts.parse(args) { | opt, idx, val |
		case opt
			when "-h"
				print_line( "Usage: getsystem [options]\n" )
				print_line( "Attempt to elevate your privilege to that of local system." )
				print_line( getsystem_opts.usage )
				return
			when "-t"
				technique = val.to_i
		end
	}

	if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length )
		print_error( "Technique '#{technique}' is out of range." );
		return false;
	end

	result = client.priv.getsystem( technique )

	# got system?
	if result[0]
		print_line( "...got system (via technique #{result[1]})." );
	else
		print_line( "...failed to get system." );
	end

	return result
end

#commands ⇒ `Object`

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 36

def commands
	{
		"getsystem" => "Attempt to elevate your privilege to that of local system."
	}
end

#name ⇒ `Object`

Name for this dispatcher.



45
46
47

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 45

def name
	"Priv: Elevate"
end