Update Admin target list and module description

sn0wfa11 · sn0wfa11 · commit 2f5dd389578c · 2017-02-27T20:19:59.000-06:00
diff --git a/modules/post/windows/manage/priv_migrate.rb b/modules/post/windows/manage/priv_migrate.rb
@@ -10,7 +10,7 @@ class MetasploitModule < Msf::Post
 
   include Msf::Post::Windows::Priv
 
-  DEFAULT_ADMIN_TARGETS = [ 'services.exe', 'winlogon.exe', 'wininit.exe', 'lsm.exe', 'lsass.exe' ]
+  DEFAULT_ADMIN_TARGETS = [ 'services.exe', 'wininit.exe', 'svchost.exe', 'lsm.exe', 'lsass.exe', 'winlogon.exe' ]
   DEFAULT_USER_TARGETS  = [ 'explorer.exe', 'notepad.exe' ]
 
   def initialize(info={})
@@ -19,8 +19,8 @@ def initialize(info={})
       'Description'   => %q{ This module will migrate a Meterpreter session based on session privileges.
          It will do everything it can to migrate, including spawing a new User level process.
          For sessions with Admin rights: It will try to migrate into a System level process in the following
-         order: ANAME (if specified), services.exe, winlogon.exe, wininit.exe, lsm.exe, and lsass.exe.
-         If all these fail, it will fall back to User level migration. For sessions with User level rights:
+         order: ANAME (if specified), services.exe, wininit.exe, svchost.exe, lsm.exe, lsass.exe, and winlogon.exe.
+         If all these fail and NOFAIL is set to true, it will fall back to User level migration. For sessions with User level rights:
          It will try to migrate to a user level process, if that fails it will attempt to spawn the process
          then migrate to it. It will attempt the User level processes in the following order:
          NAME (if specified), explorer.exe, then notepad.exe.},
@@ -39,7 +39,7 @@ def initialize(info={})
         OptString.new('ANAME',  [false, 'System process to migrate to. For sessions with Admin rights. (See Module Description.)']),
         OptString.new('NAME',   [false, 'Process to migrate to. For sessions with User rights. (See Module Description.)']),
         OptBool.new(  'KILL',   [true, 'Kill original session process.', false]),
-        OptBool.new(  'NOFAIL', [true,  'Migrate to user level process if Admin migration fails. May downgrade privileged shells.', false])
+        OptBool.new(  'NOFAIL', [true,  'Migrate to user level process if Admin migration fails. May downgrade privileged shells.', true])
       ], self.class)
   end
 
