Land rapid7#5646 : Make getsystem more verbose

OJ · OJ · commit 55ed18412cc9 · 2015-07-02T13:40:11.000+10:00
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
@@ -17,17 +17,20 @@ class Console::CommandDispatcher::Priv::Elevate
 
   include Console::CommandDispatcher
 
-  ELEVATE_TECHNIQUE_NONE					= -1
-  ELEVATE_TECHNIQUE_ANY					= 0
-  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE		= 1
-  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2	= 2
-  ELEVATE_TECHNIQUE_SERVICE_TOKENDUP		= 3
-
-  ELEVATE_TECHNIQUE_DESCRIPTION = [ 	"All techniques available",
-                    "Service - Named Pipe Impersonation (In Memory/Admin)",
-                    "Service - Named Pipe Impersonation (Dropper/Admin)",
-                    "Service - Token Duplication (In Memory/Admin)"
-                  ]
+  ELEVATE_TECHNIQUE_NONE               = -1
+  ELEVATE_TECHNIQUE_ANY                = 0
+  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE  = 1
+  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 = 2
+  ELEVATE_TECHNIQUE_SERVICE_TOKENDUP   = 3
+
+  ELEVATE_TECHNIQUE_DESCRIPTION =
+    [
+      "All techniques available",
+      "Named Pipe Impersonation (In Memory/Admin)",
+      "Named Pipe Impersonation (Dropper/Admin)",
+      "Token Duplication (In Memory/Admin)"
+    ]
+
   #
   # List of supported commands.
   #
@@ -45,6 +48,25 @@ def name
   end
 
 
+  #
+  # Returns the description of the technique(s)
+  #
+  def translate_technique_index(index)
+    translation = ''
+
+    case index
+    when 0
+      desc = ELEVATE_TECHNIQUE_DESCRIPTION.dup
+      desc.shift
+      translation = desc
+    else
+      translation = [ ELEVATE_TECHNIQUE_DESCRIPTION[index] ]
+    end
+
+    translation
+  end
+
+
   #
   # Attempt to elevate the meterpreter to that of local system.
   #
@@ -73,17 +95,29 @@ def cmd_getsystem( *args )
     }
 
     if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length )
-      print_error( "Technique '#{technique}' is out of range." );
+      print_error( "Technique '#{technique}' is out of range." )
       return false;
     end
 
-    result = client.priv.getsystem( technique )
+    begin
+      result = client.priv.getsystem( technique )
+    rescue Rex::Post::Meterpreter::RequestError => e
+      print_error("#{e.message} The following was attempted:")
+      translate_technique_index(technique).each do |desc|
+        print_error(desc)
+      end
+      elog("#{e.class} #{e.message} (Technique: #{technique})\n#{e.backtrace * "\n"}")
+      return
+    end
 
     # got system?
     if result[0]
-      print_line( "...got system (via technique #{result[1]})." );
+      print_line( "...got system via technique #{result[1]} (#{translate_technique_index(result[1]).first})." )
     else
-      print_line( "...failed to get system." );
+      print_line( "...failed to get system while attempting the following:" )
+      translate_technique_index(technique).each do |desc|
+        print_error(desc)
+      end
     end
 
     return result
