Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate

Inherits:

Object

Object
Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate

show all

Includes:: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:: lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb

Overview

The local privilege escalation portion of the extension.

Constant Summary collapse

Klass =

Console::CommandDispatcher::Priv::Elevate

ELEVATE_TECHNIQUE_NONE =

-1

ELEVATE_TECHNIQUE_ANY =

ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE =

ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 =

ELEVATE_TECHNIQUE_SERVICE_TOKENDUP =

ELEVATE_TECHNIQUE_DESCRIPTION =

[ 	"All techniques available",
  "Service - Named Pipe Impersonation (In Memory/Admin)",
  "Service - Named Pipe Impersonation (Dropper/Admin)",
  "Service - Token Duplication (In Memory/Admin)"
]

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary collapse

#cmd_getsystem(*args) ⇒ Object

Attempt to elevate the meterpreter to that of local system.
#commands ⇒ Object

List of supported commands.
#name ⇒ Object

Name for this dispatcher.

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt

Instance Method Details

#cmd_getsystem(*args) ⇒ `Object`

Attempt to elevate the meterpreter to that of local system.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 51

def cmd_getsystem( *args )

  technique = ELEVATE_TECHNIQUE_ANY

  desc = ""
  ELEVATE_TECHNIQUE_DESCRIPTION.each_index { |i| desc += "\n\t\t#{i} : #{ELEVATE_TECHNIQUE_DESCRIPTION[i]}" }

  getsystem_opts = Rex::Parser::Arguments.new(
    "-h" => [ false, "Help Banner." ],
    "-t" => [ true, "The technique to use. (Default to \'#{technique}\')." + desc ]
  )

  getsystem_opts.parse(args) { | opt, idx, val |
    case opt
      when "-h"
        print_line( "Usage: getsystem [options]\n" )
        print_line( "Attempt to elevate your privilege to that of local system." )
        print_line( getsystem_opts.usage )
        return
      when "-t"
        technique = val.to_i
    end
  }

  if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length )
    print_error( "Technique '#{technique}' is out of range." );
    return false;
  end

  result = client.priv.getsystem( technique )

  # got system?
  if result[0]
    print_line( "...got system (via technique #{result[1]})." );
  else
    print_line( "...failed to get system." );
  end

  return result
end

#commands ⇒ `Object`

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 34

def commands
  {
    "getsystem" => "Attempt to elevate your privilege to that of local system."
  }
end

#name ⇒ `Object`

Name for this dispatcher.



43
44
45

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 43

def name
  "Priv: Elevate"
end