Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate
- Inherits:
-
Object
- Object
- Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Elevate
- Defined in:
- lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
Overview
The local privilege escalation portion of the extension.
Constant Summary collapse
- Klass =
Console::CommandDispatcher::Priv::Elevate
- ELEVATE_TECHNIQUE_NONE =
-1
- ELEVATE_TECHNIQUE_ANY =
0
- ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE =
1
- ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2 =
2
- ELEVATE_TECHNIQUE_SERVICE_TOKENDUP =
3
- ELEVATE_TECHNIQUE_DESCRIPTION =
[ "All techniques available", "Named Pipe Impersonation (In Memory/Admin)", "Named Pipe Impersonation (Dropper/Admin)", "Token Duplication (In Memory/Admin)" ]
Instance Attribute Summary
Attributes included from Ui::Text::DispatcherShell::CommandDispatcher
Instance Method Summary collapse
-
#cmd_getsystem(*args) ⇒ Object
Attempt to elevate the meterpreter to that of local system.
-
#commands ⇒ Object
List of supported commands.
-
#name ⇒ Object
Name for this dispatcher.
-
#translate_technique_index(index) ⇒ Object
Returns the description of the technique(s).
Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher
check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash
Methods included from Ui::Text::DispatcherShell::CommandDispatcher
#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt
Instance Method Details
#cmd_getsystem(*args) ⇒ Object
Attempt to elevate the meterpreter to that of local system.
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 73 def cmd_getsystem( *args ) technique = ELEVATE_TECHNIQUE_ANY desc = "" ELEVATE_TECHNIQUE_DESCRIPTION.each_index { |i| desc += "\n\t\t#{i} : #{ELEVATE_TECHNIQUE_DESCRIPTION[i]}" } getsystem_opts = Rex::Parser::Arguments.new( "-h" => [ false, "Help Banner." ], "-t" => [ true, "The technique to use. (Default to \'#{technique}\')." + desc ] ) getsystem_opts.parse(args) { | opt, idx, val | case opt when "-h" print_line( "Usage: getsystem [options]\n" ) print_line( "Attempt to elevate your privilege to that of local system." ) print_line( getsystem_opts.usage ) return when "-t" technique = val.to_i end } if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length ) print_error( "Technique '#{technique}' is out of range." ) return false; end begin result = client.priv.getsystem( technique ) rescue Rex::Post::Meterpreter::RequestError => e print_error("#{e.} The following was attempted:") translate_technique_index(technique).each do |desc| print_error(desc) end elog("#{e.class} #{e.} (Technique: #{technique})\n#{e.backtrace * "\n"}") return end # got system? if result[0] print_line( "...got system via technique #{result[1]} (#{translate_technique_index(result[1]).first})." ) else print_line( "...failed to get system while attempting the following:" ) translate_technique_index(technique).each do |desc| print_error(desc) end end return result end |
#commands ⇒ Object
List of supported commands.
37 38 39 40 41 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 37 def commands { "getsystem" => "Attempt to elevate your privilege to that of local system." } end |
#name ⇒ Object
Name for this dispatcher.
46 47 48 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 46 def name "Priv: Elevate" end |
#translate_technique_index(index) ⇒ Object
Returns the description of the technique(s)
54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb', line 54 def translate_technique_index(index) translation = '' case index when 0 desc = ELEVATE_TECHNIQUE_DESCRIPTION.dup desc.shift translation = desc else translation = [ ELEVATE_TECHNIQUE_DESCRIPTION[index] ] end translation end |