-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating screen_spy.rb to have a PID option for session migration #14994
Updating screen_spy.rb to have a PID option for session migration #14994
Conversation
Doing some documentation updates for the new changes but we will still need to update the output section to showcase the updated output when this module is run. |
…tegy with a PID migration strategy. Also update documentation accordingly
… the database isn't properly connected
2721dcc
to
54aa9d4
Compare
Sorry for the delay we ran into a potential issue on our codebase whilst testing this, give me a few seconds to confirm something and then I'll get this landed. |
No problem! Thanks for pushing this across the finish line. My weekend was busier than expected so I didn't get a chance to get the changes in. |
No problem glad I could help :) |
Alright appears the issue is likely related to some missing checks on some internal code and not related to this module per say. If we need to update this later on we can but considering this is updates to a module and not a new module in and of itself (aka we aren't introducing new code but rather improving it), I'm in favor of landing these updates and then doing further updates in the unlikely case that this module also needs to be updated. Will land this now. |
Release NotesUpdated the |
What this Does
Windows post module screen_spy currently auto migrates into explorer.exe before beginning to take screenshots of the victim's host machine. This PR adds the ability to specify a different process to migrate into as well as specify no process (empty string) in which case screenshots are taken in the context of the current process and no migration occurs.
Verification
List the steps needed to make sure this thing works
msfconsole
use post/windows/gather/screen_spy
session
(set session 1
)set PROCESS explorer.exe
)run
The image below captures running the post module both with and without a process to migrate into.