Updating screen_spy.rb to have a PID option for session migration #14994
Conversation
archcloudlabs
changed the title
|
Doing some documentation updates for the new changes but we will still need to update the output section to showcase the updated output when this module is run. |
…tegy with a PID migration strategy. Also update documentation accordingly
… the database isn't properly connected
gwillcox-r7
force-pushed
the
updating-screenspy-specify-migration-proc
branch
from
2721dcc
to
54aa9d4
Compare
|
Sorry for the delay we ran into a potential issue on our codebase whilst testing this, give me a few seconds to confirm something and then I'll get this landed. |
No problem! Thanks for pushing this across the finish line. My weekend was busier than expected so I didn't get a chance to get the changes in. |
No problem glad I could help :) |
|
Alright appears the issue is likely related to some missing checks on some internal code and not related to this module per say. If we need to update this later on we can but considering this is updates to a module and not a new module in and of itself (aka we aren't introducing new code but rather improving it), I'm in favor of landing these updates and then doing further updates in the unlikely case that this module also needs to be updated. Will land this now. |
gwillcox-r7
changed the title
Release NotesUpdated the |
What this Does
Windows post module screen_spy currently auto migrates into explorer.exe before beginning to take screenshots of the victim's host machine. This PR adds the ability to specify a different process to migrate into as well as specify no process (empty string) in which case screenshots are taken in the context of the current process and no migration occurs.
Verification
List the steps needed to make sure this thing works
msfconsoleuse post/windows/gather/screen_spysession(set session 1)set PROCESS explorer.exe)runThe image below captures running the post module both with and without a process to migrate into.