Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Adds a new findpids command to meterpreter #741

Closed
wants to merge 1 commit into from

2 participants

@dmaloney-r7
Collaborator

findpids calls client.sys.process.get_processes like ps
but then filters out any processes that do not match
one of the process names supplied as arguments to the command.
findpids explorer.exe notepad.exe will return all processes
named explorer.exe or notepad.exe Allows for quick searching for
the pid you want. ideal for migration

@dmaloney-r7 dmaloney-r7 Adds a new findpids command to meterpreter
findpids calls client.sys.process.get_processes like ps
but then filters out any processes that do not match
one of the process names supplied as arguments to the command.
`findpids explorer.exe notepad.exe` will return all processes
named explorer.exe or notepad.exe Allows for quick searching for
the pid you want. ideal for migration
a24bf87
@jlee-r7
Collaborator

I think I'd like to see the arguments as a regular expression.

Something like findpids .*svc.* would be neat

@dmaloney-r7
Collaborator

closing due to issues updating this branch, check PR #768

@dmaloney-r7 dmaloney-r7 closed this
@jlee-r7 jlee-r7 referenced this pull request
Closed

Findpids #950

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 30, 2012
  1. @dmaloney-r7

    Adds a new findpids command to meterpreter

    dmaloney-r7 authored
    findpids calls client.sys.process.get_processes like ps
    but then filters out any processes that do not match
    one of the process names supplied as arguments to the command.
    `findpids explorer.exe notepad.exe` will return all processes
    named explorer.exe or notepad.exe Allows for quick searching for
    the pid you want. ideal for migration
This page is out of date. Refresh to see the latest.
View
30 lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -58,6 +58,7 @@ def commands
"getuid" => "Get the user that the server is running as",
"kill" => "Terminate a process",
"ps" => "List running processes",
+ "findpids" => "Find Processes by name",
"reboot" => "Reboots the remote computer",
"reg" => "Modify and interact with the remote registry",
"rev2self" => "Calls RevertToSelf() on the remote machine",
@@ -75,6 +76,7 @@ def commands
"getuid" => [ "stdapi_sys_config_getuid" ],
"kill" => [ "stdapi_sys_process_kill" ],
"ps" => [ "stdapi_sys_process_get_processes" ],
+ "findpids" => [ "stdapi_sys_process_get_processes" ],
"reboot" => [ "stdapi_sys_power_exitwindows" ],
"reg" => [
"stdapi_registry_load_key",
@@ -284,6 +286,34 @@ def cmd_ps(*args)
return true
end
+ def cmd_findpids(*args)
+ if args.empty? or args.include? "-h"
+ print_line "You must supply one or more process name to search for"
+ print_line "e.g. findpids explorer.exe notepad.exe"
+ return true
+ end
+ processes = client.sys.process.get_processes
+ if (processes.length == 0)
+ print_line("No running processes were found.")
+ else
+ searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+ processes.each do |proc|
+ if args.include? proc["name"]
+ searched_procs << proc
+ end
+ end
+ searched_procs.compact!
+ if searched_procs.length == 0
+ print_line("No running processes were found matching the supplied names.")
+ else
+ print_line
+ print_line(searched_procs.to_table("Indent" => 1).to_s)
+ print_line
+ end
+ end
+ return true
+ end
+
#
# Reboots the remote computer.
#
Something went wrong with that request. Please try again.