Getsystem on Windows

[jabra-]

It would be great if the Java meterpreter could have the ability to getsystem when it is deployed on a Windows system.

This is very useful when exploiting Java based vulnerabilities in the browser.

[schierlm]

I'd phrase it differently. It would be great if Metasploit could automatically detect that the currently deployed Meterpreter (be it Java or PHP or Python) does not support a command and transparently upgrade it to a Meterpreter version that does (if an upgrade path is available). I think this is not only useful from Java->win, but also PHP->win, and even POSIX->java (record_mic or screenshot for example). Of course it has to fail gracefully in case the upgraded Meterpreter is detected by AV or IPS :)

But I guess this is too much to ask for, so I'll continue dreaming...

[kernelsmith]

My only concern with that is having upgrades occur unknowingly, which may sometimes mean unwanted, like in the case of triggering AV etc as you mention. I would suggest such a feature be non-default behavior, maybe have an Option to enable such functionality. Seems like a wrapper method like upgrade_path_avail?(payload = “meterpreter”) or some such could be implemented.

On Jul 30, 2014, at 11:37 AM, Michael Schierl notifications@github.com wrote:

I'd phrase it differently. It would be great if Metasploit could automatically detect that the currently deployed Meterpreter (be it Java or PHP or Python) does not support a command and transparently upgrade it to a Meterpreter version that does (if an upgrade path is available). I think this is not only useful from Java->win, but also PHP->win, and even POSIX->java (record_mic or screenshot for example). Of course it has to fail gracefully in case the upgraded Meterpreter is detected by AV or IPS :)

But I guess this is too much to ask for, so I'll continue dreaming...

—
Reply to this email directly or view it on GitHub.