module

Windows Manage Privilege Based Process Migration

Disclosed
N/A
Created
May 30, 2018

Description

This module will migrate a Meterpreter session based on session privileges.
It will do everything it can to migrate, including spawning a new User level process.
For sessions with Admin rights: It will try to migrate into a System level process in the following
order: ANAME (if specified), services.exe, wininit.exe, svchost.exe, lsm.exe, lsass.exe, and winlogon.exe.
If all these fail and NOFAIL is set to true, it will fall back to User level migration. For sessions with User level rights:
It will try to migrate to a user level process, if that fails it will attempt to spawn the process
then migrate to it. It will attempt the User level processes in the following order:
NAME (if specified), explorer.exe, then notepad.exe.

Authors

Josh Hale "sn0wfa11" jhale85446@gmail.com
theLightCosine theLightCosine@metasploit.com

Platform

Windows

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


msf > use post/windows/manage/priv_migrate
msf post(priv_migrate) > show actions
...actions...
msf post(priv_migrate) > set ACTION < action-name >
msf post(priv_migrate) > show options
...show and set options...
msf post(priv_migrate) > run

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.