版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/CosmopolitanMe/article/details/88345051
message_box.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Windows::Registry
include Msf::Post::Windows::Powershell
def initialize(info={})
super(update_info(info,
'Name' => "Windows Message Box",
'Description' => %q{
Show a MessageBox in desktop.
},
'License' => MSF_LICENSE,
'Platform' => ['win'],
'SessionTypes' => ['meterpreter'],
'Author' => ['cosmop01tain']
))
register_options(
[
OptString.new( 'TEXT', [true, 'Message Box content']),
OptString.new( 'CAPTION', [true, 'Message Box caption'])
])
end
#
# RAILGUN HELPER FUNCTIONS
#
def is_86
pid = session.sys.process.open.pid
return session.sys.process.each_process.find { |i| i["pid"] == pid} ["arch"] == "x86"
end
def add_railgun_messagebox
if client.railgun.libraries.find_all {|d| d.first == 'user32'}.empty?
session.railgun.add_dll('user32','user32')
session.railgun.add_function(
'user32', 'MessageBoxW', 'DWORD',
[
#['DWORD', 'pCaller', 'in'],
['pBLOB','hWnd','in']
['PWCHAR','szText','in'],
['PWCHAR','szCaption','in'],
['DWORD','dwType','in'],
#['PBLOB','lpfnCB','inout']
])
vprint_good("user32 loaded and configured")
else
vprint_status("user32 already loaded")
end
end
def run
#check for meterpreter and version of ie
if session.type != "meterpreter" and session.platform !~ /win/
print_error("This module only works with Windows Meterpreter sessions")
return 0
end
#print_status(session.sys.config.getenv("TEMP"))
#print_status(datastore['TEXT'])
content = datastore['TEXT']
caption = datastore['CAPTION']
client.railgun.user32.MessageBoxW(0,content,caption,0)
end
end
复制到msf post/windows/gather目录下,msfconsole进入,然后执行reload_all
使用 use post/windows/gather/message_box
set caption kkk
set text kkk
run