Skip to content

Add meterp message to send impersonation token back #747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 22, 2025
Merged

Add meterp message to send impersonation token back #747

merged 1 commit into from
May 22, 2025

Conversation

smashery
Copy link
Contributor

@smashery smashery commented May 13, 2025
edited
Loading

Provides a new meterpreter message to get a handle to the current thread impersonation token.

Implemented for rapid7/metasploit-framework#20180; and can be tested alongside that.

@smashery smashery mentioned this pull request May 13, 2025
Open
9 tasks
@smashery smashery marked this pull request as ready for review May 14, 2025 01:37
@smcintyre-r7 smcintyre-r7 self-assigned this May 21, 2025
@smcintyre-r7 smcintyre-r7 moved this to In Progress in Metasploit Kanban May 21, 2025
smcintyre-r7
smcintyre-r7 approved these changes May 22, 2025
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

meterpreter > getuid
Server username: NT AUTHORITY\NETWORK SERVICE
meterpreter > getsystem
WARNING: Local file /home/smcintyre/Repositories/metasploit-framework.pr/data/meterpreter/elevator.x64.dll is being used
...got system via technique 4 (Named Pipe Impersonation (RPCSS variant)).
meterpreter > load powershell
Loading extension powershell...WARNING: Local file /home/smcintyre/Repositories/metasploit-framework.pr/data/meterpreter/ext_server_powershell.x64.dll is being used
Success.
meterpreter > powershell_execute -h
Usage: powershell_execute <powershell code> [-s session-id]

Runs the given Powershell string on the target.

OPTIONS:

    -h   Help banner
    -s   Specify the id/name of the Powershell session to run the command in.

meterpreter > powershell_execute "Write-Output 'Hello, World'"
[!] Impersonation will not apply to PowerShell.
[+] Command execution completed:
Hello, World

meterpreter > powershell_shell
[!] Impersonation will not apply to PowerShell.
PS >

Tested in conjunction with the Framework PR.

@smcintyre-r7 smcintyre-r7 merged commit 1668f54 into rapid7:master May 22, 2025
31 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Metasploit Kanban May 22, 2025
zeroSteiner added a commit to zeroSteiner/metasploit-framework that referenced this pull request May 22, 2025
@zeroSteiner
Update metasploit-payloads gem to 2.0.221
2f82d66 
Includes changes from:
* rapid7/metasploit-payloads#738
* rapid7/metasploit-payloads#756
* rapid7/metasploit-payloads#711
* rapid7/metasploit-payloads#747
@zeroSteiner zeroSteiner mentioned this pull request May 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcintyre-r7 smcintyre-r7 smcintyre-r7 approved these changes

Assignees

@smcintyre-r7 smcintyre-r7

Labels
None yet
Projects
Metasploit Kanban
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@smashery @smcintyre-r7