Knowledge Base

Ask A Question



Metasploit: Is there AutoMigrate Flag in MsfPayload? Any Alternative? [engr.ali]

Hello everyone! Before I pose my questions, I would like to introduce myself. I am a computer systems Engineer, more interested in Information Security, thus recently qualified to become a Certified Security Analyst. However I'm still learning and I have been playing with Metasploit for quite some time now. I have been through all its internal frameworks, and I wouldn't be surprised to see this as a new Wonder of this world. Simply Fascinating. I'll come straight to my question now. I agree that most of the attacks today are Client-Side attacks. Infecting Word/PDF documents is probably the best way to get into a network, but my query was about AutoMigration. Since an attacker may miss a session migration, and the document most likely will be closed within the next few seconds, obviously one cannot stay 24/7 waiting for a session to come up, and then run `-PS` to list the running processes because the command `-Migrate` itself does not take 'Name of a Process' but instead takes the 'PID' of that Process, and after all, there might be privilege escalation before all this and etc. So my question was to ask whether it's possible to AutoMigrate a Payload the moment it's run? If not, what are the alternatives to this? Since it won't be of much use infecting a page which the client closes in ~5 seconds. If scripts are the only way, how do I embed/encode that script in the MsfPayload command? Thank you and grateful for any suggestions.

Posted by Edward Sheehy about a year ago