Skip to content
Permalink
Browse files

Land #12072, cmd_psh_payload arch string fixes

  • Loading branch information...
wvu-r7 committed Jul 10, 2019
2 parents c5032df + e6300bf commit cd3ffb92efd76771cab278f90e7b287417b285a8
@@ -88,7 +88,11 @@ def exploit
when :unix_memory
sploit.sub!(PLACEHOLDER_COMMAND, payload.encoded)
when :psh_memory
psh = cmd_psh_payload(payload.encoded, payload.arch, remove_comspec: true)
psh = cmd_psh_payload(
payload.encoded,
payload.arch.first,
remove_comspec: true
)

# XXX: Payload space applies to the payload, not the PSH command
if psh.length > targets[0].payload_space
@@ -98,9 +98,16 @@ def execute_command(cmd, opts = {})
when :py_memory
%W{python -c #{cmd}}
when :psh_memory
opts = {remove_comspec: true, encode_final_payload: true}
payload ? cmd_psh_payload(cmd, payload.arch, opts).split :
%W{powershell.exe -c #{cmd}}
if payload
cmd_psh_payload(
cmd,
payload.arch.first,
remove_comspec: true,
encode_final_payload: true
)
else
%W{powershell.exe -c #{cmd}}
end
when :win_memory, :win_dropper
%W{cmd.exe /c #{cmd}}
end
@@ -104,7 +104,7 @@ def exploit
end

# payload formatted to fit dropped text file
payl = cmd_psh_payload(payload.encoded,payload.arch,{
payl = cmd_psh_payload(payload.encoded,payload.arch.first,{
encode_final_payload: false,
remove_comspec: true,
method: 'old'

0 comments on commit cd3ffb9

Please sign in to comment.
You can’t perform that action at this time.