diff --git a/lib/msf/core/exploit/smb/psexec.rb b/lib/msf/core/exploit/smb/psexec.rb index c7bbc17ec3..486b696702 100644 --- a/lib/msf/core/exploit/smb/psexec.rb +++ b/lib/msf/core/exploit/smb/psexec.rb @@ -53,7 +53,10 @@ module Exploit::Remote::SMB::Psexec # @param command [String] Should be a valid windows command # @param disconnect [Boolean] Disconnect afterwards # @return [Boolean] Whether everything went well - def psexec(command, disconnect=true) + def psexec(command, disconnect=true, servicename=nil, displayname=nil) + servicename ||= Rex::Text.rand_text_alpha(11) + displayname ||= Rex::Text.rand_text_alpha(16) + simple.connect("\\\\#{datastore['RHOST']}\\IPC$") handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"]) vprint_status("#{peer} - Binding to #{handle} ...") @@ -71,8 +74,7 @@ module Exploit::Remote::SMB::Psexec print_error("#{peer} - Error getting scm handle: #{e}") return false end - servicename = Rex::Text.rand_text_alpha(11) - displayname = Rex::Text.rand_text_alpha(16) + svc_handle = nil svc_status = nil stubdata =