Merge branch 'rapid7' into bug/rm7037-hash-iteration

2012-11-07 19:27:11 -06:00 · 2012-11-07 19:27:11 -06:00 · 2ebe2fa08e
parent 26a145e527 8a4fb07a0c
commit 2ebe2fa08e
5 changed files with 12 additions and 5 deletions
--- a/lib/msf/core/exploit/realport.rb
+++ b/lib/msf/core/exploit/realport.rb
@ -133,7 +133,7 @@ module Exploit::Remote::RealPort
 		banner
 	end

-	def realport_send(port=0, data)
+	def realport_send(port=0, data="")
 		sock.put( [port].pack("C") + data )
 	end

--- a/lib/msf/core/exploit/winrm.rb
+++ b/lib/msf/core/exploit/winrm.rb
@ -323,6 +323,12 @@ module Exploit::Remote::WinRM
 		end
 	end

+	def wmi_namespace
+		return datastore['NAMESPACE'] if datastore['NAMESPACE']
+		return @namespace_override if @namespace_override
+		return "/root/cimv2/"
+	end
+

 	private

@ -433,7 +439,7 @@ module Exploit::Remote::WinRM
 	def winrm_uri_action(type)
 		case type
 		when "wql"
-			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/*</w:ResourceURI>
+			return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{wmi_namespace}*</w:ResourceURI>
 			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
 		when "create_shell"
 			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
--- a/modules/auxiliary/scanner/winrm/winrm_wql.rb
+++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb
@ -40,7 +40,8 @@ class Metasploit3 < Msf::Auxiliary
 			[
 				OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
 				OptString.new('USERNAME', [ true, "The username to authenticate as"]),
-				OptString.new('PASSWORD', [ true, "The password to authenticate with"])
+				OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
+				OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
 			], self.class)
 	end

--- a/modules/exploits/windows/winrm/winrm_script_exec.rb
+++ b/modules/exploits/windows/winrm/winrm_script_exec.rb
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'WinRM VBS Remote Code Execution',
+			'Name'           => 'WinRM Script Exec Remote Code Execution',
 			'Description'    => %q{
 					This module uses valid credentials to login to the WinRM service
 					and execute a payload. It has two available methods for payload
--- a/modules/post/windows/manage/smart_migrate.rb
+++ b/modules/post/windows/manage/smart_migrate.rb
@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post

 	def initialize(info={})
 		super( update_info( info,
-			'Name'          => 'Windows Manage Process Migration',
+			'Name'          => 'Windows Manage Smart Process Migration',
 			'Description'   => %q{ This module will migrate a Meterpreter session.
 				It will first attempt to migrate to winlogon.exe . If that fails it will
 				then look at all of the explorer.exe processes. If there is one that exists