Skip to content

Commit 2ebe2fa

Browse files
committed
Merge branch 'rapid7' into bug/rm7037-hash-iteration
2 parents 26a145e + 8a4fb07 commit 2ebe2fa

File tree

5 files changed

+12
-5
lines changed

5 files changed

+12
-5
lines changed

lib/msf/core/exploit/realport.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ def realport_recv_banner(port=0, timeout=30, max_data=4096)
133133
banner
134134
end
135135

136-
def realport_send(port=0, data)
136+
def realport_send(port=0, data="")
137137
sock.put( [port].pack("C") + data )
138138
end
139139

lib/msf/core/exploit/winrm.rb

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -323,6 +323,12 @@ def target_url
323323
end
324324
end
325325

326+
def wmi_namespace
327+
return datastore['NAMESPACE'] if datastore['NAMESPACE']
328+
return @namespace_override if @namespace_override
329+
return "/root/cimv2/"
330+
end
331+
326332

327333
private
328334

@@ -433,7 +439,7 @@ def winrm_header(data)
433439
def winrm_uri_action(type)
434440
case type
435441
when "wql"
436-
return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/*</w:ResourceURI>
442+
return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{wmi_namespace}*</w:ResourceURI>
437443
<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
438444
when "create_shell"
439445
return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>

modules/auxiliary/scanner/winrm/winrm_wql.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,8 @@ def initialize
4040
[
4141
OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
4242
OptString.new('USERNAME', [ true, "The username to authenticate as"]),
43-
OptString.new('PASSWORD', [ true, "The password to authenticate with"])
43+
OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
44+
OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
4445
], self.class)
4546
end
4647

modules/exploits/windows/winrm/winrm_script_exec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
2222

2323
def initialize(info = {})
2424
super(update_info(info,
25-
'Name' => 'WinRM VBS Remote Code Execution',
25+
'Name' => 'WinRM Script Exec Remote Code Execution',
2626
'Description' => %q{
2727
This module uses valid credentials to login to the WinRM service
2828
and execute a payload. It has two available methods for payload

modules/post/windows/manage/smart_migrate.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post
1616

1717
def initialize(info={})
1818
super( update_info( info,
19-
'Name' => 'Windows Manage Process Migration',
19+
'Name' => 'Windows Manage Smart Process Migration',
2020
'Description' => %q{ This module will migrate a Meterpreter session.
2121
It will first attempt to migrate to winlogon.exe . If that fails it will
2222
then look at all of the explorer.exe processes. If there is one that exists

0 commit comments

Comments
 (0)