Merge branch 'rapid7' into bug/rm7037-hash-iteration

egypt · egypt · commit 2ebe2fa08e49 · 2012-11-07T19:27:11.000-06:00
diff --git a/lib/msf/core/exploit/realport.rb b/lib/msf/core/exploit/realport.rb
@@ -133,7 +133,7 @@ def realport_recv_banner(port=0, timeout=30, max_data=4096)
 		banner
 	end
 
-	def realport_send(port=0, data)
+	def realport_send(port=0, data="")
 		sock.put( [port].pack("C") + data )
 	end
 
diff --git a/lib/msf/core/exploit/winrm.rb b/lib/msf/core/exploit/winrm.rb
@@ -323,6 +323,12 @@ def target_url
 		end
 	end
 
+	def wmi_namespace
+		return datastore['NAMESPACE'] if datastore['NAMESPACE']
+		return @namespace_override if @namespace_override
+		return "/root/cimv2/"
+	end
+
 
 	private
 
@@ -433,7 +439,7 @@ def winrm_header(data)
 	def winrm_uri_action(type)
 		case type
 		when "wql"
-			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/*</w:ResourceURI>
+			return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{wmi_namespace}*</w:ResourceURI>
 			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
 		when "create_shell"
 			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb
@@ -40,7 +40,8 @@ def initialize
 			[
 				OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
 				OptString.new('USERNAME', [ true, "The username to authenticate as"]),
-				OptString.new('PASSWORD', [ true, "The password to authenticate with"])
+				OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
+				OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
 			], self.class)
 	end
 
diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb
@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'WinRM VBS Remote Code Execution',
+			'Name'           => 'WinRM Script Exec Remote Code Execution',
 			'Description'    => %q{
 					This module uses valid credentials to login to the WinRM service
 					and execute a payload. It has two available methods for payload
diff --git a/modules/post/windows/manage/smart_migrate.rb b/modules/post/windows/manage/smart_migrate.rb
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post
 
 	def initialize(info={})
 		super( update_info( info,
-			'Name'          => 'Windows Manage Process Migration',
+			'Name'          => 'Windows Manage Smart Process Migration',
 			'Description'   => %q{ This module will migrate a Meterpreter session.
 				It will first attempt to migrate to winlogon.exe . If that fails it will
 				then look at all of the explorer.exe processes. If there is one that exists

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,8 @@ def initialize`
`40`	`40`	`[`
`41`	`41`	`OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),`
`42`	`42`	`OptString.new('USERNAME', [ true, "The username to authenticate as"]),`
`43`		`- OptString.new('PASSWORD', [ true, "The password to authenticate with"])`
	`43`	`+ OptString.new('PASSWORD', [ true, "The password to authenticate with"]),`
	`44`	`+ OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])`
`44`	`45`	`], self.class)`
`45`	`46`	`end`
`46`	`47`