Land rapid7#8330, fix ps_wmi_exec and psh staging

zeroSteiner · zeroSteiner · commit f39e3784965e · 2017-05-13T14:26:47.000-04:00
diff --git a/lib/msf/core/post/windows/powershell.rb b/lib/msf/core/post/windows/powershell.rb
@@ -127,7 +127,7 @@ def stage_cmd_env(compressed_script, env_suffix = Rex::Text.rand_text_alpha(8))
           count = 8000
           while index < compressed_script.size - 1
             # Define random, but serialized variable name
-            env_prefix = format("%05d%s", ((index + 8000) / 8000), env_suffix)
+            env_variable = format("%05d%s", ((index + 8000) / 8000), env_suffix)
 
             # Create chunk
             chunk = compressed_script[index, count]
diff --git a/modules/exploits/windows/local/ps_wmi_exec.rb b/modules/exploits/windows/local/ps_wmi_exec.rb
@@ -80,7 +80,7 @@ def build_script
       sleep_time = rand(5)+5
       psh_payload  = "function #{fun_name}{#{psh_payload}};while(1){Start-Sleep -s #{sleep_time};#{fun_name};1}"
     end
-    psh_payload = compress_script(psh_payload_raw, eof)
+    psh_payload = encode_script(compress_script(psh_payload_raw, eof), eof)
     # WMI exec function - this is going into powershell.rb after pull 701 is commited
     script = ps_wmi_exec(run_opts)
     # Build WMI exec calls to every host into the script to reduce PS instances
