Land #8330, fix ps_wmi_exec and psh staging

rapid7 · May 13, 2017 · f39e378 · f39e378
2 parents 405f2c6 + 3cbeebe
commit f39e378
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/msf/core/post/windows/powershell.rb b/lib/msf/core/post/windows/powershell.rb
@@ -127,7 +127,7 @@ def stage_cmd_env(compressed_script, env_suffix = Rex::Text.rand_text_alpha(8))
           count = 8000
           while index < compressed_script.size - 1
             # Define random, but serialized variable name
-            env_prefix = format("%05d%s", ((index + 8000) / 8000), env_suffix)
+            env_variable = format("%05d%s", ((index + 8000) / 8000), env_suffix)
 
             # Create chunk
             chunk = compressed_script[index, count]

diff --git a/modules/exploits/windows/local/ps_wmi_exec.rb b/modules/exploits/windows/local/ps_wmi_exec.rb
@@ -80,7 +80,7 @@ def build_script
       sleep_time = rand(5)+5
       psh_payload  = "function #{fun_name}{#{psh_payload}};while(1){Start-Sleep -s #{sleep_time};#{fun_name};1}"
     end
-    psh_payload = compress_script(psh_payload_raw, eof)
+    psh_payload = encode_script(compress_script(psh_payload_raw, eof), eof)
     # WMI exec function - this is going into powershell.rb after pull 701 is commited
     script = ps_wmi_exec(run_opts)
     # Build WMI exec calls to every host into the script to reduce PS instances