42 lines
1 KiB
PostScript
42 lines
1 KiB
PostScript
if ($argc < 3) {
|
|
echo "Usage: $argv[0] <IP to scan> <port> (either 139 or 445)";
|
|
echo "You provided $argc arguments";
|
|
return false;
|
|
}
|
|
|
|
string $scriptsdir = GetEnv("SCRIPTSDIR");
|
|
|
|
# D:\OPSDisk\Resources\EP\Scripts\
|
|
string $emthexe = "$scriptsdir\\..\\..\\..\\Exploits\\EMTH15~1.1\\emth.exe";
|
|
|
|
string $doNB = "";
|
|
|
|
if ($argv[2] == "139") {
|
|
$doNB = " -b 1 ";
|
|
}
|
|
|
|
@record on;
|
|
if (`background redirect -tcp -lplisten 5555 -target $argv[1] $argv[2] -nodes 40`) {
|
|
echo "This touch can take a while, so you can background this if you'd like (if you do, you'll have to look at the output file yourself, and don't close the redirector!).";
|
|
@record off;
|
|
|
|
int $redirectID = GetCmdData("LastCommandId");
|
|
|
|
@echo on;
|
|
`local run -command "cmd /C $emthexe $doNB -r 2 -i 127.0.0.1 -p 5555 > $scriptsdir\\emthtouch.txt" -redirect`;
|
|
sleep (500);
|
|
|
|
|
|
@record on;
|
|
`local grep -mask "$scriptsdir\\emthtouch.txt" -pattern "IS vulnerable"`;
|
|
@record off;
|
|
|
|
if (prompt "Close the redirect now?") {
|
|
`stop $redirectID`;
|
|
|
|
}
|
|
|
|
|
|
}
|
|
@record off;
|
|
|