metasploit-framework/modules/auxiliary/vsploit/pii/web_pii.rb

101 lines
2.3 KiB
Ruby
Raw Normal View History

##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
2011-11-20 02:12:07 +00:00
#
# This module acts as an compromised webserver distributing PII Data
#
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::PII
2011-11-20 02:12:07 +00:00
def initialize(info = {})
super(update_info(info,
'Name' => 'VSploit Web PII',
'Description' => 'This module emulates a webserver leaking PII data',
'License' => MSF_LICENSE,
'Author' => 'MJC',
'Version' => '$Revision: $',
'References' =>
[
[ 'URL', 'http://www.metasploit.com'],
],
'DefaultOptions' => { 'HTTP::server_name' => 'IIS'}
))
register_options(
[
OptBool.new('META_REFRESH', [ false, "Set page to auto refresh.", false]),
OptInt.new('REFRESH_TIME', [ false, "Set page refresh interval.", 15]),
OptInt.new('ENTRIES', [ false, "PII Entry Count", 1000])
],self.class)
end
def create_page
# Webpage Title
title = "vSploit PII Webserver"
sheep = <<-EOS
__________
< baaaaah! >
---------
\\
\\
,@;@,
;@;@( \\@;@;@;@;@;@,
/x @\\_|@;@;@;@;@;@;,
/ )@:@;@;@;@;@;@;@|)
*---;@;@;@;@;@;@;@;@;
';@;\;@;\;@;@
|| | \\ (
|| | // /
// ( // /
~~~~~ ~~~~
EOS
page = ""
page << "<html>\n<head>\n"
if datastore['META_REFRESH']
page << "<meta http-equiv=\"refresh\" content=\"#{datastore['REFRESH_TIME']}\">\n"
end
page << "<title>#{title}</title>\n</head>\n<body>\n"
page << "<pre>\n"
page << sheep
page << "Data Creation by: #{title}\n"
page << "Entries Per Page: #{datastore['ENTRIES']}\n"
if datastore['META_REFRESH']
page << "Refresh Interval: #{datastore['REFRESH_TIME']} Seconds\n"
end
# Start creating PII data
pii = create_pii()
page << "\n"
page << pii
page << "</pre>\n</body>\n</html>"
page
end
def on_request_uri(cli,request)
# Transmit the response to the client
res = create_page()
2012-04-25 19:24:17 +00:00
print_status("Leaking PII...")
send_response(cli, res, { 'Content-Type' => 'text/html' })
end
def run
exploit()
end
end