diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb index 399c0781c2..eac24a576d 100644 --- a/lib/msf/ui/console/driver.rb +++ b/lib/msf/ui/console/driver.rb @@ -249,6 +249,13 @@ class Driver < Msf::Ui::Driver # If the opt is nil here, we load ~/.msf3/msfconsole.rc load_resource(opts['Resource']) end + + # Process any additional startup commands + if opts['XCommands'] and opts['XCommands'].kind_of? Array + opts['XCommands'].each { |c| + run_single(c) + } + end end # diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index d07b1d4468..9a3314c7cd 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -476,6 +476,8 @@ class Metasploit3 < Msf::Auxiliary multihandler.datastore['MODULE_OWNER'] = self.datastore['MODULE_OWNER'] multihandler.datastore['WORKSPACE'] = datastore["WORKSPACE"] if datastore["WORKSPACE"] multihandler.datastore['ParentUUID'] = datastore["ParentUUID"] if datastore["ParentUUID"] + multihandler.datastore['CAMPAIGN_ID'] = datastore["CAMPAIGN_ID"] if datastore["CAMPAIGN_ID"] + multihandler.datastore['BAP'] = true multihandler.datastore['AutopwnUUID'] = self.uuid multihandler.datastore['LPORT'] = lport multihandler.datastore['LHOST'] = @lhost diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb index 25d395d13c..26145f29c2 100644 --- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb +++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb @@ -27,9 +27,15 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading - to a use-after-free condition. Please note that this vulnerability has - been exploited in the wild since Sep 14 2012, and there is currently no official - patch for it. + to a use-after-free condition. + + Please note that this vulnerability has been exploited in the wild since Sep 14 2012, + and there is currently no official patch for it. + + Also note that presently, this module has some target dependencies for the ROP chain to be + valid. For WinXP SP3 with IE8, msvcrt must be present (as it is by default). + For Vista or Win7 with IE8, or Win7 with IE9, JRE 1.6.x or below must be installed (which + is often the case). }, 'License' => MSF_LICENSE, 'Author' => diff --git a/msfconsole b/msfconsole index c21594147f..ea8add619e 100755 --- a/msfconsole +++ b/msfconsole @@ -101,6 +101,11 @@ class OptsConsole options['DisableBanner'] = true end + opts.on("-x", "-x ", "Execute the specified string as console commands (use ; for multiples)") do |s| + options['XCommands'] ||= [] + options['XCommands'] += s.split(/\s*;\s*/) + end + opts.separator "" opts.separator "Common options:"