Merge branch 'master' of github.com:rapid7/metasploit-framework

2012-09-20 16:20:34 -05:00 · 2012-09-20 16:20:34 -05:00 · 1534c4af6f
parent 776d24d8a9 7fcc34766a
commit 1534c4af6f
4 changed files with 23 additions and 3 deletions
--- a/lib/msf/ui/console/driver.rb
+++ b/lib/msf/ui/console/driver.rb
@ -249,6 +249,13 @@ class Driver < Msf::Ui::Driver
 			# If the opt is nil here, we load ~/.msf3/msfconsole.rc
 			load_resource(opts['Resource'])
 		end
+
+		# Process any additional startup commands
+		if opts['XCommands'] and opts['XCommands'].kind_of? Array
+			opts['XCommands'].each { |c|
+				run_single(c)
+			}
+		end
 	end

 	#
--- a/modules/auxiliary/server/browser_autopwn.rb
+++ b/modules/auxiliary/server/browser_autopwn.rb
@ -476,6 +476,8 @@ class Metasploit3 < Msf::Auxiliary
 				multihandler.datastore['MODULE_OWNER'] = self.datastore['MODULE_OWNER']
 				multihandler.datastore['WORKSPACE'] = datastore["WORKSPACE"] if datastore["WORKSPACE"]
 				multihandler.datastore['ParentUUID'] = datastore["ParentUUID"] if datastore["ParentUUID"]
+				multihandler.datastore['CAMPAIGN_ID'] = datastore["CAMPAIGN_ID"] if datastore["CAMPAIGN_ID"]
+				multihandler.datastore['BAP'] = true
 				multihandler.datastore['AutopwnUUID'] = self.uuid
 				multihandler.datastore['LPORT'] = lport
 				multihandler.datastore['LHOST'] = @lhost
--- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb
+++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb
@ -27,9 +27,15 @@ class Metasploit3 < Msf::Exploit::Remote
 				This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When
 				rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner,
 				but the same memory is reused again later in the CMshtmlEd::Exec() function, leading
-				to a use-after-free condition.  Please note that this vulnerability has
-				been exploited in the wild since Sep 14 2012, and there is currently no official
-				patch for it.
+				to a use-after-free condition.
+
+				Please note that this vulnerability has	been exploited in the wild since Sep 14 2012,
+				and there is currently no official patch for it.
+
+				Also note that presently, this module has some target dependencies for the ROP chain to be
+				valid. For WinXP SP3 with IE8, msvcrt must be present (as it is by default).
+				For Vista or Win7 with IE8, or Win7 with IE9, JRE 1.6.x or below must be installed (which
+				is often the case).
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
--- a/5
+++ b/5
@ -101,6 +101,11 @@ class OptsConsole
 				options['DisableBanner'] = true
 			end

+			opts.on("-x", "-x <command>", "Execute the specified string as console commands (use ; for multiples)") do |s|
+				options['XCommands'] ||= []
+				options['XCommands'] += s.split(/\s*;\s*/)
+			end
+
 			opts.separator ""
 			opts.separator "Common options:"