Use One CMDStagermixin
parent
0a99b549d6
commit
7ced5927d8
|
@ -1,97 +0,0 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'msf/core/exploit/cmdstager'
|
||||
|
||||
module Msf
|
||||
|
||||
###
|
||||
#
|
||||
# This mixin provides an interface for staging cmd to arbitrary payloads
|
||||
#
|
||||
###
|
||||
module Exploit::CmdStager::Multi
|
||||
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new('CMDSTAGER::DECODERSTUB', [ false, 'The decoder stub to use.', nil]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def create_stager(exe, opts)
|
||||
case opts[:flavor]
|
||||
when :bourne
|
||||
return Rex::Exploitation::CmdStagerBourne.new(exe)
|
||||
when :debug_asm
|
||||
return Rex::Exploitation::CmdStagerDebugAsm.new(exe)
|
||||
when :debug_write
|
||||
return Rex::Exploitation::CmdStagerDebugWrite.new(exe)
|
||||
when :echo
|
||||
return Rex::Exploitation::CmdStagerEcho.new(exe)
|
||||
when :printf
|
||||
return Rex::Exploitation::CmdStagerPrintf.new(exe)
|
||||
when :vbs, :vbs_adodb
|
||||
return Rex::Exploitation::CmdStagerVBS.new(exe)
|
||||
end
|
||||
end
|
||||
|
||||
def execute_cmdstager(opts = {})
|
||||
if not opts.include?(:flavor)
|
||||
default_flavor = guess_flavor
|
||||
vprint_status("Using default stager: #{default_flavor}")
|
||||
opts[:flavor] = default_flavor
|
||||
end
|
||||
|
||||
if not opts.include?(:decoder)
|
||||
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
|
||||
end
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def generate_cmdstager(opts = {}, pl = nil)
|
||||
if not opts.include?(:decoder)
|
||||
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
|
||||
end
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def guess_decoder(opts)
|
||||
case opts[:flavor]
|
||||
when :debug_asm
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
|
||||
when :debug_write
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
|
||||
when :vbs
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
|
||||
when :vbs_adodb
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
def guess_flavor
|
||||
c_platform = nil
|
||||
if target_platform.names.length == 1
|
||||
c_platform = target_platform.names.first
|
||||
end
|
||||
case c_platform
|
||||
when 'linux', 'Linux'
|
||||
return :bourne
|
||||
when 'osx', 'OSX'
|
||||
return :bourne
|
||||
when 'unix', 'Unix'
|
||||
return :bourne
|
||||
when 'win', 'Windows'
|
||||
return :vbs
|
||||
end
|
||||
return nil
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -1,67 +0,0 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'rex/text'
|
||||
require 'msf/core/exploit/tftp'
|
||||
require 'msf/core/exploit/cmdstager'
|
||||
|
||||
module Msf
|
||||
|
||||
###
|
||||
#
|
||||
# This mixin provides an interface for staging cmd to arbitrary payloads
|
||||
#
|
||||
###
|
||||
module Exploit::CmdStager::TFTP
|
||||
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::TFTPServer
|
||||
|
||||
def initialize(info = {})
|
||||
super
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'TFTPHOST', [ false, 'The address of the machine hosting the file via TFTP.' ]),
|
||||
OptString.new( 'TFTPRSRC', [ false, 'The filename of the TFTP-hosted resource.' ]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def create_stager(exe, opts)
|
||||
Rex::Exploitation::CmdStagerTFTP.new(exe)
|
||||
end
|
||||
|
||||
def execute_cmdstager(opts = {})
|
||||
tftphost = datastore['TFTPHOST']
|
||||
tftphost ||= datastore['SRVHOST']
|
||||
tftphost ||= datastore['LHOST']
|
||||
|
||||
@exe_tag = datastore['TFTPRSRC']
|
||||
@exe_tag ||= Rex::Text.rand_text_alphanumeric(8)
|
||||
|
||||
opts.merge!({ :tftphost => tftphost, :transid => @exe_tag })
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
#
|
||||
# Start the service and register the file
|
||||
#
|
||||
def execute_cmdstager_begin(opts)
|
||||
start_service(@exe_tag, @exe)
|
||||
end
|
||||
|
||||
#
|
||||
# Stop the service
|
||||
#
|
||||
def execute_cmdstager_end(opts)
|
||||
stop_service
|
||||
end
|
||||
|
||||
def payload_exe
|
||||
return nil if not @stager_instance
|
||||
@stager_instance.payload_exe
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
|
@ -19,8 +19,12 @@ module Exploit::CmdStager
|
|||
#
|
||||
def initialize(info = {})
|
||||
super
|
||||
@cmd_list = nil
|
||||
@stager_instance = nil
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new('CMDSTAGER::DECODERSTUB', [ false, 'The decoder stub to use.', nil]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
||||
|
@ -28,10 +32,27 @@ module Exploit::CmdStager
|
|||
# Execute the command stager while showing the progress
|
||||
#
|
||||
def execute_cmdstager(opts = {})
|
||||
|
||||
# Starts select the correct stager
|
||||
unless opts.include?(:flavor)
|
||||
default_flavor = guess_flavor
|
||||
vprint_status("Using default stager: #{default_flavor}")
|
||||
opts[:flavor] = default_flavor
|
||||
end
|
||||
|
||||
unless opts.include?(:decoder)
|
||||
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
|
||||
end
|
||||
# Ends select the correct stager
|
||||
|
||||
cmd_list = generate_cmdstager(opts)
|
||||
|
||||
@stager_instance.setup(self)
|
||||
|
||||
begin
|
||||
execute_cmdstager_begin(opts)
|
||||
|
||||
|
||||
sent = 0
|
||||
total_bytes = 0
|
||||
cmd_list.each { |cmd| total_bytes += cmd.length }
|
||||
|
@ -51,6 +72,9 @@ module Exploit::CmdStager
|
|||
end
|
||||
|
||||
execute_cmdstager_end(opts)
|
||||
ensure
|
||||
@stager_instance.teardown
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
@ -59,11 +83,18 @@ module Exploit::CmdStager
|
|||
# and operating system.
|
||||
#
|
||||
def generate_cmdstager(opts = {}, pl = nil)
|
||||
|
||||
# starts Multi task
|
||||
unless opts.include?(:decoder)
|
||||
opts[:decoder] = datastore['CMDSTAGER::DECODERSTUB'] || guess_decoder(opts)
|
||||
end
|
||||
# ends Multi task
|
||||
|
||||
pl ||= payload.encoded
|
||||
|
||||
@exe = generate_payload_exe
|
||||
|
||||
@stager_instance = create_stager(@exe, opts)
|
||||
@stager_instance = create_stager(opts)
|
||||
cmd_list = @stager_instance.generate(opts)
|
||||
|
||||
if (cmd_list.nil? or cmd_list.length < 1)
|
||||
|
@ -84,6 +115,57 @@ module Exploit::CmdStager
|
|||
print_status("Command Stager progress - %7s done (%d/%d bytes)" % [percent, sent, total])
|
||||
end
|
||||
|
||||
def create_stager(opts)
|
||||
case opts[:flavor]
|
||||
when :bourne
|
||||
return Rex::Exploitation::CmdStagerBourne.new(@exe)
|
||||
when :debug_asm
|
||||
return Rex::Exploitation::CmdStagerDebugAsm.new(@exe)
|
||||
when :debug_write
|
||||
return Rex::Exploitation::CmdStagerDebugWrite.new(@exe)
|
||||
when :echo
|
||||
return Rex::Exploitation::CmdStagerEcho.new(@exe)
|
||||
when :printf
|
||||
return Rex::Exploitation::CmdStagerPrintf.new(@exe)
|
||||
when :vbs, :vbs_adodb
|
||||
return Rex::Exploitation::CmdStagerVBS.new(@exe)
|
||||
when :tftp
|
||||
return Rex::Exploitation::CmdStagerTFTP.new(@exe)
|
||||
end
|
||||
end
|
||||
|
||||
def guess_decoder(opts)
|
||||
case opts[:flavor]
|
||||
when :debug_asm
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")
|
||||
when :debug_write
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")
|
||||
when :vbs
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")
|
||||
when :vbs_adodb
|
||||
return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
def guess_flavor
|
||||
c_platform = nil
|
||||
if target_platform.names.length == 1
|
||||
c_platform = target_platform.names.first
|
||||
end
|
||||
case c_platform
|
||||
when 'linux', 'Linux'
|
||||
return :bourne
|
||||
when 'osx', 'OSX'
|
||||
return :bourne
|
||||
when 'unix', 'Unix'
|
||||
return :bourne
|
||||
when 'win', 'Windows'
|
||||
return :vbs
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
#
|
||||
# Methods to override - not used internally
|
||||
#
|
||||
|
|
|
@ -172,6 +172,19 @@ class CmdStagerBase
|
|||
nil
|
||||
end
|
||||
|
||||
# Should be overriden if the cmd stager needs to setup anything
|
||||
# before it's executed
|
||||
def setup(mod)
|
||||
|
||||
end
|
||||
|
||||
#
|
||||
# Should be overriden if the cmd stager needs to do any clenaup
|
||||
#
|
||||
def teardown
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -27,7 +27,6 @@ class CmdStagerTFTP < CmdStagerBase
|
|||
|
||||
def initialize(exe)
|
||||
super
|
||||
|
||||
@payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
|
||||
end
|
||||
|
||||
|
@ -51,11 +50,23 @@ class CmdStagerTFTP < CmdStagerBase
|
|||
super
|
||||
end
|
||||
|
||||
def setup_stager(mod)
|
||||
tftp = Rex::Proto::TFTP::Server.new
|
||||
tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
|
||||
tftp.start
|
||||
mod.add_socket(tftp) # Hating myself for doing it... but it's just a first demo
|
||||
end
|
||||
|
||||
def teardown_stager
|
||||
tftp.stop
|
||||
end
|
||||
|
||||
# NOTE: We don't use a concatenation operator here since we only have a couple commands.
|
||||
# There really isn't any need to combine them. Also, the ms01_026 exploit depends on
|
||||
# the start command being issued separately so that it can ignore it :)
|
||||
|
||||
attr_reader :exe
|
||||
attr_reader :payload_exe
|
||||
attr_accessor :tftp
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info={})
|
||||
|
@ -193,6 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
@cookie = ''
|
||||
|
||||
setup_stager
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = GoodRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = GoodRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = GoodRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -88,10 +88,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def windows_stager
|
||||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
Rank = GreatRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
Rank = GreatRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ require 'net/ssh'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
attr_accessor :ssh_socket
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
def initialize(info={})
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -50,11 +50,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def windows_stager
|
||||
|
||||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -52,11 +52,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def windows_stager
|
||||
|
||||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DefaultTarget' => 0,
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot")
|
||||
'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_noquot")
|
||||
},
|
||||
'DisclosureDate' => 'Jul 29 2013'))
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -53,11 +53,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def windows_stager
|
||||
|
||||
exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"
|
||||
|
||||
print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
|
||||
execute_cmdstager({ :temp => '.'})
|
||||
execute_cmdstager({ :temp => '.', :flavor => :tftp})
|
||||
@payload_exe = payload_exe
|
||||
|
||||
print_status("Attempting to execute the payload...")
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit
|
|||
Rank = GreatRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info = {})
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# NOTE: This cannot be an HttpClient module since the response from the server
|
||||
# is not a valid HttpResponse
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# Use the CMD stager to get a payload running
|
||||
execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname })
|
||||
execute_cmdstager({:temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp})
|
||||
|
||||
# Save these file names for later deletion
|
||||
@exe_cmd_copy = exe_fname
|
||||
|
|
|
@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStagerTFTP
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize
|
||||
super(
|
||||
|
@ -327,7 +327,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = exec_cmd(y, "cmd /c copy cmd.exe \\inetpub\\scripts\\#{exe_fname}", z)
|
||||
|
||||
# Use the CMD stager to get a payload running
|
||||
execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname })
|
||||
execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname, :flavor => :tftp })
|
||||
|
||||
# Save these file names for later deletion
|
||||
@exe_cmd_copy = exe_fname
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::Remote::MSSQL
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::MSSQL
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
#include Msf::Exploit::CmdStagerDebugAsm
|
||||
#include Msf::Exploit::CmdStagerDebugWrite
|
||||
#include Msf::Exploit::CmdStagerTFTP
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::MSSQL_SQLI
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::MYSQL
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(
|
||||
|
|
|
@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::SMB
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Rank = ManualRanking
|
||||
|
||||
include Msf::Exploit::Remote::WinRM
|
||||
include Msf::Exploit::CmdStagerMulti
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -41,6 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'WfsDelay' => 30,
|
||||
'EXITFUNC' => 'thread',
|
||||
'InitialAutoRunScript' => 'post/windows/manage/smart_migrate',
|
||||
'CMDSTAGER::DECODERSTUB' => File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_sleep")
|
||||
},
|
||||
'Platform' => 'win',
|
||||
'Arch' => [ ARCH_X86, ARCH_X86_64 ],
|
||||
|
@ -60,11 +61,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
], self.class
|
||||
)
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
||||
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_sleep")]),
|
||||
], self.class)
|
||||
@compat_mode = false
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue