Remove spurious cli.peerhost in output
James Lee
parent
1f577b24b2
commit
9cdd8912c5
|
|
@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html; charset=utf-8' })
|
||||
handler(cli)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' })
|
||||
handler(cli)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -90,15 +90,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def on_request_uri( cli, request )
|
||||
msg = "#{cli.peerhost.ljust(16)} #{self.shortname}"
|
||||
|
||||
if not request.uri.match(/\.xpi$/i)
|
||||
if not request.uri.match(/\/$/)
|
||||
send_redirect( cli, get_resource() + '/', '')
|
||||
return
|
||||
end
|
||||
|
||||
print_status("#{msg} Handling request..." )
|
||||
print_status("Handling request..." )
|
||||
|
||||
send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )
|
||||
return
|
||||
|
|
@ -106,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
p = regenerate_payload(cli)
|
||||
if not p
|
||||
print_error("#{msg} Failed to generate the payload.")
|
||||
print_error("Failed to generate the payload.")
|
||||
# Send them a 404 so the browser doesn't hang waiting for data
|
||||
# that will never come.
|
||||
send_not_found(cli)
|
||||
|
|
@ -219,7 +217,7 @@ zip.add_file('overlay.xul', %q|<?xml version="1.0"?>
|
|||
<script><![CDATA[window.addEventListener("load", function(e) { startup(); }, false);]]></script>
|
||||
</overlay>|)
|
||||
|
||||
print_status("#{msg} Sending xpi and waiting for user to click 'accept'...")
|
||||
print_status("Sending xpi and waiting for user to click 'accept'...")
|
||||
send_response( cli, zip.pack, { 'Content-Type' => 'application/x-xpinstall' } )
|
||||
handler( cli )
|
||||
end
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ EOS
|
|||
print_status("Generating HTML container...")
|
||||
page = generate_itms_page(payload.encoded)
|
||||
#print_status("=> #{page}")
|
||||
print_status("Sending itms page to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending itms page")
|
||||
|
||||
header = { 'Content-Type' => 'text/html' }
|
||||
send_response_html(cli, page, header)
|
||||
|
|
|
|||
|
|
@ -101,7 +101,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
data = ""
|
||||
host = ""
|
||||
port = ""
|
||||
peer = "#{cli.peerhost}:#{cli.peerport}"
|
||||
|
||||
if not request.uri.match(/\.jar$/i)
|
||||
if not request.uri.match(/\/$/)
|
||||
|
|
@ -109,11 +108,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("#{peer} - Sending #{self.name}")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
payload = regenerate_payload( cli )
|
||||
if not payload
|
||||
print_error("#{peer} - Failed to generate the payload." )
|
||||
print_error("Failed to generate the payload." )
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -132,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status( "Generated jar to drop (#{jar.length} bytes)." )
|
||||
jar = Rex::Text.to_hex( jar, prefix="" )
|
||||
else
|
||||
print_error("#{peer} - Failed to generate the executable." )
|
||||
print_error("Failed to generate the executable." )
|
||||
return
|
||||
end
|
||||
else
|
||||
|
|
@ -141,10 +140,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
data = generate_payload_exe
|
||||
|
||||
if data
|
||||
print_status("#{peer} - Generated executable to drop (#{data.length} bytes)." )
|
||||
print_status("Generated executable to drop (#{data.length} bytes)." )
|
||||
data = Rex::Text.to_hex( data, prefix="" )
|
||||
else
|
||||
print_error("#{peer} - Failed to generate the executable." )
|
||||
print_error("Failed to generate the executable." )
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -154,7 +153,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status( "#{peer} - sending jar..." )
|
||||
print_status("Sending jar")
|
||||
send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
handler( cli )
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("#{self.name} handling request from #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("#{self.name} handling request")
|
||||
|
||||
payload = regenerate_payload( cli )
|
||||
if not payload
|
||||
|
|
@ -123,11 +123,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
jar = payload.encoded
|
||||
host = datastore['LHOST']
|
||||
port = datastore['LPORT']
|
||||
print_status( "Payload will be a Java reverse shell to #{host}:#{port} from #{cli.peerhost}..." )
|
||||
print_status("Payload will be a Java reverse shell")
|
||||
else
|
||||
port = datastore['LPORT']
|
||||
datastore['RHOST'] = cli.peerhost
|
||||
print_status( "Payload will be a Java bind shell on #{cli.peerhost}:#{port}..." )
|
||||
print_status("Payload will be a Java bind shell")
|
||||
end
|
||||
if jar
|
||||
print_status( "Generated jar to drop (#{jar.length} bytes)." )
|
||||
|
|
@ -155,7 +155,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status( "#{self.name} sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." )
|
||||
print_status( "Sending Applet.jar" )
|
||||
send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
handler( cli )
|
||||
|
|
|
|||
|
|
@ -116,13 +116,13 @@ No automatic targetting for now ...
|
|||
if (target.name =~ /Automatic/)
|
||||
case req.headers['User-Agent']
|
||||
when /Windows/i
|
||||
print_status("Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Windows target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[1]
|
||||
when /PPC Mac OS X/i
|
||||
print_status("Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X PPC target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[2]
|
||||
when /Intel Mac OS X/i
|
||||
print_status("Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X x86 target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[3]
|
||||
else
|
||||
print_status("Unknown target for: #{req.headers['User-Agent']}")
|
||||
|
|
@ -151,7 +151,7 @@ No automatic targetting for now ...
|
|||
end
|
||||
|
||||
# Display the applet loading HTML
|
||||
print_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response_html(cli, generate_html(payload.encoded),
|
||||
{
|
||||
'Content-Type' => 'text/html',
|
||||
|
|
@ -161,7 +161,7 @@ No automatic targetting for now ...
|
|||
end
|
||||
|
||||
# Send the actual applet over
|
||||
print_status("Sending applet to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending applet")
|
||||
send_response(cli, generate_applet(cli, req),
|
||||
{
|
||||
'Content-Type' => 'application/octet-stream',
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("#{self.name} handling request from #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("#{self.name} handling request")
|
||||
|
||||
send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )
|
||||
return
|
||||
|
|
@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
fd.close
|
||||
end
|
||||
|
||||
print_status( "Sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." )
|
||||
print_status("Sending Applet.jar")
|
||||
send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
handler( cli )
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("#{self.name} handling request from #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("#{self.name} handling request")
|
||||
|
||||
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
|
||||
return
|
||||
|
|
@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
fd.close
|
||||
end
|
||||
|
||||
print_status("#{self.name} Sending Applet.jar to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending Applet.jar")
|
||||
send_response(cli, jar.pack, { 'Content-Type' => "application/octet-stream" })
|
||||
|
||||
handler(cli)
|
||||
|
|
|
|||
|
|
@ -105,13 +105,13 @@ No automatic targetting for now ...
|
|||
if (target.name =~ /Automatic/)
|
||||
case req.headers['User-Agent']
|
||||
when /Windows/i
|
||||
print_status("Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Windows target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[1]
|
||||
when /PPC Mac OS X/i
|
||||
print_status("Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X PPC target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[2]
|
||||
when /Intel Mac OS X/i
|
||||
print_status("Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X x86 target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[3]
|
||||
else
|
||||
print_status("Unknown target for: #{req.headers['User-Agent']}")
|
||||
|
|
@ -140,7 +140,7 @@ No automatic targetting for now ...
|
|||
end
|
||||
|
||||
# Display the applet loading HTML
|
||||
print_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response_html(cli, generate_html(payload.encoded),
|
||||
{
|
||||
'Content-Type' => 'text/html',
|
||||
|
|
@ -150,7 +150,7 @@ No automatic targetting for now ...
|
|||
end
|
||||
|
||||
# Send the actual applet over
|
||||
print_status("Sending applet to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending applet")
|
||||
send_response(cli, generate_applet(cli, req),
|
||||
{
|
||||
'Content-Type' => 'application/octet-stream',
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status( "Handling request from #{cli.peerhost}:#{cli.peerport}..." )
|
||||
print_status( "Handling request" )
|
||||
|
||||
send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )
|
||||
return
|
||||
|
|
@ -150,9 +150,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
jar.sign(@key, @cert, @ca_certs)
|
||||
#File.open("payload.jar", "wb") { |f| f.write(jar.to_s) }
|
||||
|
||||
print_status(
|
||||
"Sending #{datastore['APPLETNAME']}.jar to #{cli.peerhost}. "+
|
||||
"Waiting for user to click 'accept'...")
|
||||
print_status("Sending #{datastore['APPLETNAME']}.jar. Waiting for user to click 'accept'...")
|
||||
send_response( cli, jar.to_s, { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
handler( cli )
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("#{self.name} handling request from #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("#{self.name} handling request")
|
||||
|
||||
send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )
|
||||
return
|
||||
|
|
@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
fd.close
|
||||
end
|
||||
|
||||
print_status( "Sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." )
|
||||
print_status( "Sending Applet.jar" )
|
||||
send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
handler( cli )
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' })
|
||||
|
||||
# Handle the payload
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' })
|
||||
|
||||
# Handle the payload
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
case request.uri
|
||||
when get_resource
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
content = "<body><script>"
|
||||
content << generate_evil_js(cli, request)
|
||||
content << "</script></body>"
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#{html_ftr}
|
||||
^
|
||||
when get_resource()
|
||||
print_status("Sending #{self.name} to #{cli.peerhost} for request #{request.uri}")
|
||||
print_status("Sending #{self.name} for request #{request.uri}")
|
||||
|
||||
js = %Q^
|
||||
if (window.opera) {
|
||||
|
|
@ -168,7 +168,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#{html_ftr}
|
||||
^
|
||||
else
|
||||
print_status("Sending 404 to #{cli.peerhost} for request #{request.uri}")
|
||||
print_status("Sending 404 for request #{request.uri}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
end
|
||||
|
|
|
|||
|
|
@ -106,13 +106,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (target.name =~ /Automatic/)
|
||||
case req.headers['User-Agent']
|
||||
when /Windows/i
|
||||
print_status("Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Windows target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[1]
|
||||
when /PPC Mac OS X/i
|
||||
print_status("Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X PPC target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[2]
|
||||
when /Intel Mac OS X/i
|
||||
print_status("Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Choosing a Mac OS X x86 target")
|
||||
@targetcache[cli.peerhost][:target] = self.targets[3]
|
||||
end
|
||||
end
|
||||
|
|
@ -139,13 +139,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# Display the applet loading HTML
|
||||
print_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response_html(cli, generate_html(), { 'Content-Type' => 'text/html' })
|
||||
return
|
||||
end
|
||||
|
||||
# Send the actual applet over
|
||||
print_status("Sending applet to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending applet")
|
||||
send_response(cli, generate_applet(cli, req), { 'Content-Type' => 'application/octet-stream' })
|
||||
|
||||
# Handle the payload
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
# remove the extra tabs
|
||||
html = html.gsub(/^\t\t/, '')
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, html, { 'Content-Type' => 'text/html' })
|
||||
|
||||
# handle the payload
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Grab reference to the target
|
||||
t = target
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the compressed response to the client
|
||||
send_response(cli, generate_tiff(p, t), { 'Content-Type' => 'image/tiff' })
|
||||
|
|
|
|||
|
|
@ -140,10 +140,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
|
||||
if request.uri =~ /\.sucatalog$/
|
||||
print_status("Sending initial distribution package to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending initial distribution package")
|
||||
body = generate_catalog(server)
|
||||
elsif request.uri =~ /\.dist$/
|
||||
print_status("Sending distribution script to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending distribution script")
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
body = generate_dist(p.encoded)
|
||||
else
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def on_request_uri(cli, request)
|
||||
print_user_agent(cli, request)
|
||||
|
||||
print_status("#{cli.peerhost}:#{cli.peerport} Sending crafted PDF")
|
||||
print_status("Sending crafted PDF")
|
||||
|
||||
ttf_data = make_ttf()
|
||||
|
||||
|
|
@ -98,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return unless cli && cli.peerhost
|
||||
return unless req && req.headers
|
||||
return unless ua = req.headers["User-Agent"]
|
||||
print_status "#{cli.peerhost}:#{cli.peerport} Request from browser: #{ua}"
|
||||
print_status "Request from browser: #{ua}"
|
||||
end
|
||||
|
||||
def make_ttf
|
||||
|
|
|
|||
|
|
@ -88,21 +88,21 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||
if my_target.nil?
|
||||
print_error("#{cli.peerhost}:#{cli.peerport} - Browser not supported: #{agent.to_s}")
|
||||
print_error("Browser not supported: #{agent.to_s}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
end
|
||||
|
||||
# The SWF requests our MP4 trigger
|
||||
if request.uri =~ /\.mp4$/
|
||||
print_status("#{cli.peerhost}:#{cli.peerport} - Sending MP4")
|
||||
print_status("Sending MP4")
|
||||
send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
|
||||
return
|
||||
end
|
||||
|
||||
# The SWF request itself
|
||||
if request.uri =~ /\.swf$/
|
||||
print_status("#{cli.peerhost}:#{cli.peerport} - Sending SWF")
|
||||
print_status("Sending SWF")
|
||||
send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash'})
|
||||
return
|
||||
end
|
||||
|
|
@ -166,7 +166,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
html = html.gsub(/^\t\t/, '')
|
||||
|
||||
print_status("Sending html to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
EOS
|
||||
|
||||
print_status("Sending #{self.name} HTML to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending #{self.name} HTML")
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -165,8 +165,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if my_target.name =~ /Automatic/
|
||||
my_target = get_target(request)
|
||||
if my_target.nil?
|
||||
print_error("Sending 404 for unknown user-agent")
|
||||
send_not_found(cli)
|
||||
print_error("#{cli.peerhost}:#{cli.peerport} Unknown user-agent")
|
||||
return
|
||||
end
|
||||
vprint_status("Target selected: #{my_target.name}")
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def on_request_uri(cli, request)
|
||||
|
||||
print_status("Sending crafted PDF w/SWF to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending crafted PDF w/SWF")
|
||||
|
||||
js_data = make_js(regenerate_payload(cli).encoded)
|
||||
pdf_data = make_pdf(@swf_data, js_data)
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ for(i = 0; i < 128; i++) { memory[i]= #{rand2} + #{rand1}; }
|
|||
# Create the pdf
|
||||
pdf = make_pdf(script)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response(cli, pdf, { 'Content-Type' => 'application/pdf' })
|
||||
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Create the pdf
|
||||
pdf = make_pdf(script)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response(cli, pdf, { 'Content-Type' => 'application/pdf' })
|
||||
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Create the pdf
|
||||
pdf = make_pdf(script, jbig2stream)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response(cli, pdf, { 'Content-Type' => 'application/pdf', 'Content-Disposition' => 'Attachment' }) #
|
||||
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ util.printd(#{rand3}, new Date());
|
|||
# Create the pdf
|
||||
pdf = make_pdf(script)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response(cli, pdf, { 'Content-Type' => 'application/pdf' })
|
||||
|
||||
|
|
|
|||
|
|
@ -123,10 +123,10 @@ EOS
|
|||
# Transmit the response to the client
|
||||
path = request.uri
|
||||
if (path =~ /\.DIR/i)
|
||||
print_status("Sending exploit DIR to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending exploit DIR")
|
||||
send_response(cli, @dir_data, { 'Content-Type' => 'application/octet-stream' })
|
||||
else
|
||||
print_status("Sending exploit HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response_html(cli, content)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Create the pdf
|
||||
pdf = make_pdf(script)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response(cli, pdf, { 'Content-Type' => 'application/pdf' })
|
||||
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Build the HTML content
|
||||
content = "<html><iframe src='aim:goaway?message=#{msg}'></html>"
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sploit += make_nops(970 - payload.encoded.length)
|
||||
sploit += "\">pwned!</bdo>"
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, sploit)
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/PAYLOAD/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
content = "[playlist]\r\n" + "NumberOfEntries=#{cruft}\r\n"
|
||||
content << "File#{cruft}=http://#{sploit}"
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content, { 'Content-Type' => 'text/html' })
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
my_target = get_target(agent)
|
||||
|
||||
if my_target.nil?
|
||||
print_error("Browser not supported: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
|
||||
print_error("Browser not supported: #{agent.to_s}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
end
|
||||
|
|
@ -152,7 +152,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
html = html.gsub(/\t\t/, '')
|
||||
|
||||
print_status("Sending html to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ function #{j_function}() {
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ for (#{j_counter} = 0; #{j_counter} < 22; #{j_counter}++)
|
|||
</script>
|
||||
</html>|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ setTimeout('window.location = "#{get_resource}";', 500);
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
|
||||
# Handle the payload
|
||||
|
|
@ -82,7 +82,7 @@ codebase='http://www.awingsoft.com/zips/WindsPly.CAB'>
|
|||
</object>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name} HTML")
|
||||
# Transmit the compressed response to the client
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ vulnerable.OnBeforeVideoDownload(evil_string);
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# "File Session" is used when the ActiveX tries to request the EXE
|
||||
agent = request.headers['User-Agent']
|
||||
if agent !~ /MSIE \d\.\d|File Session/
|
||||
print_error("Target not supported: #{cli.peerhost}:#{cli.peerport} (#{agent})")
|
||||
print_error("Target not supported: #{agent}")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/#{@payload_rand}/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
@ -106,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response_html(cli, content)
|
||||
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ Please wait...
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response_html(cli, content)
|
||||
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
|
||||
js.obfuscate
|
||||
html = "<html>\n\t<script>#{js}\t</script>\n</html>"
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, html)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
if request.uri.match(/nsepa/)
|
||||
print_status("Sending nsepa.ocx to #{cli.peerhost}")
|
||||
print_status("Sending nsepa.ocx")
|
||||
send_response(cli, @ocx, { 'Content-Type' => 'application/binary' })
|
||||
return
|
||||
end
|
||||
|
|
@ -195,7 +195,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
add_resource({'Path' => "/epaq", 'Proc' => proc}) rescue nil
|
||||
print_status("Sending #{self.name} HTML to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending #{self.name} HTML")
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ var #{strname} = new String('#{sploit}');
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Randomize the whitespace in the document
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -77,12 +77,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||
if my_target.nil?
|
||||
print_error("#{cli.peerhost}:#{cli.peerport} - Browser not supported: #{agent.to_s}")
|
||||
print_error("Browser not supported: #{agent.to_s}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
end
|
||||
|
||||
print_status("#{cli.peerhost}:#{cli.peerport} - Target set: #{my_target.name}")
|
||||
print_status("Target set: #{my_target.name}")
|
||||
|
||||
p = payload.encoded
|
||||
js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
|
||||
|
|
@ -126,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
EOS
|
||||
|
||||
print_status("#{cli.peerhost}:#{cli.peerport} - Sending html")
|
||||
print_status("Sending HTML")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ shell.execute("BATNAME");
|
|||
zip.add_file("header.xml", hdrxml)
|
||||
data = zip.pack
|
||||
|
||||
print_status("Sending file.dxstudio payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending file.dxstudio payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
|
||||
# Handle the payload
|
||||
|
|
@ -129,7 +129,7 @@ Please wait...
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name} HTML")
|
||||
# Transmit the compressed response to the client
|
||||
html.gsub!(/DXURL/, payload_url)
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response_html(cli, content)
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ while (#{rand1}.length <= 261) #{rand1} = #{rand1} + unescape('#{filler}');
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if (request.uri.match(/\.dll$/i))
|
||||
|
||||
print_status("Sending DLL to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending .NET DLL")
|
||||
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
|
|
@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
print_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name} HTML")
|
||||
|
||||
j_function = rand_text_alpha(rand(100)+1)
|
||||
j_url = rand_text_alpha(rand(100)+1)
|
||||
|
|
|
|||
|
|
@ -96,8 +96,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def on_request_uri(cli, request)
|
||||
|
||||
unless request['User-Agent'] =~ /MSIE/
|
||||
print_error("Sending 404 for unknown user-agent")
|
||||
send_not_found(cli)
|
||||
print_error("#{cli.peerhost}:#{cli.peerport} Unknown user-agent")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -135,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
EOS
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, content)
|
||||
handler(cli)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -101,8 +101,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def on_request_uri(cli, request)
|
||||
|
||||
unless request['User-Agent'] =~ /MSIE/
|
||||
print_error("Sending 404 for unknown user-agent")
|
||||
send_not_found(cli)
|
||||
print_error("#{cli.peerhost}:#{cli.peerport} Unknown user-agent")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -154,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
EOS
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, content)
|
||||
handler(cli)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ function check()
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ while (#{j_ret}.length < #{offset}) #{j_ret} += #{j_ret};
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ for(#{j_counter}=0;#{j_counter}<=#{offset};#{j_counter}++)#{j_ret}+=unescape('#{
|
|||
</html>|
|
||||
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'MC' ],
|
||||
'Version' => '$Revision$',
|
||||
|
||||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2009-0215' ],
|
||||
|
|
@ -113,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ try {
|
|||
</html>
|
||||
EOF
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Insert the shellcode
|
||||
content.gsub!('__pattern__', pattern)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
var_strmConv = rand_text_alpha(rand(5)+5);
|
||||
|
||||
p = regenerate_payload(cli);
|
||||
print_status("Request received from #{cli.peerhost}:#{cli.peerport}...");
|
||||
print_status("Request received for #{request.uri}");
|
||||
exe = generate_payload_exe({ :code => p.encoded })
|
||||
#print_status("Building vbs file...");
|
||||
# Build the content that will end up in the .vbs file
|
||||
|
|
@ -148,7 +148,7 @@ var #{var_fsobj_file} = #{var_fsobj}.OpenTextFile(#{var_writedir} + "\\\\" + "#{
|
|||
//</script></html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit html/javascript to #{cli.peerhost}:#{cli.peerport}...");
|
||||
print_status("Sending exploit html/javascript");
|
||||
print_status("Exe will be #{var_exename}.exe and must be manually removed from the %TEMP% directory on the target.");
|
||||
|
||||
# Transmit the response to the client
|
||||
|
|
|
|||
|
|
@ -177,7 +177,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
html << "\n<object classid='clsid:E589DA78-AD4C-4FC5-B6B9-9E47B110679E' id='#{vname}'></object>"
|
||||
html << "\n\t<script>#{js}\n\t</script>\n</html>"
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, html)
|
||||
|
|
|
|||
|
|
@ -238,8 +238,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
EOF
|
||||
|
||||
peer = "#{cli.peerhost.ljust(16)} #{self.shortname}"
|
||||
print_status("#{peer} Sending HTML...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
#Remove the extra tabs from content
|
||||
content = content.gsub(/^\t\t/, '')
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ EOS
|
|||
dir = [ Msf::Config.data_directory, "exploits", "cve-2010-3563" ]
|
||||
jar = p.encoded_jar
|
||||
jar.add_files(paths, dir)
|
||||
print_status("Sending Jar file to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending Jar")
|
||||
send_response(cli, jar.pack, { 'Content-Type' => "application/octet-stream" })
|
||||
handler(cli)
|
||||
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#print_status(jpath)
|
||||
|
||||
# Do what get_uri does so that we can replace it in the string
|
||||
# This could proably use the Host header from the request
|
||||
host = Rex::Socket.source_address(cli.peerhost)
|
||||
host_num = Rex::Socket.addr_aton(host).unpack('N').first
|
||||
code_url = jpath.sub(host, host_num.to_s)
|
||||
|
|
@ -137,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# connect to the client instead of using RHOST
|
||||
p = regenerate_payload(cli)
|
||||
|
||||
print_status("Sending class file to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending .class file")
|
||||
|
||||
cls = @java_class.dup
|
||||
cls[config_off,2] = [config.length].pack('n')
|
||||
|
|
@ -160,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</body>
|
||||
</html>
|
||||
EOS
|
||||
print_status("Sending HTML file to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response_html(cli, html)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending exploit HTML to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending exploit HTML")
|
||||
|
||||
# ActiveX params
|
||||
clsid = 'CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA'
|
||||
|
|
|
|||
|
|
@ -156,13 +156,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def on_request_uri(cli, request)
|
||||
|
||||
if request.uri =~ /\.jar$/i
|
||||
print_status("Sending JAR file to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending JAR")
|
||||
send_response(cli, @jar.pack, {'Content-Type'=>'application/octet-strem'})
|
||||
return
|
||||
end
|
||||
|
||||
if request.uri =~ /\.rmf$/i
|
||||
print_status("Sending RMF file to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending RMF file")
|
||||
send_response(cli, @rmf, {'Content-Type'=>'application/octet-strem'})
|
||||
return
|
||||
end
|
||||
|
|
@ -185,7 +185,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
html = html.gsub(/^\t\t/, '')
|
||||
|
||||
print_status("Sending html to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
elsif agent =~ /MSIE (6|7|8)\.0/
|
||||
ret = targets[1]
|
||||
else
|
||||
print_status("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Unknown User-Agent #{agent}")
|
||||
end
|
||||
|
||||
ret
|
||||
|
|
@ -165,13 +165,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#
|
||||
def process_get(cli, request, target, share_name)
|
||||
|
||||
print_status("Responding to \"GET #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Responding to \"GET #{request.uri}\" request")
|
||||
# dispatch based on extension
|
||||
if (request.uri =~ /\.dll$/i)
|
||||
#
|
||||
# DLL requests sent by IE and the WebDav Mini-Redirector
|
||||
#
|
||||
print_status("Sending DLL to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending DLL")
|
||||
|
||||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
@ -186,6 +186,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#
|
||||
# HTML requests sent by IE and Firefox
|
||||
#
|
||||
# This could probably use the Host header from the request
|
||||
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
|
||||
# Always prepare the UNC path, even if we dont use it for this request...
|
||||
|
|
@ -199,7 +200,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
# Provide the corresponding HTML page...
|
||||
if (request.uri =~ /\.shtml/i)
|
||||
print_status("Sending JS version HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending JS version HTML")
|
||||
# Javascript version...
|
||||
var_str = rand_text_alpha(8+rand(8))
|
||||
var_obj = rand_text_alpha(8+rand(8))
|
||||
|
|
@ -237,7 +238,7 @@ document.body.appendChild(#{var_obj3});
|
|||
</html>
|
||||
|
|
||||
elsif (request.uri =~ /\.htm/i)
|
||||
print_status("Sending non-JS version HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending non-JS version HTML")
|
||||
clsids = [ '8AD9C840-044E-11D1-B3E9-00805F499D93', 'CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA' ]
|
||||
clsid = clsids[rand(clsids.length)]
|
||||
html = %Q|<html>
|
||||
|
|
@ -256,7 +257,7 @@ docbase="#{docbase}"
|
|||
</html>
|
||||
|
|
||||
else
|
||||
print_status("Sending js detection HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending js detection HTML")
|
||||
|
||||
# NOTE: The JS version is preferred to the HTML version since it works on more JRE versions
|
||||
js_uri = rand_text_alphanumeric(8+rand(8)) + ".shtml"
|
||||
|
|
@ -290,7 +291,7 @@ document.location = "#{js_uri}";
|
|||
# OPTIONS requests sent by the WebDav Mini-Redirector
|
||||
#
|
||||
def process_options(cli, request, target)
|
||||
print_status("Responding to WebDAV \"OPTIONS #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Responding to WebDAV \"OPTIONS #{request.uri}\" request")
|
||||
headers = {
|
||||
#'DASL' => '<DAV:sql>',
|
||||
#'DAV' => '1, 2',
|
||||
|
|
@ -306,7 +307,7 @@ document.location = "#{js_uri}";
|
|||
#
|
||||
def process_propfind(cli, request, target)
|
||||
path = request.uri
|
||||
print_status("Received WebDAV \"PROPFIND #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Received WebDAV \"PROPFIND #{request.uri}\" request")
|
||||
body = ''
|
||||
|
||||
if (path =~ /\.dll$/i)
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
elsif agent =~ /MSIE (6|7|8)\.0/
|
||||
ret = targets[1]
|
||||
else
|
||||
print_status("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Unknown User-Agent #{agent}")
|
||||
end
|
||||
|
||||
ret
|
||||
|
|
@ -162,13 +162,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#
|
||||
def process_get(cli, request, target, share_name)
|
||||
|
||||
print_status("Responding to \"GET #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Responding to \"GET #{request.uri}\" request")
|
||||
# dispatch based on extension
|
||||
if (request.uri =~ /\.dll$/i)
|
||||
#
|
||||
# DLL requests sent by IE and the WebDav Mini-Redirector
|
||||
#
|
||||
print_status("Sending DLL to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending DLL")
|
||||
|
||||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
@ -188,6 +188,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (datastore['UNCPATH'])
|
||||
unc = datastore['UNCPATH'].dup
|
||||
else
|
||||
# This could probably use the Host header from the request
|
||||
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
unc = "\\\\" + my_host + "\\" + share_name
|
||||
end
|
||||
|
|
@ -213,11 +214,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
<resources><java java-vm-args='-Dhttp.agent=#{http_agent}"' /></resources>
|
||||
</jnlp>
|
||||
EOS
|
||||
print_status("Sending JNLP to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending JNLP")
|
||||
send_response(cli, jnlp_data, { 'Content-Type' => 'application/x-java-jnlp-file' })
|
||||
|
||||
else
|
||||
print_status("Sending redirect to the JNLP file to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Sending redirect to the JNLP file")
|
||||
jnlp_name = Rex::Text.rand_text_alpha(8 + rand(8))
|
||||
|
||||
jnlp_path = get_resource()
|
||||
|
|
@ -237,7 +238,7 @@ EOS
|
|||
# OPTIONS requests sent by the WebDav Mini-Redirector
|
||||
#
|
||||
def process_options(cli, request, target)
|
||||
print_status("Responding to WebDAV \"OPTIONS #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Responding to WebDAV \"OPTIONS #{request.uri}\" request")
|
||||
headers = {
|
||||
#'DASL' => '<DAV:sql>',
|
||||
#'DAV' => '1, 2',
|
||||
|
|
@ -253,7 +254,7 @@ EOS
|
|||
#
|
||||
def process_propfind(cli, request, target)
|
||||
path = request.uri
|
||||
print_status("Received WebDAV \"PROPFIND #{request.uri}\" request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Received WebDAV \"PROPFIND #{request.uri}\" request")
|
||||
body = ''
|
||||
|
||||
if (path =~ /\.dll$/i)
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response_html(cli, content)
|
||||
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
"</script>" +
|
||||
"</html>"
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Build the HTML content
|
||||
content = "<html><iframe src='irc://#{sploit}'></html>"
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -338,7 +338,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
html = html.gsub(/^\t\t/, '')
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
send_response(cli, html, {'Content-Type'=>'text/html'})
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
elsif (agent =~ /MSIE 6\.0/ && agent =~ /Windows NT 5\.0/)
|
||||
mytarget = targets[1] # IE6 on 2000
|
||||
else
|
||||
print_error("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_error("Unknown User-Agent #{agent}")
|
||||
end
|
||||
|
||||
mytarget
|
||||
|
|
@ -183,7 +183,7 @@ function #{func_main}()
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to client #{cli.peerhost}")
|
||||
print_status("Sending #{self.name}")
|
||||
# Transmit the compressed response to the client
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })
|
||||
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the compressed response to the client
|
||||
send_response(cli, generate_metafile(p), { 'Content-Type' => 'text/plain' })
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ function #{var_start}() {
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def on_request_uri(cli, request)
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# This is taken directly from Alex's exploit -- all credit goes to him.
|
||||
trigger_js = heaplib(
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# WebDAV requires that we use port 80 and the URIPATH is '/'
|
||||
|
||||
if datastore['SRVPORT'].to_i != 80 || datastore['URIPATH'] != '/'
|
||||
print_status("Mozilla request received from #{cli.peerhost}. To exploit Mozilla browsers, SRVPORT must be set to 80 and URIPATH must be '/'")
|
||||
print_status("Request received from Mozilla. To exploit Mozilla browsers, SRVPORT must be set to 80 and URIPATH must be '/'")
|
||||
cli.send_response(create_response(404, "File not found"))
|
||||
return
|
||||
end
|
||||
|
|
@ -182,7 +182,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
elsif agent =~ /(Windows NT 5\.2|MiniRedir\/5\.2)/
|
||||
target = targets[5] # Firefox on 2003
|
||||
else
|
||||
print_status("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Unknown User-Agent #{agent}")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -199,14 +199,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
elsif agent =~ /MSIE 6\.0/
|
||||
target = targets[1] # IE6 on NT, 2000, XP and 2003
|
||||
else
|
||||
print_status("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Unknown User-Agent #{agent}")
|
||||
return
|
||||
end
|
||||
|
||||
# Unknown user agent
|
||||
|
||||
else
|
||||
print_status("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Unknown User-Agent #{agent}")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -233,7 +233,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#
|
||||
|
||||
if request.method == 'OPTIONS'
|
||||
print_status("Received WebDAV OPTIONS request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Received WebDAV OPTIONS request")
|
||||
headers = {
|
||||
'DASL' => '<DAV:sql>',
|
||||
'DAV' => '1, 2',
|
||||
|
|
@ -245,7 +245,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
if request.method == 'PROPFIND'
|
||||
print_status("Received WebDAV PROPFIND request from #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("Received WebDAV PROPFIND request")
|
||||
|
||||
body = ''
|
||||
|
||||
|
|
@ -285,11 +285,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
"</body>" +
|
||||
"</html>"
|
||||
|
||||
print_status("Sending HTML page to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending HTML page")
|
||||
|
||||
send_response(cli, html)
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# ANI requests sent by IE and the WebDav Mini-Redirector
|
||||
|
|
@ -298,7 +298,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Re-generate the payload
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the compressed response to the client
|
||||
send_response(cli, generate_ani(p, target), { 'Content-Type' => 'application/octet-stream' })
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
data = generate_payload_exe({ :code => p.encoded })
|
||||
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending EXE payload")
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
return
|
||||
end
|
||||
|
|
@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
send_response_html(cli, content)
|
||||
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
content = Rex::Text.randomize_space(content)
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</html>
|
||||
|
|
||||
|
||||
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name}")
|
||||
|
||||
# Transmit the response to the client
|
||||
send_response_html(cli, content)
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if !(token and @state[token])
|
||||
|
||||
print_status("Sending #{self.name} init HTML to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending #{self.name} init HTML")
|
||||
token = rand_text_numeric(32)
|
||||
if ("/" == get_resource[-1,1])
|
||||
dll_uri = get_resource[0, get_resource.length - 1]
|
||||
|
|
@ -142,7 +142,7 @@ EOS
|
|||
|
||||
if (uri.match(/\.dll/i))
|
||||
|
||||
print_status("Sending DLL to #{cli.peerhost}:#{cli.peerport}...")
|
||||
print_status("Sending DLL")
|
||||
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
||||
|
|
@ -184,7 +184,7 @@ EOS
|
|||
# .NET DLL MODE
|
||||
#
|
||||
if(@state[token] == :dll)
|
||||
print_status("Sending exploit HTML to #{cli.peerhost}:#{cli.peerport} (Using .NET DLL)")
|
||||
print_status("Sending exploit HTML (Using .NET DLL)")
|
||||
|
||||
addr_a,addr_b = [vaddr].pack("V").unpack("v*").map{|v| "&##{v};" }
|
||||
bxml = Rex::Text.to_hex(%Q|
|
||||
|
|
@ -238,7 +238,7 @@ EOS
|
|||
# HEAP SPRAY MODE
|
||||
#
|
||||
else
|
||||
print_status("Sending exploit HTML to #{cli.peerhost}:#{cli.peerport} (Using Heap Spray)")
|
||||
print_status("Sending exploit HTML (Using Heap Spray)")
|
||||
|
||||
addr_a,addr_b = [0x0c0c0c0c].pack("V").unpack("v*").map{|v| "&##{v};" }
|
||||
bxml = Rex::Text.to_hex(%Q|
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue