From a319b8e5829dab2cd973344b4bc03c40c0346836 Mon Sep 17 00:00:00 2001 From: Matt Miller Date: Wed, 4 Apr 2007 02:04:37 +0000 Subject: [PATCH] got rid of duplicated code in browser exploits, fixes #71 git-svn-id: file:///home/svn/framework3/trunk@4642 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/exploit/http.rb | 10 ++++++++++ modules/exploits/windows/browser/aim_goaway.rb | 6 +----- .../windows/browser/ani_loadimage_chunksize.rb | 8 -------- .../exploits/windows/browser/apple_itunes_playlist.rb | 4 ---- .../exploits/windows/browser/apple_quicktime_rtsp.rb | 4 ---- modules/exploits/windows/browser/ie_createobject.rb | 4 ---- .../windows/browser/ie_iscomponentinstalled.rb | 4 ---- .../windows/browser/mcafee_mcsubmgr_vsprintf.rb | 4 ---- modules/exploits/windows/browser/mirc_irc_url.rb | 4 ---- .../exploits/windows/browser/ms03_020_ie_objecttype.rb | 4 ---- .../windows/browser/ms06_001_wmf_setabortproc.rb | 8 -------- .../windows/browser/ms06_013_createtextrange.rb | 4 ---- .../exploits/windows/browser/ms06_055_vml_method.rb | 4 ---- .../windows/browser/ms06_057_webview_setslice.rb | 4 ---- modules/exploits/windows/browser/ms06_067_keyframe.rb | 8 -------- modules/exploits/windows/browser/realplayer_smil.rb | 4 ---- .../exploits/windows/browser/winamp_playlist_unc.rb | 8 -------- modules/exploits/windows/browser/xmplay_asx.rb | 4 ---- 18 files changed, 11 insertions(+), 85 deletions(-) diff --git a/lib/msf/core/exploit/http.rb b/lib/msf/core/exploit/http.rb index 230b65f6d4..91e12883e7 100644 --- a/lib/msf/core/exploit/http.rb +++ b/lib/msf/core/exploit/http.rb @@ -270,6 +270,13 @@ protected end + # + # By default, all HTTP servers are not subject to automatic exploitation + # + def autofilter + false + end + # # Ensures that gzip can be used. If not, an exception is generated. The # exception is only raised if the DisableGzip advanced option has not been @@ -285,7 +292,10 @@ protected # This method gives a derived class the opportunity to ensure that all # dependencies are present before initializing the service. # + # By default, all HTTP server mixins will try to use zlib. + # def check_dependencies + use_zlib end # diff --git a/modules/exploits/windows/browser/aim_goaway.rb b/modules/exploits/windows/browser/aim_goaway.rb index e5fac30a63..0aed395c28 100644 --- a/modules/exploits/windows/browser/aim_goaway.rb +++ b/modules/exploits/windows/browser/aim_goaway.rb @@ -1,5 +1,5 @@ ## -# $Id:$ +# $Id$ ## ## @@ -71,10 +71,6 @@ class Exploits::Windows::Browser::AimGoaway < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) diff --git a/modules/exploits/windows/browser/ani_loadimage_chunksize.rb b/modules/exploits/windows/browser/ani_loadimage_chunksize.rb index 5432488a7b..17c41f6093 100644 --- a/modules/exploits/windows/browser/ani_loadimage_chunksize.rb +++ b/modules/exploits/windows/browser/ani_loadimage_chunksize.rb @@ -108,14 +108,6 @@ class Exploits::Windows::Browser::IE_ANI_CVE_2007_0038 < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - - def check_dependencies - use_zlib - end - def on_request_uri(cli, request) mytarget = self.target diff --git a/modules/exploits/windows/browser/apple_itunes_playlist.rb b/modules/exploits/windows/browser/apple_itunes_playlist.rb index 2add4fc29e..c59447606d 100644 --- a/modules/exploits/windows/browser/apple_itunes_playlist.rb +++ b/modules/exploits/windows/browser/apple_itunes_playlist.rb @@ -59,10 +59,6 @@ class Exploits::Windows::Browser::Apple_Itunes_Playlist < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) diff --git a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb index df164ea5d9..f93a2da491 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb @@ -53,10 +53,6 @@ class Exploits::Windows::Browser::Apple_Quicktime_RTSP < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(client, request) return if ((p = regenerate_payload(client)) == nil) diff --git a/modules/exploits/windows/browser/ie_createobject.rb b/modules/exploits/windows/browser/ie_createobject.rb index 5838737a2f..99f8611bf5 100644 --- a/modules/exploits/windows/browser/ie_createobject.rb +++ b/modules/exploits/windows/browser/ie_createobject.rb @@ -81,10 +81,6 @@ class Exploits::Windows::Browser::IE_CreateObject < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) if (request.uri.match(/payload/)) diff --git a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb index bb4da01ab9..830e91b03c 100644 --- a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb +++ b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb @@ -51,10 +51,6 @@ class Exploits::Windows::Browser::IE_IsComponentInstalled < Msf::Exploit::Remote 'DisclosureDate' => 'Feb 24 2006')) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload diff --git a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb index 04a7a8adaf..4d19ec5604 100644 --- a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb +++ b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb @@ -68,10 +68,6 @@ class Exploits::Windows::Browser::McAfeeMcSubMgrVsprintf < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload diff --git a/modules/exploits/windows/browser/mirc_irc_url.rb b/modules/exploits/windows/browser/mirc_irc_url.rb index 26fc6ea6ab..d701703114 100644 --- a/modules/exploits/windows/browser/mirc_irc_url.rb +++ b/modules/exploits/windows/browser/mirc_irc_url.rb @@ -58,10 +58,6 @@ class Exploits::Windows::Browser::Mirc_Irc_Url < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) diff --git a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb index cc996169cf..569e0f1fd4 100644 --- a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb +++ b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb @@ -63,10 +63,6 @@ class Exploits::Windows::Browser::MS03_020_Ie_ObjectType < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) clean = 0x7ffdec50 ret = nil diff --git a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb index 8e444dd116..a9e36e604a 100644 --- a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb +++ b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb @@ -72,14 +72,6 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo 'DefaultTarget' => 0)) end - def autofilter - false - end - - def check_dependencies - use_zlib - end - def on_request_uri(cli, request) diff --git a/modules/exploits/windows/browser/ms06_013_createtextrange.rb b/modules/exploits/windows/browser/ms06_013_createtextrange.rb index 3cc552cb65..7a6319658d 100644 --- a/modules/exploits/windows/browser/ms06_013_createtextrange.rb +++ b/modules/exploits/windows/browser/ms06_013_createtextrange.rb @@ -68,10 +68,6 @@ class Exploits::Windows::Browser::MS06_013_CreateTextRange < Msf::Exploit::Remot 'DisclosureDate' => 'Mar 19 2006')) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload diff --git a/modules/exploits/windows/browser/ms06_055_vml_method.rb b/modules/exploits/windows/browser/ms06_055_vml_method.rb index e38b36268a..72725c0f4f 100644 --- a/modules/exploits/windows/browser/ms06_055_vml_method.rb +++ b/modules/exploits/windows/browser/ms06_055_vml_method.rb @@ -56,10 +56,6 @@ class Exploits::Windows::Browser::MS06_055_VML_Overflow < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload diff --git a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb index 3643b0dc01..2182e1147e 100644 --- a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb +++ b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb @@ -54,10 +54,6 @@ class Exploits::Windows::Browser::MS06_057_WebView_SetSlice < Msf::Exploit::Remo 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload diff --git a/modules/exploits/windows/browser/ms06_067_keyframe.rb b/modules/exploits/windows/browser/ms06_067_keyframe.rb index adb67c049e..22a246544c 100644 --- a/modules/exploits/windows/browser/ms06_067_keyframe.rb +++ b/modules/exploits/windows/browser/ms06_067_keyframe.rb @@ -69,14 +69,6 @@ class Exploits::Windows::Browser::MS06_067_KEYFRAME < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - - def check_dependencies - use_zlib - end - def on_request_uri(cli, request) return if ((p = regenerate_payload(cli)) == nil) diff --git a/modules/exploits/windows/browser/realplayer_smil.rb b/modules/exploits/windows/browser/realplayer_smil.rb index f84d76ebb1..7d63d287ec 100644 --- a/modules/exploits/windows/browser/realplayer_smil.rb +++ b/modules/exploits/windows/browser/realplayer_smil.rb @@ -60,10 +60,6 @@ class Exploits::Windows::Browser::Realplayer_Smil < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil) diff --git a/modules/exploits/windows/browser/winamp_playlist_unc.rb b/modules/exploits/windows/browser/winamp_playlist_unc.rb index 9477618da5..aecb668216 100644 --- a/modules/exploits/windows/browser/winamp_playlist_unc.rb +++ b/modules/exploits/windows/browser/winamp_playlist_unc.rb @@ -77,14 +77,6 @@ class Exploits::Windows::Browser::WinAmp_Playlist_UNC < Msf::Exploit::Remote ]) end - def autofilter - false - end - - def check_dependencies - use_zlib - end - def on_request_uri(cli, request) if (not request.uri.match(/\.pls$/i)) diff --git a/modules/exploits/windows/browser/xmplay_asx.rb b/modules/exploits/windows/browser/xmplay_asx.rb index c41849ac25..cc6b6fc310 100644 --- a/modules/exploits/windows/browser/xmplay_asx.rb +++ b/modules/exploits/windows/browser/xmplay_asx.rb @@ -58,10 +58,6 @@ class Exploits::Windows::Browser::Xmplay_Asx < Msf::Exploit::Remote 'DefaultTarget' => 0)) end - def autofilter - false - end - def on_request_uri(cli, request) # Re-generate the payload return if ((p = regenerate_payload(cli)) == nil)