diff --git a/lib/msf/core/exploit/http.rb b/lib/msf/core/exploit/http.rb index f206a1aa26..f224377d8f 100644 --- a/lib/msf/core/exploit/http.rb +++ b/lib/msf/core/exploit/http.rb @@ -158,8 +158,30 @@ protected [ OptString.new('URIPATH', [ false, "The URI to use for this exploit (default is random)"]), ], Exploit::Remote::HttpServer) + + register_advanced_options( + [ + OptBool.new('DisableGzip', [ false, "Disable the use of GZIP on HTTP responses", false ]), + ], Exploit::Remote::HttpServer) end + # + # Ensures that gzip can be used. If not, an exception is generated. The + # exception is only raised if the DisableGzip advanced option has not been + # set. + # + def use_gzip + if (!Rex::Text.gzip_present? and datastore['DisableGzip'] != true) + raise RuntimeError, "GZIP support was not detected, set the DisableGzip advanced option to use non-compressed HTTP responses" + end + end + + # + # This method gives a derived class the opportunity to ensure that all + # dependencies are present before initializing the service. + # + def check_dependencies + end # # This mixin starts the HTTP server listener. This routine takes a few @@ -170,6 +192,8 @@ protected # Uri => The URI to handle and the associated procedure to call. # def start_service(opts = {}) + check_dependencies + # Default the server host and port to what is required by the mixin. opts = { 'ServerHost' => datastore['SRVHOST'], @@ -252,6 +276,9 @@ protected # Transmits an gzip-encoded HTML response to the supplied client. # def send_html_gzip_response(cli, body, headers = {}) + # Just call the normal response method if gzip is disabled. + return send_html_response(cli, body, headers) if (datastore['DisableGzip']) + response = create_response response['Content-Type'] = 'text/html' response['Content-Encoding'] = 'gzip' diff --git a/modules/exploits/windows/browser/metafile_abortproc.rb b/modules/exploits/windows/browser/metafile_abortproc.rb index 5766969f18..ea102721db 100644 --- a/modules/exploits/windows/browser/metafile_abortproc.rb +++ b/modules/exploits/windows/browser/metafile_abortproc.rb @@ -57,6 +57,10 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote 'DefaultTarget' => 0)) end + def check_dependencies + use_gzip + end + def on_request_uri(cli, request) if (not request.uri.match(/\.(wmf|tiff)$/i))