added support for use_gzip
git-svn-id: file:///home/svn/incoming/trunk@3303 4d416f70-5f16-0410-b530-b9f4589650daunstable
Matt Miller
parent
1a73949451
commit
e63ba080a8
|
|
@ -158,8 +158,30 @@ protected
|
|||
[
|
||||
OptString.new('URIPATH', [ false, "The URI to use for this exploit (default is random)"]),
|
||||
], Exploit::Remote::HttpServer)
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptBool.new('DisableGzip', [ false, "Disable the use of GZIP on HTTP responses", false ]),
|
||||
], Exploit::Remote::HttpServer)
|
||||
end
|
||||
|
||||
#
|
||||
# Ensures that gzip can be used. If not, an exception is generated. The
|
||||
# exception is only raised if the DisableGzip advanced option has not been
|
||||
# set.
|
||||
#
|
||||
def use_gzip
|
||||
if (!Rex::Text.gzip_present? and datastore['DisableGzip'] != true)
|
||||
raise RuntimeError, "GZIP support was not detected, set the DisableGzip advanced option to use non-compressed HTTP responses"
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# This method gives a derived class the opportunity to ensure that all
|
||||
# dependencies are present before initializing the service.
|
||||
#
|
||||
def check_dependencies
|
||||
end
|
||||
|
||||
#
|
||||
# This mixin starts the HTTP server listener. This routine takes a few
|
||||
|
|
@ -170,6 +192,8 @@ protected
|
|||
# Uri => The URI to handle and the associated procedure to call.
|
||||
#
|
||||
def start_service(opts = {})
|
||||
check_dependencies
|
||||
|
||||
# Default the server host and port to what is required by the mixin.
|
||||
opts = {
|
||||
'ServerHost' => datastore['SRVHOST'],
|
||||
|
|
@ -252,6 +276,9 @@ protected
|
|||
# Transmits an gzip-encoded HTML response to the supplied client.
|
||||
#
|
||||
def send_html_gzip_response(cli, body, headers = {})
|
||||
# Just call the normal response method if gzip is disabled.
|
||||
return send_html_response(cli, body, headers) if (datastore['DisableGzip'])
|
||||
|
||||
response = create_response
|
||||
response['Content-Type'] = 'text/html'
|
||||
response['Content-Encoding'] = 'gzip'
|
||||
|
|
|
|||
|
|
@ -57,6 +57,10 @@ class Exploits::Windows::Browser::MetafileAbortProc < Msf::Exploit::Remote
|
|||
'DefaultTarget' => 0))
|
||||
end
|
||||
|
||||
def check_dependencies
|
||||
use_gzip
|
||||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
|
||||
if (not request.uri.match(/\.(wmf|tiff)$/i))
|
||||
|
|
|
|||
Loading…
Reference in New Issue