From 3248f02c2c0ea30409d573969c58e846fe734a03 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 23 Mar 2015 19:34:24 -0500 Subject: [PATCH] These exploits use :activex, so I update the usage for them --- .../windows/browser/adobe_flash_filters_type_confusion.rb | 8 ++++++-- modules/exploits/windows/browser/adobe_flash_pcre.rb | 8 ++++++-- .../exploits/windows/browser/adobe_flash_regex_value.rb | 8 ++++++-- .../windows/browser/advantech_webaccess_dvs_getcolor.rb | 8 ++++++-- .../windows/browser/aladdin_choosefilepath_bof.rb | 8 ++++++-- .../windows/browser/ms13_090_cardspacesigninhelper.rb | 8 ++++++-- .../windows/browser/x360_video_player_set_text_bof.rb | 7 ++++++- 7 files changed, 42 insertions(+), 13 deletions(-) diff --git a/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb b/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb index f17bd00082..51c07c75bf 100644 --- a/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb +++ b/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb @@ -51,8 +51,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", - :method => "LoadMovie", + :activex => [ + { + :clsid => '{D27CDB6E-AE6D-11cf-96B8-444553540000}', + :method => 'LoadMovie' + } + ], :os_name => OperatingSystems::Match::WINDOWS, :ua_name => Msf::HttpClients::IE, :flash => lambda { |ver| ver =~ /^11\.[7|8|9]/ && ver < '11.9.900.170' } diff --git a/modules/exploits/windows/browser/adobe_flash_pcre.rb b/modules/exploits/windows/browser/adobe_flash_pcre.rb index 121e93a227..894deef85a 100644 --- a/modules/exploits/windows/browser/adobe_flash_pcre.rb +++ b/modules/exploits/windows/browser/adobe_flash_pcre.rb @@ -46,8 +46,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{#{CLASSID}}", - :method => "LoadMovie", + :activex => [ + { + :clsid => "{#{CLASSID}}", + :method => "LoadMovie" + } + ], :os_name => OperatingSystems::Match::WINDOWS_7, :ua_name => Msf::HttpClients::IE, # Ohter versions are vulnerable but .235 is the one that works for me pretty well diff --git a/modules/exploits/windows/browser/adobe_flash_regex_value.rb b/modules/exploits/windows/browser/adobe_flash_regex_value.rb index d5430d58e4..df882e11c7 100644 --- a/modules/exploits/windows/browser/adobe_flash_regex_value.rb +++ b/modules/exploits/windows/browser/adobe_flash_regex_value.rb @@ -55,8 +55,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", - :method => "LoadMovie", + :activex => [ + { + :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}", + :method => "LoadMovie" + } + ], :os_name => OperatingSystems::Match::WINDOWS, :ua_name => Msf::HttpClients::IE, :flash => lambda { |ver| ver =~ /^11\.5/ && ver < '11.5.502.149' } diff --git a/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb b/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb index bff97047fe..b947a8b2c4 100644 --- a/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb +++ b/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb @@ -43,8 +43,12 @@ class Metasploit3 < Msf::Exploit::Remote :os_name => OperatingSystems::Match::WINDOWS, :ua_name => /MSIE/i, :ua_ver => lambda { |ver| Gem::Version.new(ver) < Gem::Version.new('10') }, - :clsid => "{5CE92A27-9F6A-11D2-9D3D-000001155641}", - :method => "GetColor" + :activex => [ + { + :clsid => "{5CE92A27-9F6A-11D2-9D3D-000001155641}", + :method => "GetColor" + } + ] }, 'Payload' => { diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index c2c9c05d68..2baa047533 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -45,8 +45,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}", - :method => "ChooseFilePath", + :activex => [ + { + :clsid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}", + :method => "ChooseFilePath" + } + ], :os_name => OperatingSystems::Match::WINDOWS, }, 'Targets' => diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb index 2ec948e382..c6d9cca882 100644 --- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb +++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb @@ -73,8 +73,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{19916E01-B44E-4E31-94A4-4696DF46157B}", - :method => "requiredClaims", + :activex => [ + { + :clsid => "{19916E01-B44E-4E31-94A4-4696DF46157B}", + :method => "requiredClaims" + } + ], :os_name => OperatingSystems::Match::WINDOWS_XP }, 'Targets' => diff --git a/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb b/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb index 4e943e2e8b..f654a1c7cd 100644 --- a/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb +++ b/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb @@ -44,7 +44,12 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :clsid => "{4B3476C6-185A-4D19-BB09-718B565FA67B}", + :activex => [ + { + :clsid => "{4B3476C6-185A-4D19-BB09-718B565FA67B}", + :method => "ConvertFile" + } + ], :os_name => OperatingSystems::Match::WINDOWS, :ua_name => Msf::HttpClients::IE, :ua_ver => '10.0'