From c777b33fcbef37d3896d99d6cd002cb4f0120cfc Mon Sep 17 00:00:00 2001 From: adfoster-r7 Date: Fri, 3 Feb 2023 13:31:49 +0000 Subject: [PATCH] Update wiki to use latest ruby conventions --- ...ting-Metasploit-Framework-LoginScanners.md | 3 +- .../Get-Started-Writing-an-Exploit.md | 42 +++--- ...o-Send-an-HTTP-Request-Using-HttpClient.md | 2 - .../How-to-deprecate-a-Metasploit-module.md | 31 ++--- ...tarted-with-writing-an-auxiliary-module.md | 42 +++--- .../How-to-use-command-stagers.md | 121 ++++++++++-------- .../How-to-use-datastore-options.md | 40 +++--- ...How-to-write-a-HTTP-LoginScanner-Module.md | 29 +++-- ...wser-exploit-using-BrowserExploitServer.md | 61 +++++---- ...rite-a-browser-exploit-using-HttpServer.md | 38 +++--- ...-module-using-HttpServer-and-HttpClient.md | 62 +++++---- .../Module-Reference-Identifiers.md | 46 ++++--- 12 files changed, 262 insertions(+), 255 deletions(-) diff --git a/docs/metasploit-framework.wiki/Creating-Metasploit-Framework-LoginScanners.md b/docs/metasploit-framework.wiki/Creating-Metasploit-Framework-LoginScanners.md index 403117674c..bfe1d175a7 100644 --- a/docs/metasploit-framework.wiki/Creating-Metasploit-Framework-LoginScanners.md +++ b/docs/metasploit-framework.wiki/Creating-Metasploit-Framework-LoginScanners.md @@ -358,7 +358,6 @@ Pulling it all together, we get a new `ftp_login` module that looks something li # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/ftp' @@ -472,4 +471,4 @@ class Metasploit3 < Msf::Auxiliary end end end -``` \ No newline at end of file +``` diff --git a/docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md b/docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md index 17a9d72080..7c6aaa0c05 100644 --- a/docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md +++ b/docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md @@ -39,39 +39,39 @@ But of course, to begin, you most likely need a template to work with, and here # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking - def initialize(info={}) - super(update_info(info, - 'Name' => "[Vendor] [Software] [Root Cause] [Vulnerability type]", - 'Description' => %q{ - Say something that the user might need to know - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'Name' ], - 'References' => - [ + def initialize(info = {}) + super( + update_info( + info, + 'Name' => '[Vendor] [Software] [Root Cause] [Vulnerability type]', + 'Description' => %q{ + Say something that the user might need to know + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Name' ], + 'References' => [ [ 'URL', '' ] ], - 'Platform' => 'win', - 'Targets' => - [ - [ 'System or software version', + 'Platform' => 'win', + 'Targets' => [ + [ + 'System or software version', { 'Ret' => 0x41414141 # This will be available in `target.ret` } ] ], - 'Payload' => - { + 'Payload' => { 'BadChars' => "\x00" }, - 'Privileged' => false, - 'DisclosureDate' => "", - 'DefaultTarget' => 0)) + 'Privileged' => false, + 'DisclosureDate' => '', + 'DefaultTarget' => 0 + ) + ) end def check diff --git a/docs/metasploit-framework.wiki/How-to-Send-an-HTTP-Request-Using-HttpClient.md b/docs/metasploit-framework.wiki/How-to-Send-an-HTTP-Request-Using-HttpClient.md index 3396870673..d37bac4d38 100644 --- a/docs/metasploit-framework.wiki/How-to-Send-an-HTTP-Request-Using-HttpClient.md +++ b/docs/metasploit-framework.wiki/How-to-Send-an-HTTP-Request-Using-HttpClient.md @@ -164,8 +164,6 @@ Please note: The `normalize_uri` method will always follow these rules: ## Full Example ```ruby -require 'msf/core' - class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/docs/metasploit-framework.wiki/How-to-deprecate-a-Metasploit-module.md b/docs/metasploit-framework.wiki/How-to-deprecate-a-Metasploit-module.md index 9703590463..263bd17c65 100644 --- a/docs/metasploit-framework.wiki/How-to-deprecate-a-Metasploit-module.md +++ b/docs/metasploit-framework.wiki/How-to-deprecate-a-Metasploit-module.md @@ -48,8 +48,6 @@ msf > use exploit/windows/misc/test ## Code example ```ruby -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking @@ -58,22 +56,25 @@ class MetasploitModule < Msf::Exploit::Remote deprecated(Date.new(2014, 9, 21), 'exploit/linux/http/dlink_upnp_exec_noauth') def initialize(info = {}) - super(update_info(info, - 'Name' => 'Msf::Module::Deprecated Example', - 'Description' => %q{ - This shows how to use Msf::Module::Deprecated. - }, - 'Author' => [ 'sinn3r' ], - 'License' => MSF_LICENSE, - 'References' => [ [ 'URL', 'http://metasploit.com' ] ], - 'DisclosureDate' => 'Apr 01 2014', - 'Targets' => [ [ 'Automatic', { } ] ], - 'DefaultTarget' => 0 - )) + super( + update_info( + info, + 'Name' => 'Msf::Module::Deprecated Example', + 'Description' => %q{ + This shows how to use Msf::Module::Deprecated. + }, + 'Author' => [ 'sinn3r' ], + 'License' => MSF_LICENSE, + 'References' => [ [ 'URL', 'http://metasploit.com' ] ], + 'DisclosureDate' => '2014-04-01', + 'Targets' => [ [ 'Automatic', {} ] ], + 'DefaultTarget' => 0 + ) + ) end def exploit - print_debug("Code example") + print_debug('Code example') end end diff --git a/docs/metasploit-framework.wiki/How-to-get-started-with-writing-an-auxiliary-module.md b/docs/metasploit-framework.wiki/How-to-get-started-with-writing-an-auxiliary-module.md index 755d41b8e2..b977f0f2f7 100644 --- a/docs/metasploit-framework.wiki/How-to-get-started-with-writing-an-auxiliary-module.md +++ b/docs/metasploit-framework.wiki/How-to-get-started-with-writing-an-auxiliary-module.md @@ -53,19 +53,20 @@ Here's the most basic example of an auxiliary module. We'll explain a bit more a # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Auxiliary def initialize(info = {}) - super(update_info(info, - 'Name' => 'Module name', - 'Description' => %q{ - Say something that the user might want to know. - }, - 'Author' => [ 'Name' ], - 'License' => MSF_LICENSE - )) + super( + update_info( + info, + 'Name' => 'Module name', + 'Description' => %q{ + Say something that the user might want to know. + }, + 'Author' => [ 'Name' ], + 'License' => MSF_LICENSE + ) + ) end def run @@ -89,21 +90,22 @@ Because the ```Msf::Auxiliary::Scanner``` mixin is so popular, we figured you wa # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner def initialize(info = {}) - super(update_info(info, - 'Name' => 'Module name', - 'Description' => %q{ - Say something that the user might want to know. - }, - 'Author' => [ 'Name' ], - 'License' => MSF_LICENSE - )) + super( + update_info( + info, + 'Name' => 'Module name', + 'Description' => %q{ + Say something that the user might want to know. + }, + 'Author' => [ 'Name' ], + 'License' => MSF_LICENSE + ) + ) end def run_host(ip) diff --git a/docs/metasploit-framework.wiki/How-to-use-command-stagers.md b/docs/metasploit-framework.wiki/How-to-use-command-stagers.md index beecc3e8df..7016d11517 100644 --- a/docs/metasploit-framework.wiki/How-to-use-command-stagers.md +++ b/docs/metasploit-framework.wiki/How-to-use-command-stagers.md @@ -101,41 +101,46 @@ However, it is best to set the compatible list of flavors in `CmdStagerFlavor`, You also must create a ```def execute_command(cmd, opts = {})``` method in your module. This is how you define how to execute a command on the target. The parameter `cmd` is the command to execute. When writing the ```execute_cmd``` method, remember that **4. Decide on the supported payloads** -This is a bit new. CmdStagers are intended to support payloads that are uploaded, saved to disk, and launched, but many of the payloads in Metasploit Framework do not need to be saved to disk; these payloads are `ARCH_CMD` payloads that rely on software already present on the target system like netcat, bash, python, or ssh. Depending on whether the payload needs to be saved to disk or not changes what payloads are supported and how we launch the payload, so we must provide the user the ability to pick between the two. -The best way to let the user decide what kind of payload to use is by defining separate [targets](https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html#:~:text=Targets%20%2D%20The%20Targets,the%20target%20method.) + +CmdStagers are intended to support payloads that are uploaded, saved to disk, and launched, but many of the payloads in Metasploit Framework do not need to be saved to disk; these payloads are `ARCH_CMD` payloads that rely on software already present on the target system like netcat, bash, python, or ssh. Depending on whether the payload needs to be saved to disk or not changes what payloads are supported and how we launch the payload, so we must provide the user the ability to pick between the two. +The best way to let the user decide what kind of payload to use is by defining separate [[targets|Get-Started-Writing-an-Exploit.md]] + Here is an example targets section from a command injection module: -``` - 'Targets' => [ - [ - 'Unix Command', - { - 'Platform' => 'unix', - 'Arch' => ARCH_CMD, - 'Type' => :unix_cmd, - 'DefaultOptions' => { - 'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp', - 'RPORT' => 9000 - } - } - ], - [ - 'Linux (Dropper)', - { - 'Platform' => 'linux', - 'Arch' => [ARCH_X64], - 'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' }, - 'Type' => :linux_dropper - } - ], ``` + 'Targets' => [ + [ + 'Unix Command', + { + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Type' => :unix_cmd, + 'DefaultOptions' => { + 'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp', + 'RPORT' => 9000 + } + } + ], + [ + 'Linux (Dropper)', + { + 'Platform' => 'linux', + 'Arch' => [ARCH_X64], + 'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' }, + 'Type' => :linux_dropper + } + ], + +``` + The first target is the `ARCH_CMD` target and `unix` platform. This allows the user to select any payload that starts with `cmd/unix`. These payloads do not need to be saved to disk and can just be launched at the command line. The second is `ARCH_X64` and the platform is `linux`; this lets us choose any payload that starts with `linux/x64`. These targets must be saved to disk before they can be launched, and as such, you will often see this second type of payload referred to as a ‘dropper’ because the file must be ‘dropped’ to the disk before it can be executed. In each of the targets above, we’ve selected a default payload we know will work. **4. Executing a payload** As we said earlier, the way a payload is executed depends on the payload type. By including `Msf::Exploit::CmdStager` you are given access to a method called ```execute_cmdstager```. ```execute_cmdstager``` makes a list of required commands to upload, save, and execute your payload, then uses the ```execute_command``` method you defined earlier to run them on the target. Unfortunately, we just mentioned not all payloads need to be saved to disk. In the case of a payload that does not need to be saved to disk, we only need to call ```execute_command```. This problem of payload/method juggling sounds far worse than it is. Below is a quick example of how simple the ```exploit``` method will become if you have properly defined your targets as discussed in step 3: -``` + +```ruby def exploit print_status("Executing #{target.name} for #{datastore['PAYLOAD']}") case target['Type'] @@ -144,7 +149,9 @@ This problem of payload/method juggling sounds far worse than it is. Below is a when :linux_dropper execute_cmdstager end + end ``` + That’s it. If the user selects an `ARCH_CMD` payload, we call the ```execute_command``` method on the _already_ _encoded_ payload. You don’t need to worry about encoding the payload in your ```execute_command``` method. If the user has selected a binary payload like `ARCH_X64` or `ARCH_X86`, then we call ```execute_cmdstager``` which figures out how to save the file to disk and launch it based on the flavor you set earlier. @@ -165,22 +172,26 @@ class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::CmdStager - def initialize(info={}) - super(update_info(info, - 'Name' => "Command Injection Using CmdStager", - 'Description' => %q{ - This exploits a command injection using the command stager. - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'sinn3r' ], - 'References' => [ [ 'URL', 'http://metasploit.com' ] ], - 'Platform' => 'linux', - 'Targets' => [ [ 'Linux', {} ] ], - 'Payload' => { 'BadChars' => "\x00" }, - 'CmdStagerFlavor' => [ 'printf' ], - 'Privileged' => false, - 'DisclosureDate' => "2016-06-10", - 'DefaultTarget' => 0)) + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Command Injection Using CmdStager', + 'Description' => %q{ + This exploits a command injection using the command stager. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r' ], + 'References' => [ [ 'URL', 'http://metasploit.com' ] ], + 'Platform' => 'linux', + 'Targets' => [ [ 'Linux', {} ] ], + 'Payload' => { 'BadChars' => "\x00" }, + 'CmdStagerFlavor' => [ 'printf' ], + 'Privileged' => false, + 'DisclosureDate' => '2016-06-10', + 'DefaultTarget' => 0 + ) + ) end def execute_command(cmd, opts = {}) @@ -188,7 +199,7 @@ class MetasploitModule < Msf::Exploit::Remote end def exploit - print_status("Exploiting...") + print_status('Exploiting...') execute_cmdstager end @@ -213,19 +224,21 @@ def filter_bad_chars(cmd) cmd.gsub!(/ /, '+') end -def execute_command(cmd, opts = {}) - send_request_cgi({ - 'method' => 'GET', - 'uri' => '/ping.php', - 'encode_params' => false, - 'vars_get' => { - 'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}" - } - }) +def execute_command(cmd, _opts = {}) + send_request_cgi( + { + 'method' => 'GET', + 'uri' => '/ping.php', + 'encode_params' => false, + 'vars_get' => { + 'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}" + } + } + ) end def exploit - print_status("Exploiting...") + print_status('Exploiting...') execute_cmdstager end ``` @@ -538,5 +551,3 @@ Or set the :fetch key to `execute_cmdstager`: ```ruby execute_cmdstager(flavor: :fetch) ``` - - diff --git a/docs/metasploit-framework.wiki/How-to-use-datastore-options.md b/docs/metasploit-framework.wiki/How-to-use-datastore-options.md index 6b94f843a8..e76a70d52c 100644 --- a/docs/metasploit-framework.wiki/How-to-use-datastore-options.md +++ b/docs/metasploit-framework.wiki/How-to-use-datastore-options.md @@ -238,34 +238,34 @@ from the module's metadata, and update again. Here's an example of an exploit module's initialize portion with the DefaultOptions key: ```ruby -def initialize(info={}) - super(update_info(info, - 'Name' => "Module name", - 'Description' => %q{ - This is an example of setting the default value of RPORT using the DefaultOptions key - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'Name' ], - 'References' => - [ +def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Module name', + 'Description' => %q{ + This is an example of setting the default value of RPORT using the DefaultOptions key + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Name' ], + 'References' => [ [ 'URL', '' ] ], - 'Platform' => 'win', - 'Targets' => - [ + 'Platform' => 'win', + 'Targets' => [ [ 'Windows', { 'Ret' => 0x41414141 } ] ], - 'Payload' => - { + 'Payload' => { 'BadChars' => "\x00" }, - 'DefaultOptions' => - { + 'DefaultOptions' => { 'RPORT' => 8080 }, - 'Privileged' => false, - 'DisclosureDate' => "", - 'DefaultTarget' => 0)) + 'Privileged' => false, + 'DisclosureDate' => '', + 'DefaultTarget' => 0 + ) + ) end ``` diff --git a/docs/metasploit-framework.wiki/How-to-write-a-HTTP-LoginScanner-Module.md b/docs/metasploit-framework.wiki/How-to-write-a-HTTP-LoginScanner-Module.md index ff9112b976..63c02a35a5 100644 --- a/docs/metasploit-framework.wiki/How-to-write-a-HTTP-LoginScanner-Module.md +++ b/docs/metasploit-framework.wiki/How-to-write-a-HTTP-LoginScanner-Module.md @@ -245,7 +245,6 @@ A basic auxiliary module template in our case would be something like this: # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' require 'metasploit/framework/login_scanner/symantec_web_gateway' require 'metasploit/framework/credential_collection' @@ -256,21 +255,23 @@ class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner - def initialize(info={}) - super(update_info(info, - 'Name' => 'Symantec Web Gateway Login Utility', - 'Description' => %q{ - This module will attempt to authenticate to a Symantec Web Gateway. - }, - 'Author' => [ 'sinn3r' ], - 'License' => MSF_LICENSE, - 'DefaultOptions' => - { - 'RPORT' => 443, - 'SSL' => true, + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Symantec Web Gateway Login Utility', + 'Description' => %q{ + This module will attempt to authenticate to a Symantec Web Gateway. + }, + 'Author' => [ 'sinn3r' ], + 'License' => MSF_LICENSE, + 'DefaultOptions' => { + 'RPORT' => 443, + 'SSL' => true, 'SSLVersion' => 'TLS1' } - )) + ) + ) end def run_host(ip) diff --git a/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md b/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md index 76ba5bf4bc..577a4d7992 100644 --- a/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md +++ b/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md @@ -198,69 +198,68 @@ To get thing started, here's a code example you can use start developing your br # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer - def initialize(info={}) - super(update_info(info, - 'Name' => "BrowserExploitServer Example", - 'Description' => %q{ - This is an example of building a browser exploit using the BrowserExploitServer mixin - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'sinn3r' ], - 'References' => - [ + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'BrowserExploitServer Example', + 'Description' => %q{ + This is an example of building a browser exploit using the BrowserExploitServer mixin + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r' ], + 'References' => [ [ 'URL', 'http://metasploit.com' ] ], - 'Platform' => 'win', - 'BrowserRequirements' => - { - :source => /script|headers/i, + 'Platform' => 'win', + 'BrowserRequirements' => { + source: /script|headers/i }, - 'Targets' => - [ + 'Targets' => [ [ 'Automatic', {} ], [ 'Windows XP with IE 8', { - 'os_name' => 'Windows XP', - 'ua_name' => 'MSIE', - 'ua_ver' => '8.0' + 'os_name' => 'Windows XP', + 'ua_name' => 'MSIE', + 'ua_ver' => '8.0' } ], [ 'Windows 7 with IE 9', { - 'os_name' => 'Windows 7', - 'ua_name' => 'MSIE', - 'ua_ver' => '9.0' + 'os_name' => 'Windows 7', + 'ua_name' => 'MSIE', + 'ua_ver' => '9.0' } ] ], - 'Payload' => { 'BadChars' => "\x00" }, - 'DisclosureDate' => "Apr 1 2013", - 'DefaultTarget' => 0)) + 'Payload' => { 'BadChars' => "\x00" }, + 'DisclosureDate' => '2013-04-01', + 'DefaultTarget' => 0 + ) + ) end def exploit_template(target_info) - template = %Q| + template = %( Data source: <%=target_info[:source]%>
OS name: <%=target_info[:os_name]%>
UA name: <%=target_info[:ua_name]%>
UA version: <%=target_info[:ua_ver]%>
Java version: <%=target_info[:java]%>
Office version: <%=target_info[:office]%> - | + ) - return template, binding() + return template, binding end - def on_request_exploit(cli, request, target_info) + def on_request_exploit(cli, _request, target_info) send_exploit_html(cli, exploit_template(target_info)) end diff --git a/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-HttpServer.md b/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-HttpServer.md index 6f3290183a..146526f83d 100644 --- a/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-HttpServer.md +++ b/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-HttpServer.md @@ -78,36 +78,36 @@ To get things started, you can always use the following template to start develo # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer - def initialize(info={}) - super(update_info(info, - 'Name' => "HttpServer mixin example", - 'Description' => %q{ - Here's an example of using the HttpServer mixin - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'sinn3r' ], - 'References' => - [ + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'HttpServer mixin example', + 'Description' => %q{ + Here's an example of using the HttpServer mixin + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r' ], + 'References' => [ [ 'URL', 'http://metasploit.com' ] ], - 'Platform' => 'win', - 'Targets' => - [ + 'Platform' => 'win', + 'Targets' => [ [ 'Generic', {} ], ], - 'DisclosureDate' => "Apr 1 2013", - 'DefaultTarget' => 0)) + 'DisclosureDate' => '2013-04-01', + 'DefaultTarget' => 0 + ) + ) end - def on_request_uri(cli, request) - html = "hello" + def on_request_uri(cli, _request) + html = 'hello' send_response(cli, html) end diff --git a/docs/metasploit-framework.wiki/How-to-write-a-module-using-HttpServer-and-HttpClient.md b/docs/metasploit-framework.wiki/How-to-write-a-module-using-HttpServer-and-HttpClient.md index 321a4080ec..23442afaf3 100644 --- a/docs/metasploit-framework.wiki/How-to-write-a-module-using-HttpServer-and-HttpClient.md +++ b/docs/metasploit-framework.wiki/How-to-write-a-module-using-HttpServer-and-HttpClient.md @@ -7,48 +7,48 @@ Say you want to exploit a web server or web application. You have code execution Here is how you can set it up: ```ruby - ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML - def initialize(info={}) - super(update_info(info, - 'Name' => "HttpClient and HttpServer Example", - 'Description' => %q{ - This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time, - but this allows the HttpServer to terminate after a delay. - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'sinn3r' ], - 'References' => - [ + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'HttpClient and HttpServer Example', + 'Description' => %q{ + This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time, + but this allows the HttpServer to terminate after a delay. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r' ], + 'References' => [ ['URL', 'http://metasploit.com'] ], - 'Payload' => { 'BadChars' => "\x00" }, - 'Platform' => 'win', - 'Targets' => - [ + 'Payload' => { 'BadChars' => "\x00" }, + 'Platform' => 'win', + 'Targets' => [ [ 'Automatic', {} ], ], - 'Privileged' => false, - 'DisclosureDate' => "Dec 09 2013", - 'DefaultTarget' => 0)) + 'Privileged' => false, + 'DisclosureDate' => '2013-12-09', + 'DefaultTarget' => 0 + ) + ) - register_options( - [ - OptString.new('TARGETURI', [true, 'The path to some web application', '/']), - OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10]) - ], self.class) + register_options( + [ + OptString.new('TARGETURI', [true, 'The path to some web application', '/']), + OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10]) + ], self.class + ) end def on_request_uri(cli, req) @@ -58,15 +58,13 @@ class MetasploitModule < Msf::Exploit::Remote def primer print_status("Sending a malicious request to #{target_uri.path}") - send_request_cgi({'uri'=>normalize_uri(target_uri.path)}) + send_request_cgi({ 'uri' => normalize_uri(target_uri.path) }) end def exploit - begin - Timeout.timeout(datastore['HTTPDELAY']) { super } - rescue Timeout::Error - # When the server stops due to our timeout, this is raised - end + Timeout.timeout(datastore['HTTPDELAY']) { super } + rescue Timeout::Error + # When the server stops due to our timeout, this is raised end end ``` diff --git a/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md b/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md index c0a4abba8d..238404a79a 100644 --- a/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md +++ b/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md @@ -27,41 +27,39 @@ AKA (_deprecated_*) | anything | ~~`['AKA', 'shellshock']`~~ ## Code example of references in a module ```ruby -require 'msf/core' - class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking - def initialize(info={}) - super(update_info(info, - 'Name' => "Code Example", - 'Description' => %q{ - This is an example of a module using references - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'Unknown' ], - 'References' => - [ + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Code Example', + 'Description' => %q{ + This is an example of a module using references + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Unknown' ], + 'References' => [ [ 'CVE', '2014-9999' ], ['BID', '1234'], ['URL', 'http://example.com/blog.php?id=123'] ], - 'Platform' => 'win', - 'Targets' => - [ + 'Platform' => 'win', + 'Targets' => [ [ 'Example', { 'Ret' => 0x41414141 } ] ], - 'Payload' => - { + 'Payload' => { 'BadChars' => "\x00" }, - 'Privileged' => false, - 'DisclosureDate' => "Apr 1 2014", - 'DefaultTarget' => 0, - 'Notes' => { - 'AKA' => [ 'shellshock' ] + 'Privileged' => false, + 'DisclosureDate' => '2014-04-01', + 'DefaultTarget' => 0, + 'Notes' => { + 'AKA' => [ 'shellshock' ] } - )) + ) + ) end def exploit @@ -69,4 +67,4 @@ class MetasploitModule < Msf::Exploit::Remote end end -``` \ No newline at end of file +```