To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
This module exploits a use-after-free vulnerability in the handling of
SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for
Windows. When SSL is re-established on a NDMP connection that previously
has had SSL established, the BIO struct for the connection's previous
SSL session is reused, even though it has previously been freed.
Successful exploitation will give remote code execution as the user of
the Backup Exec Remote Agent for Windows service, almost always
NT AUTHORITY\SYSTEM.
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
the fallback to the original default was failing because
it was assuming rhost was already set, so it would always
go back to the first default target. now the auto_target? method
only returns true if can pull an auto_target_host
Brent Cook