From ae25c300e5fbbf6a2dedc46aabeb0b0cf72cfbd8 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Mon, 7 Oct 2013 17:31:34 -0400 Subject: [PATCH] Initial attempt to unify the command stagers. --- lib/msf/core/exploit/cmdstager.rb | 2 +- lib/msf/core/exploit/cmdstager_bourne.rb | 21 ----- lib/msf/core/exploit/cmdstager_debug_asm.rb | 41 --------- lib/msf/core/exploit/cmdstager_debug_write.rb | 41 --------- lib/msf/core/exploit/cmdstager_echo.rb | 34 ------- lib/msf/core/exploit/cmdstager_multi.rb | 88 +++++++++++++++++++ lib/msf/core/exploit/cmdstager_tftp.rb | 2 +- lib/msf/core/exploit/cmdstager_vbs.rb | 41 --------- lib/msf/core/exploit/cmdstager_vbs_adodb.rb | 41 --------- lib/msf/core/exploit/mixins.rb | 8 -- .../linux/http/linksys_wrt110_cmd_exec.rb | 4 +- .../exploits/multi/http/hp_sys_mgmt_exec.rb | 2 +- .../multi/http/jenkins_script_console.rb | 2 +- .../multi/http/netwin_surgeftp_exec.rb | 2 +- .../multi/sap/sap_mgmt_con_osexec_payload.rb | 2 +- .../sap/sap_soap_rfc_sxpg_call_system_exec.rb | 2 +- .../sap/sap_soap_rfc_sxpg_command_exec.rb | 2 +- modules/exploits/multi/ssh/sshexec.rb | 8 +- .../exploits/unix/webapp/zeroshell_exec.rb | 4 +- .../windows/browser/dxstudio_player_exec.rb | 2 +- .../http/hp_sitescope_runomagentcommand.rb | 2 +- .../http/sap_configservlet_exec_noauth.rb | 2 +- .../windows/mssql/mssql_linkcrawler.rb | 2 +- .../exploits/windows/mssql/mssql_payload.rb | 2 +- .../windows/mssql/mssql_payload_sqli.rb | 2 +- .../exploits/windows/mysql/mysql_payload.rb | 2 +- modules/exploits/windows/oracle/extjob.rb | 2 +- .../windows/winrm/winrm_script_exec.rb | 2 +- 28 files changed, 114 insertions(+), 251 deletions(-) delete mode 100644 lib/msf/core/exploit/cmdstager_bourne.rb delete mode 100644 lib/msf/core/exploit/cmdstager_debug_asm.rb delete mode 100644 lib/msf/core/exploit/cmdstager_debug_write.rb delete mode 100644 lib/msf/core/exploit/cmdstager_echo.rb create mode 100644 lib/msf/core/exploit/cmdstager_multi.rb delete mode 100644 lib/msf/core/exploit/cmdstager_vbs.rb delete mode 100644 lib/msf/core/exploit/cmdstager_vbs_adodb.rb diff --git a/lib/msf/core/exploit/cmdstager.rb b/lib/msf/core/exploit/cmdstager.rb index cf4b251161..c2f6720f00 100644 --- a/lib/msf/core/exploit/cmdstager.rb +++ b/lib/msf/core/exploit/cmdstager.rb @@ -63,7 +63,7 @@ module Exploit::CmdStager @exe = generate_payload_exe - @stager_instance = create_stager(@exe) + @stager_instance = create_stager(@exe, opts) cmd_list = @stager_instance.generate(opts) if (cmd_list.nil? or cmd_list.length < 1) diff --git a/lib/msf/core/exploit/cmdstager_bourne.rb b/lib/msf/core/exploit/cmdstager_bourne.rb deleted file mode 100644 index f4859105c7..0000000000 --- a/lib/msf/core/exploit/cmdstager_bourne.rb +++ /dev/null @@ -1,21 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -### -# -# This mixin provides an interface for staging cmd to arbitrary payloads -# -### -module Exploit::CmdStagerBourne - - include Msf::Exploit::CmdStager - - def create_stager(exe) - Rex::Exploitation::CmdStagerBourne.new(exe) - end -end - -end diff --git a/lib/msf/core/exploit/cmdstager_debug_asm.rb b/lib/msf/core/exploit/cmdstager_debug_asm.rb deleted file mode 100644 index acaeed53d0..0000000000 --- a/lib/msf/core/exploit/cmdstager_debug_asm.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -### -# -# This mixin provides an interface for staging cmd to arbitrary payloads -# -### -module Exploit::CmdStagerDebugAsm - - include Msf::Exploit::CmdStager - - def initialize(info = {}) - super - - register_advanced_options( - [ - OptString.new( 'DECODERSTUB', [ true, 'The debug.exe assembly listing decoder stub to use.', - File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_asm")]), - ], self.class) - end - - def create_stager(exe) - Rex::Exploitation::CmdStagerDebugAsm.new(exe) - end - - def execute_cmdstager(opts = {}) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end - - def generate_cmdstager(opts = {}, pl = nil) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end -end - -end diff --git a/lib/msf/core/exploit/cmdstager_debug_write.rb b/lib/msf/core/exploit/cmdstager_debug_write.rb deleted file mode 100644 index 53ded3ab55..0000000000 --- a/lib/msf/core/exploit/cmdstager_debug_write.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -### -# -# This mixin provides an interface for staging cmd to arbitrary payloads -# -### -module Exploit::CmdStagerDebugWrite - - include Msf::Exploit::CmdStager - - def initialize(info = {}) - super - - register_advanced_options( - [ - OptString.new( 'DECODERSTUB', [ true, 'The debug.exe file-writing decoder stub to use.', - File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_write")]), - ], self.class) - end - - def create_stager(exe) - Rex::Exploitation::CmdStagerDebugWrite.new(exe) - end - - def execute_cmdstager(opts = {}) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end - - def generate_cmdstager(opts = {}, pl = nil) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end -end - -end diff --git a/lib/msf/core/exploit/cmdstager_echo.rb b/lib/msf/core/exploit/cmdstager_echo.rb deleted file mode 100644 index a4e45d3daa..0000000000 --- a/lib/msf/core/exploit/cmdstager_echo.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -#### -# Allows for staging cmd to arbitrary payloads through the CmdStagerEcho. -# -# This stager uses the echo's "-e" flag, that enable interpretation of -# backslash escapes, to drop an ELF with the payload embedded to disk. -# The "-e" flag is usually available on linux environments. This stager -# has been found useful on restricted linux based embedded devices, and -# should work on either: -# * Systems with busy box's echo binary somewhere in $PATH. -# * Systems with bash/zsh whose echo builtin supports -en flags. -# * Systems with GNU coreutils echo which supports -en flags. -# -#### - -module Exploit::CmdStagerEcho - - include Msf::Exploit::CmdStager - - # Initializes a CmdStagerEcho instance for the supplied payload - # - # @param exe [String] The payload embedded into an ELF - # @return [Rex::Exploitation::CmdStagerEcho] Stager instance - def create_stager(exe) - Rex::Exploitation::CmdStagerEcho.new(exe) - end -end - -end diff --git a/lib/msf/core/exploit/cmdstager_multi.rb b/lib/msf/core/exploit/cmdstager_multi.rb new file mode 100644 index 0000000000..131b7c004b --- /dev/null +++ b/lib/msf/core/exploit/cmdstager_multi.rb @@ -0,0 +1,88 @@ +# -*- coding: binary -*- + +require 'msf/core/exploit/cmdstager' + +module Msf + +### +# +# This mixin provides an interface for staging cmd to arbitrary payloads +# +### +module Exploit::CmdStagerMulti + + include Msf::Exploit::CmdStager + + def initialize(info = {}) + super + + register_advanced_options( + [ + OptString.new('CMDSTAGER::DECODERSTUB', [ false, 'The decoder stub to use.', nil]), + ], self.class) + end + + def create_stager(exe, opts) + case opts[:flavor] + when :bourne + return Rex::Exploitation::CmdStagerBourne.new(exe) + when :debug_asm + return Rex::Exploitation::CmdStagerDebugAsm.new(exe) + when :debug_write + return Rex::Exploitation::CmdStagerDebugWrite.new(exe) + when :echo + return Rex::Exploitation::CmdStagerEcho.new(exe) + when :vbs, :vbs_adodb + return Rex::Exploitation::CmdStagerVBS.new(exe) + end + end + + def execute_cmdstager(opts = {}) + opts[:decoder] = guess_decoder(opts) if datastore['CMDSTAGER::DECODERSTUB'].nil? + super + end + + def generate_cmdstager(opts = {}, pl = nil) + if not opts.include?(:flavor) + default_flavor = guess_flavor + vprint_status("Using default stager: #{default_flavor}") + opts[:flavor] = default_flavor + end + opts[:decoder] = guess_decoder(opts) if datastore['CMDSTAGER::DECODERSTUB'].nil? + super + end + + def guess_decoder(opts) + case opts[:flavor] + when :debug_asm + return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm") + when :debug_write + return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write") + when :vbs + return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64") + when :vbs_adodb + return File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb") + end + return nil + end + + def guess_flavor + c_platform = nil + if target_platform.names.length == 1 + c_platform = target_platform.names.first + end + case c_platform + when 'linux', 'Linux' + return :bourne + when 'osx', 'OSX' + return :bourne + when 'unix', 'Unix' + return :bourne + when 'win', 'Windows' + return :vbs + end + return nil + end +end + +end diff --git a/lib/msf/core/exploit/cmdstager_tftp.rb b/lib/msf/core/exploit/cmdstager_tftp.rb index d827f2ac05..37db88ff1c 100644 --- a/lib/msf/core/exploit/cmdstager_tftp.rb +++ b/lib/msf/core/exploit/cmdstager_tftp.rb @@ -26,7 +26,7 @@ module Exploit::CmdStagerTFTP ], self.class) end - def create_stager(exe) + def create_stager(exe, opts) Rex::Exploitation::CmdStagerTFTP.new(exe) end diff --git a/lib/msf/core/exploit/cmdstager_vbs.rb b/lib/msf/core/exploit/cmdstager_vbs.rb deleted file mode 100644 index 7e3d05bd71..0000000000 --- a/lib/msf/core/exploit/cmdstager_vbs.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -### -# -# This mixin provides an interface for staging cmd to arbitrary payloads -# -### -module Exploit::CmdStagerVBS - - include Msf::Exploit::CmdStager - - def initialize(info = {}) - super - - register_advanced_options( - [ - OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.', - File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64")]), - ], self.class) - end - - def create_stager(exe) - Rex::Exploitation::CmdStagerVBS.new(exe) - end - - def execute_cmdstager(opts = {}) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end - - def generate_cmdstager(opts = {}, pl = nil) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end -end - -end diff --git a/lib/msf/core/exploit/cmdstager_vbs_adodb.rb b/lib/msf/core/exploit/cmdstager_vbs_adodb.rb deleted file mode 100644 index ddedf4343e..0000000000 --- a/lib/msf/core/exploit/cmdstager_vbs_adodb.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: binary -*- - -require 'msf/core/exploit/cmdstager' - -module Msf - -### -# -# This mixin provides an interface for staging cmd to arbitrary payloads -# -### -module Exploit::CmdStagerVBS::ADODB - - include Msf::Exploit::CmdStager - - def initialize(info = {}) - super - - register_advanced_options( - [ - OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.', - File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_adodb")]), - ], self.class) - end - - def create_stager(exe) - Rex::Exploitation::CmdStagerVBS.new(exe) - end - - def execute_cmdstager(opts = {}) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end - - def generate_cmdstager(opts = {}, pl = nil) - opts.merge!({ :decoder => datastore['DECODERSTUB'] }) - super - end -end - -end diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb index bafcf4a660..9f2fdd9669 100644 --- a/lib/msf/core/exploit/mixins.rb +++ b/lib/msf/core/exploit/mixins.rb @@ -19,14 +19,6 @@ require 'msf/core/exploit/php_exe' # CmdStagers require 'msf/core/exploit/cmdstager' -require 'msf/core/exploit/cmdstager_vbs' -require 'msf/core/exploit/cmdstager_vbs_adodb' -require 'msf/core/exploit/cmdstager_debug_write' -require 'msf/core/exploit/cmdstager_debug_asm' -require 'msf/core/exploit/cmdstager_tftp' -require 'msf/core/exploit/cmdstager_bourne' -require 'msf/core/exploit/cmdstager_echo' -require 'msf/core/exploit/cmdstager_printf' # Protocol require 'msf/core/exploit/tcp' diff --git a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb index 26d1c3c07b..62b375fdbd 100644 --- a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerEcho + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit test_login - execute_cmdstager + execute_cmdstager({:flavor => :echo}) end # Sends an HTTP request with authorization header to the router diff --git a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb index dabfe034c6..ba01ad5c1a 100644 --- a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb +++ b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb @@ -8,7 +8,7 @@ require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::Remote::HttpClient def initialize(info={}) diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb index 73e8d7adee..c1eec8a1f5 100644 --- a/modules/exploits/multi/http/jenkins_script_console.rb +++ b/modules/exploits/multi/http/jenkins_script_console.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/multi/http/netwin_surgeftp_exec.rb b/modules/exploits/multi/http/netwin_surgeftp_exec.rb index 5b993fb37f..92e756ed10 100644 --- a/modules/exploits/multi/http/netwin_surgeftp_exec.rb +++ b/modules/exploits/multi/http/netwin_surgeftp_exec.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb b/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb index 8a7ac17992..6a43600e07 100644 --- a/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb +++ b/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb @@ -12,7 +12,7 @@ class Metasploit4 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::EXE include Msf::Exploit::FileDropper diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb index a5a73f8f3e..dfa6dbf46c 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote Rank = GreatRanking - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb index 2b32642ace..605f4df1ec 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -26,7 +26,7 @@ class Metasploit4 < Msf::Exploit::Remote Rank = GreatRanking - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb index 027144e742..31c9e0a75f 100644 --- a/modules/exploits/multi/ssh/sshexec.rb +++ b/modules/exploits/multi/ssh/sshexec.rb @@ -9,7 +9,7 @@ require 'net/ssh' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking - include Msf::Exploit::CmdStagerBourne + include Msf::Exploit::CmdStagerMulti attr_accessor :ssh_socket @@ -71,6 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote OptString.new('USERNAME', [ true, "The user to authenticate as.", 'root' ]), OptString.new('PASSWORD', [ true, "The password to authenticate with.", '' ]), OptString.new('RHOST', [ true, "The target address" ]), + OptEnum.new('STAGER', [ true, "The flavor of stager to use", 'bourne', [ 'bourne', 'echo' ]]), Opt::RPORT(22) ], self.class ) @@ -83,6 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote end def execute_command(cmd, opts = {}) + vprint_status("Executing #{cmd}") begin Timeout.timeout(3) do self.ssh_socket.exec!("#{cmd}\n") @@ -125,7 +127,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit do_login(datastore['RHOST'], datastore['USERNAME'], datastore['PASSWORD'], datastore['RPORT']) - print_status("#{datastore['RHOST']}:#{datastore['RPORT']} - Sending Bourne stager...") - execute_cmdstager({:linemax => 500}) + print_status("#{datastore['RHOST']}:#{datastore['RPORT']} - Sending stager...") + execute_cmdstager({:linemax => 500, :flavor => datastore['STAGER'].to_sym}) end end diff --git a/modules/exploits/unix/webapp/zeroshell_exec.rb b/modules/exploits/unix/webapp/zeroshell_exec.rb index 8558d6edcb..3b02e7f8a4 100644 --- a/modules/exploits/unix/webapp/zeroshell_exec.rb +++ b/modules/exploits/unix/webapp/zeroshell_exec.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerEcho + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::EXE def initialize(info={}) @@ -149,7 +149,7 @@ class Metasploit3 < Msf::Exploit::Remote @session = login(admin_password) - execute_cmdstager + execute_cmdstager({:flavor => :echo}) end end diff --git a/modules/exploits/windows/browser/dxstudio_player_exec.rb b/modules/exploits/windows/browser/dxstudio_player_exec.rb index 4f53c8192d..587a9a0512 100644 --- a/modules/exploits/windows/browser/dxstudio_player_exec.rb +++ b/modules/exploits/windows/browser/dxstudio_player_exec.rb @@ -10,7 +10,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb index 8874861052..feceacd48a 100644 --- a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb +++ b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb b/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb index 21ff043ae7..2a56f8dce6 100644 --- a/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb +++ b/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit Rank = GreatRanking include Msf::Exploit::Remote::HttpClient - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti include Msf::Exploit::FileDropper def initialize(info = {}) diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb index cb0b1612b3..e9608e391d 100644 --- a/modules/exploits/windows/mssql/mssql_linkcrawler.rb +++ b/modules/exploits/windows/mssql/mssql_linkcrawler.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/windows/mssql/mssql_payload.rb b/modules/exploits/windows/mssql/mssql_payload.rb index 12d74503a5..677cb51cdc 100644 --- a/modules/exploits/windows/mssql/mssql_payload.rb +++ b/modules/exploits/windows/mssql/mssql_payload.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti #include Msf::Exploit::CmdStagerDebugAsm #include Msf::Exploit::CmdStagerDebugWrite #include Msf::Exploit::CmdStagerTFTP diff --git a/modules/exploits/windows/mssql/mssql_payload_sqli.rb b/modules/exploits/windows/mssql/mssql_payload_sqli.rb index 687cf8c45d..9bb47bc710 100644 --- a/modules/exploits/windows/mssql/mssql_payload_sqli.rb +++ b/modules/exploits/windows/mssql/mssql_payload_sqli.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL_SQLI - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/windows/mysql/mysql_payload.rb b/modules/exploits/windows/mysql/mysql_payload.rb index 6a03777b27..5ee5b7459e 100644 --- a/modules/exploits/windows/mysql/mysql_payload.rb +++ b/modules/exploits/windows/mysql/mysql_payload.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MYSQL - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super( diff --git a/modules/exploits/windows/oracle/extjob.rb b/modules/exploits/windows/oracle/extjob.rb index d3d7ad12e5..de56caad8b 100644 --- a/modules/exploits/windows/oracle/extjob.rb +++ b/modules/exploits/windows/oracle/extjob.rb @@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SMB - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {}) super(update_info(info, diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb index d768e8b5d2..ddc2f391e3 100644 --- a/modules/exploits/windows/winrm/winrm_script_exec.rb +++ b/modules/exploits/windows/winrm/winrm_script_exec.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::WinRM - include Msf::Exploit::CmdStagerVBS + include Msf::Exploit::CmdStagerMulti def initialize(info = {})