Patch for an Issue #1280

This commit is contained in:
Miroslav Stampar 2015-06-29 10:05:16 +02:00
parent 8b63ee9bc3
commit 7b95a2d80d
2 changed files with 45 additions and 14 deletions

View File

@ -766,8 +766,14 @@ def _setMetasploit():
if conf.msfPath: if conf.msfPath:
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")): if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole")):
msfEnvPathExists = True msfEnvPathExists = True
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfvenom",)):
kb.msfVenom = True
elif all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfencode", "msfpayload")):
kb.msfVenom = False
else:
msfEnvPathExists = False
conf.msfPath = path conf.msfPath = path
break break
@ -798,15 +804,23 @@ def _setMetasploit():
for envPath in envPaths: for envPath in envPaths:
envPath = envPath.replace(";", "") envPath = envPath.replace(";", "")
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")): if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole")):
infoMsg = "Metasploit Framework has been found "
infoMsg += "installed in the '%s' path" % envPath
logger.info(infoMsg)
msfEnvPathExists = True msfEnvPathExists = True
conf.msfPath = envPath if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfvenom",)):
kb.msfVenom = True
elif all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfencode", "msfpayload")):
kb.msfVenom = False
else:
msfEnvPathExists = False
break if msfEnvPathExists:
infoMsg = "Metasploit Framework has been found "
infoMsg += "installed in the '%s' path" % envPath
logger.info(infoMsg)
conf.msfPath = envPath
break
if not msfEnvPathExists: if not msfEnvPathExists:
errMsg = "unable to locate Metasploit Framework installation. " errMsg = "unable to locate Metasploit Framework installation. "
@ -1794,6 +1808,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.matchRatio = None kb.matchRatio = None
kb.maxConnectionsFlag = False kb.maxConnectionsFlag = False
kb.mergeCookies = None kb.mergeCookies = None
kb.msfVenom = False
kb.multiThreadMode = False kb.multiThreadMode = False
kb.negativeLogic = False kb.negativeLogic = False
kb.nullConnection = None kb.nullConnection = None

View File

@ -24,6 +24,7 @@ from lib.core.common import randomRange
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.enums import DBMS from lib.core.enums import DBMS
@ -63,6 +64,7 @@ class Metasploit:
self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli")) self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode")) self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload")) self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom"))
if IS_WIN: if IS_WIN:
_ = conf.msfPath _ = conf.msfPath
@ -78,6 +80,7 @@ class Metasploit:
self._msfCli = "%s & ruby %s" % (_, self._msfCli) self._msfCli = "%s & ruby %s" % (_, self._msfCli)
self._msfEncode = "ruby %s" % self._msfEncode self._msfEncode = "ruby %s" % self._msfEncode
self._msfPayload = "%s & ruby %s" % (_, self._msfPayload) self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
self._msfVenom = "%s & ruby %s" % (_, self._msfVenom)
self._msfPayloadsList = { self._msfPayloadsList = {
"windows": { "windows": {
@ -361,7 +364,11 @@ class Metasploit:
self._cliCmd += " E" self._cliCmd += " E"
def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None): def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
self._payloadCmd = "%s %s" % (self._msfPayload, self.payloadConnStr) if kb.msfVenom:
self._payloadCmd = "%s -p" % self._msfVenom
else:
self._payloadCmd = self._msfPayload
self._payloadCmd += " %s" % self.payloadConnStr
self._payloadCmd += " EXITFUNC=%s" % exitfunc self._payloadCmd += " EXITFUNC=%s" % exitfunc
self._payloadCmd += " LPORT=%s" % self.portStr self._payloadCmd += " LPORT=%s" % self.portStr
@ -373,13 +380,22 @@ class Metasploit:
if Backend.isOs(OS.LINUX) and conf.privEsc: if Backend.isOs(OS.LINUX) and conf.privEsc:
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true" self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
if extra == "BufferRegister=EAX": if kb.msfVenom:
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format) if extra == "BufferRegister=EAX":
self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
if extra is not None: if extra is not None:
self._payloadCmd += " %s" % extra self._payloadCmd += " %s" % extra
else:
self._payloadCmd += " -f exe > \"%s\"" % outFile
else: else:
self._payloadCmd += " X > \"%s\"" % outFile if extra == "BufferRegister=EAX":
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
if extra is not None:
self._payloadCmd += " %s" % extra
else:
self._payloadCmd += " X > \"%s\"" % outFile
def _runMsfCliSmbrelay(self): def _runMsfCliSmbrelay(self):
self._forgeMsfCliCmdForSmbrelay() self._forgeMsfCliCmdForSmbrelay()