Module: Msf::Exploit::Remote::HttpServer::BrowserExploit

Includes:
Msf::Exploit::Remote::HttpServer
Defined in:
lib/msf/core/exploit/remote/http_server/browser_exploit.rb

Overview

This module provides methods for browser exploitation via javascript

Instance Attribute Summary

Attributes included from SocketServer

#service

Instance Method Summary collapse

Methods included from Msf::Exploit::Remote::HttpServer

#add_resource, #add_robots_resource, #autofilter, #check_dependencies, #cleanup, #cli, #cli=, #close_client, #create_response, #fingerprint_user_agent, #get_resource, #get_uri, #hardcoded_uripath, #on_request_uri, #print_prefix, #random_uri, #regenerate_payload, #remove_resource, #report_user_agent, #resource_uri, #send_local_redirect, #send_not_found, #send_redirect, #send_response, #send_robots, #srvhost_addr, #srvport, #use_zlib

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Methods included from TcpServer

#on_client_close, #on_client_connect, #ssl, #ssl_cert, #ssl_cipher, #ssl_compression, #ssl_version

Methods included from SocketServer

#_determine_server_comm, #bindhost, #bindport, #cleanup, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string

Instance Method Details

#add_debug_print_js(jscript) ⇒ Object


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/exploit/remote/http_server/browser_exploit.rb', line 44

def add_debug_print_js(jscript)
  if datastore['DEBUG_EXPLOIT']
    debugjs = <<~JS
      print = function(arg) {
        var request = new XMLHttpRequest();
        request.open("POST", "/print", false);
        request.send("" + arg);
      };
    JS

    jscript = "#{debugjs}#{jscript}"
  else
    jscript.gsub!(%r{//.*$}, '') # strip comments
    jscript.gsub!(/^\s*print\s*\(.*?\);\s*$/, '') # strip print(*);
  end
  jscript
end

#add_print_status_resourceObject


30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/exploit/remote/http_server/browser_exploit.rb', line 30

def add_print_status_resource
  proc = Proc.new do |cli, req|
    print_status("[*] #{req.body}")
    send_response(cli, '')
  end

  vprint_status('Adding hardcoded URI /print')
  begin
    add_resource('Path' => '/print', 'Proc' => proc)
  rescue RuntimeError => e
    print_warning(e.message)
  end
end

#initialize(info = {}) ⇒ Object


13
14
15
16
17
18
19
20
# File 'lib/msf/core/exploit/remote/http_server/browser_exploit.rb', line 13

def initialize(info = {})
  super
  register_advanced_options(
    [
      OptBool.new('DEBUG_EXPLOIT', [false, 'Show debug information during exploitation', false]),
    ], Exploit::Remote::HttpServer::BrowserExploit
  )
end

#start_service(opts = {}) ⇒ Object


22
23
24
25
26
27
28
# File 'lib/msf/core/exploit/remote/http_server/browser_exploit.rb', line 22

def start_service(opts = {})
  super(opts)

  if datastore['DEBUG_EXPLOIT']
    add_print_status_resource
  end
end