Skip to content

Generic HTTP DLL Injection Exploit Module #3076

Merged
merged 10 commits into from Mar 4, 2015

6 participants

@0x41414141

This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.

@0x41414141 0x41414141 Generic HTTP DLL Injection Exploit Module
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
019056d
@todb-r7 todb-r7 added the module label May 30, 2014
@todb-r7 todb-r7 added the feature label Nov 11, 2014
@hdm hdm self-assigned this Dec 12, 2014
@bcook-r7 bcook-r7 added the delayed label Jan 21, 2015
@bcook-r7
Rapid7 member

This requires the SMBFileServer support.

@jvazquez-r7 jvazquez-r7 assigned jvazquez-r7 and unassigned hdm Feb 13, 2015
wvu-r7 and others added some commits Feb 17, 2015
@wvu-r7 wvu-r7 Fix minor issue in chromecast_youtube a4c6e42
@0x41414141 0x41414141 Generic HTTP DLL Injection Exploit Module
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
e4bab60
@0x41414141 0x41414141 cleanups 728cfaf
@0x41414141 0x41414141 Add timeout to connection handler 666b8e3
@0x41414141 0x41414141 Modify SMB generation code to use primer based on #3074 changes to
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
4963992
@0x41414141 0x41414141 Merge branch 'module-generic_http_dllinject' of github.com:0x41414141…
…/metasploit-framework into module-generic_http_dllinject

Conflicts:
	modules/exploits/windows/http/generic_http_dll_server.rb
2fc9d3a
@0x41414141 0x41414141 Modify primer to utilise file_contents macro. a90ebfe
@jvazquez-r7

Processing it!

@jvazquez-r7 jvazquez-r7 merged commit a90ebfe into rapid7:master Mar 4, 2015

1 check failed

Details continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
@jvazquez-r7 jvazquez-r7 added a commit that referenced this pull request Mar 4, 2015
@jvazquez-r7 jvazquez-r7 Update #3076 branch d4738d8
@jvazquez-r7 jvazquez-r7 added a commit that referenced this pull request Mar 4, 2015
@jvazquez-r7 jvazquez-r7 Land #3076, @0x41414141's generic dll injection through HTTP module bcdf261
@jvazquez-r7

Landed after cleanup! @0x41414141 see final result here: bcdf261

I hadn't a vuln application to test, so tweaked with fake testing :) But checked with the HTTP request is sent with the UNC and loading the dll with rundll32.exe gets a session.

On the other hand, deleted StripExt option, because hadn't sense to me. If you don't want an extension just don't add it to the FILE_NAME option. I don't see which an extra option is required!

Thanks!

@0x41414141 0x41414141 deleted the unknown repository branch Mar 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.