Add a method for dealing with hardcoded URIs

Author: egypt

lib/msf/core/exploit/http/server.rb

@@ -205,6 +205,30 @@ def start_service(opts = {})
 		add_resource(uopts)
 	end
 
+	# Set {#on_request_uri} to handle the given +uri+ in addition to the one
+	# specified by the user in URIPATH.
+	#
+	# @note This MUST be called from {#primer} so that the service has been set
+	# up but we have not yet entered the listen/accept loop.
+	#
+	# @param uri [String] The resource URI that should be handled by
+	#   {#on_request_uri}.
+	# @return [void]
+	def hardcoded_uripath(uri)
+		# we need to handle direct /epaq requests
+		proc = Proc.new do |cli, req|
+			on_request_uri(cli, req)
+		end
+
+		begin
+			vprint_status("Adding hardcoded uri #{uri}")
+			add_resource({'Path' => uri, 'Proc' => proc})
+		rescue RuntimeError => e
+			print_error("This module requires a hardcoded uri at #{uri}. Can't run while other modules are using it.")
+			raise e
+		end
+	end
+
 	# Take care of removing any resources that we created
 	def cleanup
 		@my_resources.each do |resource|

modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb

@@ -170,18 +170,14 @@ def get_target(agent)
 		end
 	end
 
+	def primer
+		# "/test.mp4" is currently hard-coded in the swf file, so we need to add to resource
+		hardcoded_uripath("/test.mp4")
+	end
+
 	def exploit
 		@swf = create_swf
 		super
-
-		#
-		# "/test.mp4" is currently hard-coded in the swf file, so we need to add to resource
-		#
-		proc = Proc.new do |cli, req|
-			self.add_resource({'Path' => "/test.mp4", 'Proc' => proc}) rescue nil
-			on_request_uri(cli, req)
-		end
-
 	end
 
 	def on_request_uri(cli, request)
@@ -275,12 +271,6 @@ def on_request_uri(cli, request)
 		send_response(cli, html, {'Content-Type'=>'text/html'})
 	end
 
-	def cleanup
-		print_status("Removing mp4 resource")
-		remove_resource('/test.mp4') rescue nil
-		super
-	end
-
 	def create_swf
 		path = ::File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-0754.swf" )
 		fd = ::File.open( path, "rb" )

modules/exploits/windows/browser/adobe_flash_otf_font.rb

@@ -204,16 +204,15 @@ def on_request_uri(cli, request)
 
 		html = html.gsub(/^\t\t/, '')
 
-		# we need to handle direct /pay.txt requests
-		proc = Proc.new do |cli, req|
-			on_request_uri(cli, req)
-		end
-		add_resource({'Path' => "/#{@resource_name}.txt", 'Proc' => proc}) rescue nil
-
 		print_status("Sending HTML")
 		send_response(cli, html, {'Content-Type'=>'text/html'})
 	end
 
+	def primer
+		# we need to handle direct /pay.txt requests
+		hardcoded_uripath("/#{@resource_name}.txt")
+	end
+
 	def exploit
 		@swf = create_swf
 		@resource_name = Rex::Text.rand_text_alpha(5)
@@ -235,10 +234,4 @@ def create_swf
 		return swf
 	end
 
-	def cleanup
-		vprint_status("Removing txt resource")
-		remove_resource("/#{@resource_name}.txt") rescue nil
-		super
-	end
-
 end

modules/exploits/windows/browser/citrix_gateway_actx.rb

@@ -60,6 +60,10 @@ def initialize(info = {})
 			'DefaultTarget'  => 0))
 	end
 
+	def primer
+		hardcoded_uripath("/epaq")
+	end
+
 	def exploit
 		@ocx = ::File.read(::File.join(Msf::Config.install_root, 'data', 'exploits', 'CVE-2011-2882', 'nsepa.ocx'))
 		super
@@ -184,12 +188,6 @@ def on_request_uri(cli, request)
 
 		html = html.gsub(/^\t\t/, '')
 
-		# we need to handle direct /epaq requests
-		proc = Proc.new do |cli, req|
-			on_request_uri(cli, req)
-		end
-
-		add_resource({'Path' => "/epaq", 'Proc' => proc}) rescue nil
 		print_status("Sending #{self.name} HTML")
 		send_response(cli, html, { 'Content-Type' => 'text/html' })
 	end

modules/exploits/windows/browser/honeywell_hscremotedeploy_exec.rb

@@ -55,6 +55,10 @@ def initialize(info={})
 			'DefaultTarget'  => 0))
 	end
 
+	def primer
+		hardcoded_uripath("/SystemDisplays/RemoteInstallWelcome.hta")
+	end
+
 	def exploit
 		@var_exename = rand_text_alpha(5 + rand(5)) + ".exe"
 		@dropped_files = [
@@ -198,13 +202,6 @@ def on_request_uri(cli, request)
 		</html>
 		EOS
 
-		# we need to handle direct /SystemDisplays/RemoteInstallWelcome.hta requests
-		proc = Proc.new do |cli, req|
-			on_request_uri(cli, req)
-		end
-
-		add_resource({'Path' => "/SystemDisplays/RemoteInstallWelcome.hta", 'Proc' => proc}) rescue nil
-
 		print_status("Sending html")
 		send_response(cli, html, {'Content-Type'=>'text/html'})