further revise templates

Author: Brent Cook

lib/msf/core/modules/external/shim.rb

@@ -7,20 +7,30 @@ def self.generate(module_path)
     mod = Msf::Modules::External::Bridge.open(module_path)
     return '' unless mod.meta
     case mod.meta['type']
-    when 'remote_exploit.cmd_stager.wget'
+    when 'remote_exploit_cmd_stager'
       remote_exploit_cmd_stager(mod)
     end
   end
 
+  def self.render_template(name, meta = {})
+    template = File.join(File.dirname(__FILE__), 'templates', name)
+    ERB.new(File.read(template)).result(binding)
+  end
+
+  def self.common_metadata(meta = {})
+    render_template('common_metadata.erb', meta)
+  end
+
   def self.mod_meta_common(mod, meta = {})
     meta[:path]        = mod.path.dump
     meta[:name]        = mod.meta['name'].dump
-    meta[:description] = mod.meta['description'].dump.strip
+    meta[:description] = mod.meta['description'].dump
     meta[:authors]     = mod.meta['authors'].map(&:dump).join(",\n          ")
     meta[:date]        = mod.meta['date'].dump
     meta[:references]  = mod.meta['references'].map do |r|
       "[#{r['type'].upcase.dump}, #{r['ref'].dump}]"
     end.join(",\n          ")
+
     meta[:options]     = mod.meta['options'].map do |n, o|
       "Opt#{o['type'].capitalize}.new(#{n.dump},
         [#{o['required']}, #{o['description'].dump}, #{o['default'].inspect}])"
@@ -37,14 +47,15 @@ def self.mod_meta_exploit(mod, meta = {})
     meta[:targets]     = mod.meta['targets'].map do |t|
       "[#{t['platform'].dump} + ' ' + #{t['arch'].dump}, {'Arch' => ARCH_#{t['arch'].upcase}, 'Platform' => #{t['platform'].dump} }]"
     end.join(",\n          ")
-
     meta
   end
 
   def self.remote_exploit_cmd_stager(mod)
     meta = mod_meta_common(mod)
     meta = mod_meta_exploit(mod, meta)
-    template = File.join(File.dirname(__FILE__), 'remote_exploit_cmd_stager.erb')
-    ERB.new(File.read(template)).result(binding)
+    meta[:command_stager_flavor] = mod.meta['payload']['command_stager_flavor'].dump
+    out = render_template('remote_exploit_cmd_stager.erb', meta)
+    File.write("/tmp/blah.rb", out)
+    out
   end
 end

lib/msf/core/modules/external/templates/common_metadata.erb

@@ -0,0 +1,7 @@
+      'Name'        => <%= meta[:name] %>,
+      'Description' => <%= meta[:description] %>,
+      'Author'      =>
+        [
+          <%= meta[:authors] %>
+        ],
+      'License'     => MSF_LICENSE,

lib/msf/core/modules/external/remote_exploit_cmd_stager.erb renamed to lib/msf/core/modules/external/templates/remote_exploit_cmd_stager.erb

@@ -9,13 +9,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'        => <%= meta[:name] %>,
-      'Description' => <%= meta[:description] %>,
-      'Author'      =>
-        [
-          <%= meta[:authors] %>
-        ],
-      'License'     => MSF_LICENSE,
+	  <%= common_metadata meta %>
       'References'  =>
         [
           <%= meta[:references] %>
@@ -49,6 +43,6 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def exploit
     print_status("Exploiting...")
-    execute_cmdstager({:flavor  => :wget})
+    execute_cmdstager({:flavor  => :<%= meta[:command_stager_flavor] %>})
   end
 end

modules/exploits/linux/smtp/haraka.py

@@ -34,12 +34,16 @@
         {'type': 'edb', 'ref': '41162'},
         {'type': 'url', 'ref': 'https://github.com/haraka/Haraka/pull/1606'},
      ],
-    'type': 'remote_exploit.cmd_stager.wget',
+    'type': 'remote_exploit_cmd_stager',
+    'wfsdelay': 5,
     'privileged': True,
     'targets': [
         {'platform': 'linux', 'arch': 'x64'},
         {'platform': 'linux', 'arch': 'x86'}
     ],
+    'payload': {
+        'command_stager_flavor': 'wget'
+    },
     'options': {
         'email_to': {'type': 'string', 'description': 'Email to send to, must be accepted by the server', 'required': True, 'default': 'admin@localhost'},
         'email_from': {'type': 'string', 'description': 'Address to send from', 'required': True, 'default': '[email protected]'},