Skip to content

Commit

Permalink
change nil guards to default values, nil or blank guards for certain …
Browse files Browse the repository at this point in the history
…datastore options
  • Loading branch information
zgoldman-r7 committed May 29, 2024
1 parent 306c66e commit 847b291
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 15 deletions.
4 changes: 2 additions & 2 deletions modules/exploits/linux/fileformat/unrar_cve_2022_30333.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def initialize(info = {})
OptString.new('FILENAME', [ false, 'The file name.', 'payload.rar']),
OptString.new('CUSTOM_PAYLOAD', [ false, 'A custom payload to encode' ]),
OptString.new('TARGET_PATH', [ true, 'The location the payload should extract to (can, and should, contain path traversal characters - "../../" - as well as a filename).']),
OptString.new('SYMLINK_FILENAME', [ false, 'The name of the symlink file to use (must be 12 characters or less; default: random)'])
OptString.new('SYMLINK_FILENAME', [ true, 'The name of the symlink file to use (must be 12 characters or less; default: random)', Rex::Text.rand_text_alpha_lower(4..12)])
]
)
end
Expand All @@ -80,7 +80,7 @@ def exploit
end

begin
rar = encode_as_traversal_rar(datastore['SYMLINK_FILENAME'] || Rex::Text.rand_text_alpha_lower(4..12), datastore['TARGET_PATH'], payload_data)
rar = encode_as_traversal_rar(datastore['SYMLINK_FILENAME'], datastore['TARGET_PATH'], payload_data)
rescue StandardError => e
fail_with(Failure::BadConfig, "Failed to encode RAR file: #{e}")
end
Expand Down
8 changes: 2 additions & 6 deletions modules/exploits/multi/fileformat/office_word_macro.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ def initialize(info={})
))

register_options([
OptPath.new("CUSTOMTEMPLATE", [false, 'A docx file that will be used as a template to build the exploit']),
OptPath.new("CUSTOMTEMPLATE", [true, 'A docx file that will be used as a template to build the exploit', File.join(macro_resource_directory, 'template.docx')]),
OptString.new('FILENAME', [true, 'The Office document macro file (docm)', 'msf.docm'])
])
end
Expand Down Expand Up @@ -256,11 +256,7 @@ def macro_resource_directory
end

def get_template_path
if datastore['CUSTOMTEMPLATE']
datastore['CUSTOMTEMPLATE']
else
File.join(macro_resource_directory, 'template.docx')
end
datastore['CUSTOMTEMPLATE']
end

def exploit
Expand Down
5 changes: 2 additions & 3 deletions modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def initialize(info = {})
])

register_advanced_options([
OptString.new('PAYLOAD_NAME', [false, 'The filename for the payload executable.', nil])
OptString.new('PAYLOAD_NAME', [true, 'The filename for the payload executable.', Rex::Text.rand_text_alpha(8) + '.exe'])
])
end

Expand All @@ -59,8 +59,7 @@ def exploit
input_file = datastore['INPUT_FILE']
decoy_name = File.basename(input_file)
decoy_ext = ".#{File.extname(input_file)[1..]}"
payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha(8) + '.exe'

payload_name = datastore['PAYLOAD_NAME']
decoy_dir = File.join(temp_dir, "#{decoy_name}A")
Dir.mkdir(decoy_dir)

Expand Down
4 changes: 2 additions & 2 deletions modules/exploits/windows/fileformat/word_msdtjs_rce.rb
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def initialize(info = {})
)

register_options([
OptPath.new('CUSTOMTEMPLATE', [false, 'A DOCX file that will be used as a template to build the exploit.']),
OptPath.new('CUSTOMTEMPLATE', [true, 'A DOCX file that will be used as a template to build the exploit.', File.join(Msf::Config.data_directory, 'exploits', 'word_msdtjs.docx')]),
OptEnum.new('OUTPUT_FORMAT', [true, 'File format to use [docx, rtf].', 'docx', %w[docx rtf]]),
OptBool.new('OBFUSCATE', [true, 'Obfuscate JavaScript content.', true])
])
Expand All @@ -79,7 +79,7 @@ def get_file_in_docx(fname)
end

def get_template_path
datastore['CUSTOMTEMPLATE'] || File.join(Msf::Config.data_directory, 'exploits', 'word_msdtjs.docx')
datastore['CUSTOMTEMPLATE']
end

def generate_html
Expand Down
4 changes: 2 additions & 2 deletions modules/exploits/windows/fileformat/word_mshtml_rce.rb
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def initialize(info = {})
OptBool.new('OBFUSCATE', [true, 'Obfuscate JavaScript content.', true])
])
register_advanced_options([
OptPath.new('DocxTemplate', [ false, 'A DOCX file that will be used as a template to build the exploit.' ]),
OptPath.new('DocxTemplate', [ true, 'A DOCX file that will be used as a template to build the exploit.', File.join(Msf::Config.data_directory, 'exploits', 'CVE-2021-40444', 'cve-2021-40444.docx') ]),
])
end

Expand Down Expand Up @@ -211,7 +211,7 @@ def get_file_in_docx(fname)
end

def get_template_path
datastore['DocxTemplate'] || File.join(Msf::Config.data_directory, 'exploits', 'CVE-2021-40444', 'cve-2021-40444.docx')
datastore['DocxTemplate']
end

def inject_docx
Expand Down

0 comments on commit 847b291

Please sign in to comment.