I installed the following via the ports tree:
- devel/subversion
- devel/ruby-gems
- databases/rubygem-activerecord
- lang/ruby18
Then I extracted the framework-3.0.tar.gz I downloaded to /usr/local/src.
When I tried to run msfweb, I got this error:
Cannot find gem for Rails ~> 1.2.2.0:
Install the missing gem with “gem install - v=1.2.2 rails”,
or change environment.rb to define RAILS_GEM_VERSION with
your desired version.
Hmm. First I decided I needed to install www/rubygem-rails, which I did. Next I looked in framework-3.0/data/msfweb/config and found environment.rb, with these lines which I added to specify 1.2.3 instead of 1.2.2:
# Specifies gem version of Rails to use when vendor/rails is not present
#RAILS_GEM_VERSION = '1.2.2' unless defined? RAILS_GEM_VERSION
RAILS_GEM_VERSION = '1.2.3' unless defined? RAILS_GEM_VERSION
Next I started msfweb and told it to bind to an IP I could reach.
neely-bsd:/usr/local/src/framework-3.0# ruby ./msfweb -a 192.168.2.9
[*] Starting msfweb v3.0 on http://192.168.2.9:55555/
=> Booting WEBrick...
=> Rails application started on http://192.168.2.9:55555
=> Ctrl-C to shutdown server; call with --help for options
When I connected to the specified IP and port with a Web browser, I was able to exploit a demo Windows target without issue. The new interface is slick. It looks like most of the evasion options are for layer 4 and higher.
0 komentar:
Posting Komentar