infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nokogiri::XML::Builder instead

bug/bundler_fix
Jon Hart 2015-09-16 19:53:33 -07:00
parent 9a2696aed4
commit 0113cbd353
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 28 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
modules/auxiliary/admin/upnp/soap_portmapping.rb
View File

@ -5,6 +5,7 @@
## ##
require 'msf/core' require 'msf/core'
require 'nokogiri'
class Metasploit3 < Msf::Auxiliary class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
@ -80,35 +81,39 @@ class Metasploit3 < Msf::Auxiliary
@soap_action ||= action.opts['SOAP_ACTION'] @soap_action ||= action.opts['SOAP_ACTION']
end end
def run def build_soap
content = "<?xml version=\"1.0\"?>" builder = ::Nokogiri::XML::Builder.new do |xml|
content << "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">" xml['SOAP-ENV'].Envelope("xmlns:SOAP-ENV" => 'http://schemas.xmlsoap.org/soap/envelope', 'SOAP-ENV:encodingStyle' => 'http://schemas.xmlsoap.org/soap/encoding/') do
content << "<SOAP-ENV:Body>" xml['SOAP-ENV'].Body do
content << "<m:#{soap_action} xmlns:m=\"urn:schemas-upnp-org:service:WANIPConnection:1\">" xml['m'].send(soap_action, 'xmlns:m' => 'urn:schemas-upnp-org:service:WANIPConnection:1') do
case action.name case action.name
when 'ADD' when 'ADD'
content << "<NewPortMappingDescription>#{Rex::Text.rand_text_alpha(8)}</NewPortMappingDescription>" xml.NewPortMappingDescription(Rex::Text.rand_text_alpha(8)) { xml.parent.namespace = nil }
content << "<NewLeaseDuration>#{lease_duration}</NewLeaseDuration>" xml.NewLeaseDuration(lease_duration) { xml.parent.namespace = nil }
content << "<NewInternalClient>#{internal_client}</NewInternalClient>" xml.NewInternalClient(internal_client) { xml.parent.namespace = nil }
content << "<NewEnabled>1</NewEnabled>" xml.NewEnabled(1) { xml.parent.namespace = nil }
content << "<NewExternalPort>#{external_port}</NewExternalPort>" xml.NewExternalPort(external_port) { xml.parent.namespace = nil }
content << "<NewRemoteHost>#{external_client}</NewRemoteHost>" xml.NewRemoteHost(external_client) { xml.parent.namespace = nil }
content << "<NewProtocol>#{protocol}</NewProtocol>" xml.NewProtocol(protocol) { xml.parent.namespace = nil }
content << "<NewInternalPort>#{internal_port}</NewInternalPort>" xml.NewInternalPort(internal_port) { xml.parent.namespace = nil }
when 'DELETE' when 'DELETE'
content << "<NewExternalPort>#{external_port}</NewExternalPort>" xml.NewExternalPort(external_port) { xml.parent.namespace = nil }
content << "<NewRemoteHost>#{external_client}</NewRemoteHost>" xml.NewRemoteHost(external_client) { xml.parent.namespace = nil }
content << "<NewProtocol>#{protocol}</NewProtocol>" xml.NewProtocol(protocol) { xml.parent.namespace = nil }
end
end
end
end
end end
content << "</m:#{soap_action}>" builder.to_xml
content << "</SOAP-ENV:Body>" end
content << "</SOAP-ENV:Envelope>"
def run
res = send_request_cgi( res = send_request_cgi(
'uri' => normalize_uri(target_uri.path), 'uri' => normalize_uri(target_uri.path),
'method' => 'POST', 'method' => 'POST',
'content-type' => 'text/xml;charset="utf-8"', 'content-type' => 'text/xml;charset="utf-8"',
'data' => content, 'data' => build_soap,
'headers' => { 'headers' => {
'SoapAction' => "urn:schemas-upnp-org:service:WANIPConnection:1##{soap_action}" 'SoapAction' => "urn:schemas-upnp-org:service:WANIPConnection:1##{soap_action}"
} }