Improved check method.

master
Imran E. Dawoodjee 2018-12-07 17:21:38 +08:00
parent 92c56472ba
commit 0573caafc3
No known key found for this signature in database
GPG Key ID: C624AF1BC0AFB44B
1 changed files with 10 additions and 7 deletions

View File

@ -24,7 +24,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Author' => 'Author' =>
[ [
'Nicholas Nam <nick[at]executionflow.org>', 'Nicholas Nam <nick[at]executionflow.org>',
'Imran E. Dawoodjee <imrandawoodjee.infosec[at]gmail.com> (minor improvements)' 'Imran E. Dawoodjee <imrandawoodjee.infosec[at]gmail.com>' # minor improvements
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>
@ -46,8 +46,7 @@ class MetasploitModule < Msf::Exploit::Remote
[ [
Opt::RPORT(5466), Opt::RPORT(5466),
OptString.new('USERNAME', [true, 'Admin username', '']), OptString.new('USERNAME', [true, 'Admin username', '']),
OptString.new('PASSWORD', [true, 'Admin password', '']), OptString.new('PASSWORD', [true, 'Admin password', ''])
OptString.new('UIDADMIN', [false, 'Session cookie', ''])
], self.class ], self.class
) )
deregister_options('CMDSTAGER::FLAVOR') deregister_options('CMDSTAGER::FLAVOR')
@ -64,11 +63,15 @@ class MetasploitModule < Msf::Exploit::Remote
if ver.code != 200 if ver.code != 200
fail_with(Failure::NotFound, "#{peer} - License page was not found.") fail_with(Failure::NotFound, "#{peer} - License page was not found.")
elsif ver.get_html_document.at('span').to_s.include? "Wing FTP Server 4.3.8" elsif ver.get_html_document.text.to_s.include? "Wing FTP Server"
version = ver.get_html_document.at('span').text.to_s
if version[/([0-4]\.[0-3]\.[0-8])/]
print_good("Detected version: #{version}")
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
end end
Exploit::CheckCode::Safe return Exploit::CheckCode::Safe
end
end end
def exploit def exploit