infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make msftidy happy

unstable
m-1-k-3 2013-04-03 10:34:28 +02:00
parent 91b0e5f800
commit 2ceecabede
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb
View File

@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Name' => 'Netgear DGN2200B Command Execution - Upload and Execute',
'Description' => %q{
Some Netgear Routers are vulnerable to an authenticated OS command injection.
Default credentials for the web interface are admin/admin or admin/password.
Default credentials for the web interface are admin/admin or admin/password.
Since it is a blind os command injection vulnerability, there is no output for the
executed command when using the cmd generic payload. A ping command against a
controlled system could be used for testing purposes.
@ -140,7 +140,6 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'GET',
'authorization' => basic_auth(user,pass)
})
puts res.code
if res.nil? or res.code == 404
fail_with(Exploit::Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
end
@ -185,7 +184,7 @@ class Metasploit3 < Msf::Exploit::Remote
datastore['SSL'] = false
end
#we use SRVHOST as download IP for the coming wget command.
#we use SRVHOST as download IP for the coming wget command.
#SRVHOST needs a real IP address of our download host
if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::")
srv_host = Rex::Socket.source_address(rhost)