infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make status code checking configurable

bug/bundler_fix
Jon Hart 2015-01-15 12:22:16 -08:00
parent 4641b02646
commit 3489ea540e
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb
View File

@ -40,6 +40,12 @@ class Metasploit4 < Msf::Auxiliary
OptString.new('TARGETURI', [true, 'URI to test', '/'])
], Exploit::Remote::HttpClient
)
register_advanced_options(
[
OptString.new('STATUS_CODES_REGEX', [true, 'Ensure that canary pages and probe responses have status codes that match this regex', '^4\d{3}$'])
], self.class
)
end
def check_host(_ip)
@ -62,6 +68,10 @@ class Metasploit4 < Msf::Auxiliary
end
end
def setup
@status_codes_regex = Regexp.new(datastore['STATUS_CODES_REGEX'])
end
# Fingerprints the provided HTTP response and returns
# Exploit::CheckCode::Appears if it is a vulnerable version of RomPager,
# otherwise returns the provided fall-back status.
@ -86,9 +96,9 @@ class Metasploit4 < Msf::Auxiliary
'headers' => headers
)
# in most cases, the canary URI will not exist and will return a 404, but
# if everything under TARGETURI is protected by auth, that may be fine
# too
return canary if res && (res.code == 401 || res.code == 404)
# if everything under TARGETURI is protected by auth, a 401 may be OK too.
# but, regardless, respect the configuration set for this module
return canary if res && res.code.to_s =~ @status_codes_regex
end
nil
end
@ -107,7 +117,7 @@ class Metasploit4 < Msf::Auxiliary
# overwrote RomPager's concept of the requested URI, indicating that it is
# vulnerable.
def test_misfortune
# find a usable canary URI (one that returns a 404 already)
# find a usable canary URI (one that returns an acceptable status code already)
unless (canary_value = find_canary)
vprint_error("#{peer} Unable to find a suitable canary URI")
return Exploit::CheckCode::Unknown
@ -129,7 +139,7 @@ class Metasploit4 < Msf::Auxiliary
return Exploit::CheckCode::Unknown
end
unless res.code == 404
unless res.code.to_s =~ @status_codes_regex
vprint_status("#{full_uri} unexpected HTTP code #{res.code} response")
return check_response_fingerprint(res, Exploit::CheckCode::Detected)
end