From 646f7835a3b4245e78cf467582951e64ccd3ae28 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 21 Jan 2014 17:14:55 -0600 Subject: [PATCH] Saving progress --- modules/exploits/linux/http/wanem_exec.rb | 4 ++-- .../linux/http/webcalendar_settings_exec.rb | 4 ++-- modules/exploits/linux/http/zabbix_sqli.rb | 6 +++--- .../linux/http/zen_load_balancer_exec.rb | 10 +++++----- .../http/zenoss_showdaemonxmlconfig_exec.rb | 8 ++++---- modules/exploits/linux/imap/imap_uw_lsub.rb | 4 ++-- .../linux/local/sophos_wpa_clear_keys.rb | 2 +- modules/exploits/linux/local/zpanel_zsudo.rb | 2 +- .../exploits/linux/misc/hp_vsa_login_bof.rb | 2 +- .../linux/misc/nagios_nrpe_arguments.rb | 4 ++-- modules/exploits/linux/misc/sercomm_exec.rb | 6 +++--- .../exploits/linux/misc/zabbix_server_exec.rb | 8 ++++---- .../linux/samba/setinfopolicy_heap.rb | 2 +- .../multi/ftp/wuftpd_site_exec_format.rb | 2 +- .../multi/http/apprain_upload_exec.rb | 2 +- .../multi/http/auxilium_upload_exec.rb | 2 +- .../exploits/multi/http/cisco_dcnm_upload.rb | 20 +++++++++---------- modules/exploits/multi/http/coldfusion_rds.rb | 4 ++-- 18 files changed, 46 insertions(+), 46 deletions(-) diff --git a/modules/exploits/linux/http/wanem_exec.rb b/modules/exploits/linux/http/wanem_exec.rb index 1a64359162..e50c966fed 100644 --- a/modules/exploits/linux/http/wanem_exec.rb +++ b/modules/exploits/linux/http/wanem_exec.rb @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote data = "pc=127.0.0.1; " data << Rex::Text.uri_encode("echo #{fingerprint}") data << "%26" - print_status("#{peer} - Sending check") + vprint_status("#{peer} - Sending check") begin res = send_request_cgi({ @@ -78,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => data }, 25) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + vprint_error("#{peer} - Connection failed") return Exploit::CheckCode::Unknown end diff --git a/modules/exploits/linux/http/webcalendar_settings_exec.rb b/modules/exploits/linux/http/webcalendar_settings_exec.rb index c0665dd1a1..2fe8f0116e 100644 --- a/modules/exploits/linux/http/webcalendar_settings_exec.rb +++ b/modules/exploits/linux/http/webcalendar_settings_exec.rb @@ -60,8 +60,8 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => "#{uri}/login.php" }) - if res and res.body =~ /WebCalendar v1.2.\d/ - return Exploit::CheckCode::Vulnerable + if res and res.body =~ /WebCalendar v1\.2\.\d/ + return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe end diff --git a/modules/exploits/linux/http/zabbix_sqli.rb b/modules/exploits/linux/http/zabbix_sqli.rb index 2d7a564c1d..ca19fb5a97 100644 --- a/modules/exploits/linux/http/zabbix_sqli.rb +++ b/modules/exploits/linux/http/zabbix_sqli.rb @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - print_status("#{peer} - Trying to detect installed version") + vprint_status("#{peer} - Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -72,10 +72,10 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/ and res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/ version = $1 - print_status("#{peer} - Zabbix version #{version} detected") + vprint_status("#{peer} - Zabbix version #{version} detected") else # If this fails, guest access may not be enabled - print_status("#{peer} - Unable to access httpmon.php") + vprint_status("#{peer} - Unable to access httpmon.php") return Exploit::CheckCode::Unknown end diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb index fe82b999be..96e02f8cbf 100644 --- a/modules/exploits/linux/http/zen_load_balancer_exec.rb +++ b/modules/exploits/linux/http/zen_load_balancer_exec.rb @@ -66,23 +66,23 @@ class Metasploit3 < Msf::Exploit::Remote def check # retrieve software version from config file - print_status("#{peer} - Sending check") + vprint_status("#{peer} - Sending check") begin res = send_request_cgi({ 'uri' => '/config/global.conf' }) - if res and res.code == 200 and res.body =~ /#version ZEN\s+\$version=\"(2|3\.0\-rc1)/ + if res and res.code == 200 and res.body =~ /#version ZEN\s+\$version=\"(2|3\.0\-rc1)/ return Exploit::CheckCode::Appears elsif res and res.code == 200 and res.body =~ /zenloadbalancer/ return Exploit::CheckCode::Detected end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + vprint_error("#{peer} - Connection failed") + return Exploit::CheckCode::Unknown end - return Exploit::CheckCode::Unknown - + return Exploit::CheckCode::Safe end def exploit diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb index 361d8d9ec4..a0103295ed 100644 --- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb +++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb @@ -69,14 +69,14 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => "GET", 'uri' => "/zport/acl_users/cookieAuthHelper/login_form" }) - return Exploit::CheckCode::Vulnerable if res.body =~ /

Copyright © 2005-20[\d]{2} Zenoss, Inc\. \| Version\s+3\./ + return Exploit::CheckCode::Appears if res.body =~ /

Copyright © 2005-20[\d]{2} Zenoss, Inc\. \| Version\s+3\./ return Exploit::CheckCode::Detected if res.body =~ // return Exploit::CheckCode::Safe rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp - print_error("#{peer} - Connection failed") + vprint_error("#{peer} - Connection failed") + return Exploit::CheckCode::Unknown end - return Exploit::CheckCode::Unknown - + return Exploit::CheckCode::Save end def exploit diff --git a/modules/exploits/linux/imap/imap_uw_lsub.rb b/modules/exploits/linux/imap/imap_uw_lsub.rb index 58b8b6bda2..54902a92d6 100644 --- a/modules/exploits/linux/imap/imap_uw_lsub.rb +++ b/modules/exploits/linux/imap/imap_uw_lsub.rb @@ -61,8 +61,8 @@ class Metasploit3 < Msf::Exploit::Remote connect disconnect - if (banner =~ /IMAP4rev1 v12.264/) - return Exploit::CheckCode::Vulnerable + if (banner =~ /IMAP4rev1 v12\.264/) + return Exploit::CheckCode::Appears end return Exploit::CheckCode::Safe diff --git a/modules/exploits/linux/local/sophos_wpa_clear_keys.rb b/modules/exploits/linux/local/sophos_wpa_clear_keys.rb index c73a8a4f4d..8c55d1c094 100644 --- a/modules/exploits/linux/local/sophos_wpa_clear_keys.rb +++ b/modules/exploits/linux/local/sophos_wpa_clear_keys.rb @@ -62,7 +62,7 @@ class Metasploit4 < Msf::Exploit::Local return CheckCode::Detected end - return CheckCode::Unknown + return CheckCode::Safe end def exploit diff --git a/modules/exploits/linux/local/zpanel_zsudo.rb b/modules/exploits/linux/local/zpanel_zsudo.rb index 36032a4178..f5e2792116 100644 --- a/modules/exploits/linux/local/zpanel_zsudo.rb +++ b/modules/exploits/linux/local/zpanel_zsudo.rb @@ -51,7 +51,7 @@ class Metasploit4 < Msf::Exploit::Local return CheckCode::Detected end - return CheckCode::Unknown + return CheckCode::Safe end def exploit diff --git a/modules/exploits/linux/misc/hp_vsa_login_bof.rb b/modules/exploits/linux/misc/hp_vsa_login_bof.rb index adbecb1bbd..811509ba1e 100644 --- a/modules/exploits/linux/misc/hp_vsa_login_bof.rb +++ b/modules/exploits/linux/misc/hp_vsa_login_bof.rb @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote def check connect packet = generate_packet("login:/global$agent/L0CAlu53R/Version \"#{target['Version']}\"") - print_status("#{rhost}:#{rport} Sending login packet to check...") + vprint_status("#{rhost}:#{rport} Sending login packet to check...") sock.put(packet) res = sock.get_once disconnect diff --git a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb index f96767e3bd..814fded403 100644 --- a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb +++ b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote end def check - print_status("Checking if remote NRPE supports command line arguments") + vprint_status("Checking if remote NRPE supports command line arguments") begin # send query asking to run "fake_check" command with command substitution in arguments @@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Safe rescue Errno::ECONNRESET => reset unless datastore['NRPESSL'] or @force_ssl - print_status("Retrying with ADH SSL") + vprint_status("Retrying with ADH SSL") @force_ssl = true retry end diff --git a/modules/exploits/linux/misc/sercomm_exec.rb b/modules/exploits/linux/misc/sercomm_exec.rb index 17a91d77df..fdfd12d2c7 100644 --- a/modules/exploits/linux/misc/sercomm_exec.rb +++ b/modules/exploits/linux/misc/sercomm_exec.rb @@ -141,14 +141,14 @@ class Metasploit3 < Msf::Exploit::Remote case fprint when 'BE' - print_status("Detected Big Endian") + vprint_status("Detected Big Endian") return Msf::Exploit::CheckCode::Vulnerable when 'LE' - print_status("Detected Little Endian") + vprint_status("Detected Little Endian") return Msf::Exploit::CheckCode::Vulnerable end - return Msf::Exploit::CheckCode::Unknown + return Msf::Exploit::CheckCode::Safe end def exploit diff --git a/modules/exploits/linux/misc/zabbix_server_exec.rb b/modules/exploits/linux/misc/zabbix_server_exec.rb index 384e496d42..95cc260886 100644 --- a/modules/exploits/linux/misc/zabbix_server_exec.rb +++ b/modules/exploits/linux/misc/zabbix_server_exec.rb @@ -82,17 +82,17 @@ class Metasploit3 < Msf::Exploit::Remote cmd = "echo #{clue}" connect - print_status("#{peer} - Sending 'Command' request...") + vprint_status("#{peer} - Sending 'Command' request...") res = send_command(sock, node_id, cmd) disconnect if res - print_status(res) + vprint_status(res) if res =~ /#{clue}/ return Exploit::CheckCode::Vulnerable elsif res =~ /-1/ and res=~ /NODE (\d*)/ node_id = $1 - print_good("#{peer} - Node ID #{node_id} discovered") + vprint_good("#{peer} - Node ID #{node_id} discovered") else return Exploit::CheckCode::Safe end @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote # Retry with the good node_id connect - print_status("#{peer} - Sending 'Command' request with discovered Node ID...") + vprint_status("#{peer} - Sending 'Command' request with discovered Node ID...") res = send_command(sock, node_id, cmd) disconnect if res and res =~ /#{clue}/ diff --git a/modules/exploits/linux/samba/setinfopolicy_heap.rb b/modules/exploits/linux/samba/setinfopolicy_heap.rb index eb465fbe83..66c7d88f19 100644 --- a/modules/exploits/linux/samba/setinfopolicy_heap.rb +++ b/modules/exploits/linux/samba/setinfopolicy_heap.rb @@ -282,7 +282,7 @@ class Metasploit3 < Msf::Exploit::Remote version = smb_peer_lm().scan(/Samba (\d\.\d.\d*)/).flatten[0] minor = version.scan(/\.(\d*)$/).flatten[0].to_i - print_status("Version found: #{version}") + vprint_status("Version found: #{version}") return Exploit::CheckCode::Appears if version =~ /^3\.4/ and minor < 16 return Exploit::CheckCode::Appears if version =~ /^3\.5/ and minor < 14 diff --git a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb index e37e619ff1..1ede0f8401 100644 --- a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb +++ b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote ret = connect_login # We just want the banner to check against our targets.. - print_status("FTP Banner: #{banner.strip}") + vprint_status("FTP Banner: #{banner.strip}") status = Exploit::CheckCode::Safe if banner =~ /Version wu-2\.(4|5)/ status = Exploit::CheckCode::Appears diff --git a/modules/exploits/multi/http/apprain_upload_exec.rb b/modules/exploits/multi/http/apprain_upload_exec.rb index 17e624a4f4..8c4c848762 100644 --- a/modules/exploits/multi/http/apprain_upload_exec.rb +++ b/modules/exploits/multi/http/apprain_upload_exec.rb @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.empty? - return Exploit::CheckCode::Detected + return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe end diff --git a/modules/exploits/multi/http/auxilium_upload_exec.rb b/modules/exploits/multi/http/auxilium_upload_exec.rb index 8fd8f46545..cea0579de2 100644 --- a/modules/exploits/multi/http/auxilium_upload_exec.rb +++ b/modules/exploits/multi/http/auxilium_upload_exec.rb @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => normalize_uri("#{base}/admin/sitebanners/upload_banners.php") }) if res and res.body =~ /\Pet Rate Admin \- Banner Manager\<\/title\>/ - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Detected else return Exploit::CheckCode::Safe end diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb index 38ad1d8c45..c68da26ec9 100644 --- a/modules/exploits/multi/http/cisco_dcnm_upload.rb +++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb @@ -88,6 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote }) unless res + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end @@ -95,19 +96,18 @@ class Metasploit3 < Msf::Exploit::Remote res.body.to_s =~ /Data Center Network Manager/ and res.body.to_s =~ /

Version: (.*)<\/div>/ version = $1 - print_status("Cisco Primer Data Center Network Manager version #{version} found") - elsif res.code == 200 and - res.body.to_s =~ /Data Center Network Manager/ + vprint_status("Cisco Primer Data Center Network Manager version #{version} found") + if version =~ /6\.1/ + return Exploit::CheckCode::Appears + else + return Exploit::CheckCode::Detected + end + + elsif res.code == 200 and res.body.to_s =~ /Data Center Network Manager/ return Exploit::CheckCode::Detected - else - return Exploit::CheckCode::Safe end - if version =~ /6\.1/ - return Exploit::CheckCode::Vulnerable - end - - return Exploit::CheckCode::Safe + Exploit::CheckCode::Safe end def exploit diff --git a/modules/exploits/multi/http/coldfusion_rds.rb b/modules/exploits/multi/http/coldfusion_rds.rb index f4fe327e7b..c9f935683a 100644 --- a/modules/exploits/multi/http/coldfusion_rds.rb +++ b/modules/exploits/multi/http/coldfusion_rds.rb @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.to_s =~ /ColdFusion Administrator Login/ - print_good "#{peer} - Administrator access available" + vprint_good "#{peer} - Administrator access available" else return Exploit::CheckCode::Safe end @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote imghash = "596b3fc4f1a0b818979db1cf94a82220" if img == imghash - print_good "#{peer} - ColdFusion 9 Detected" + vprint_good "#{peer} - ColdFusion 9 Detected" else return Exploit::CheckCode::Safe end