infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

normalize URIs

bug/bundler_fix
wchen-r7 2016-01-22 11:27:26 -06:00
parent 475d8c2829
commit 91db2597c7
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/auxiliary/scanner/http/jenkins_command.rb
View File

@ -22,12 +22,13 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' =>
[
'altonjx',
'Jeffrey Cap'
'altonjx',
'Jeffrey Cap'
],
'References' => [
['URL', 'https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/'],
['URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console'],
'References' =>
[
['URL', 'https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/'],
['URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console'],
],
'License' => MSF_LICENSE
))
@ -40,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
end
def fingerprint_os(ip)
res = send_request_cgi({'uri' => "#{target_uri.path}systemInfo"})
res = send_request_cgi({'uri' => normalize_uri(target_uri.path,"systemInfo")})
# Verify that we received a proper systemInfo response
unless res && res.body.to_s.length > 0
@ -80,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary
prefix = host_info[:prefix]
request_parameters = {
'uri' => "#{target_uri.path}script",
'uri' => normalize_uri(target_uri.path,"script"),
'method' => 'POST',
'ctype' => 'application/x-www-form-urlencoded',
'vars_post' =>