jvazquez-r7
commit
c3f5f5f9de
|
|
@ -30,9 +30,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
work against ColdFusion 9. Adobe did not release patches for ColdFusion 6.1 or
|
work against ColdFusion 9. Adobe did not release patches for ColdFusion 6.1 or
|
||||||
ColdFusion 7.
|
ColdFusion 7.
|
||||||
|
|
||||||
It is not recommended to set FILE when doing scans across a group of servers where the OS
|
It is not recommended to set FILE when doing scans across a group of servers where the OS
|
||||||
may vary; otherwise, the file requested may not make sense for the OS
|
may vary; otherwise, the file requested may not make sense for the OS
|
||||||
|
|
||||||
},
|
},
|
||||||
'Author' => [ 'CG', 'nebulus' ],
|
'Author' => [ 'CG', 'nebulus' ],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
|
|
@ -121,7 +121,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
if (res.code.to_i == 200)
|
if (res.code.to_i == 200)
|
||||||
out = fingerprint(res)
|
out = fingerprint(res)
|
||||||
print_status("#{ip} #{out}") if out
|
print_status("#{ip} #{out}") if out
|
||||||
return if (datastore['FINGERPRINT'])
|
return if (datastore['FINGERPRINT'])
|
||||||
|
|
||||||
if(out =~ /Windows/ and out =~ /MX6/)
|
if(out =~ /Windows/ and out =~ /MX6/)
|
||||||
|
|
|
||||||
|
|
@ -446,7 +446,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
# Now that we've got all of our exploit tests put together,
|
# Now that we've got all of our exploit tests put together,
|
||||||
# organize them into an all tests (JS and no-JS), organized by rank,
|
# organize them into an all tests (JS and no-JS), organized by rank,
|
||||||
# and doesnt-require-scripting (no-JS), organized by browser name.
|
# and doesnt-require-scripting (no-JS), organized by browser name.
|
||||||
if apo[:javascript] && apo[:ua_name]
|
if apo[:javascript] && apo[:ua_name]
|
||||||
@all_tests[apo[:rank]] ||= []
|
@all_tests[apo[:rank]] ||= []
|
||||||
|
|
@ -507,7 +507,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
# Sort the tests by reliability, descending.
|
# Sort the tests by reliability, descending.
|
||||||
# I don't like doing this directly (wihout a !), but any other sort wasn't sticking - NE
|
# I don't like doing this directly (wihout a !), but any other sort wasn't sticking - NE
|
||||||
@all_tests = @all_tests.sort.reverse
|
@all_tests = @all_tests.sort.reverse
|
||||||
|
|
||||||
# This matters a lot less for noscript exploits since they basically
|
# This matters a lot less for noscript exploits since they basically
|
||||||
# get thrown into a big pile of iframes that the browser will load
|
# get thrown into a big pile of iframes that the browser will load
|
||||||
# semi-concurrently. Still, might as well.
|
# semi-concurrently. Still, might as well.
|
||||||
|
|
@ -748,12 +748,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
# if we have no client_info, this will add all tests. Otherwise tries
|
# if we have no client_info, this will add all tests. Otherwise tries
|
||||||
# to only send tests for exploits that target the client's detected
|
# to only send tests for exploits that target the client's detected
|
||||||
# browser.
|
# browser.
|
||||||
|
|
||||||
@all_tests.each { |rank, sploits|
|
@all_tests.each { |rank, sploits|
|
||||||
sploits.each { |s|
|
sploits.each { |s|
|
||||||
browser = s[:ua_name] || "generic"
|
browser = s[:ua_name] || "generic"
|
||||||
next unless client_matches_browser(client_info, browser)
|
next unless client_matches_browser(client_info, browser)
|
||||||
|
|
||||||
# Send all the generics regardless of what the client is. If the
|
# Send all the generics regardless of what the client is. If the
|
||||||
# client is nil, then we don't know what it really is, so just err
|
# client is nil, then we don't know what it really is, so just err
|
||||||
# on the side of shells and send everything. Otherwise, send only
|
# on the side of shells and send everything. Otherwise, send only
|
||||||
|
|
@ -769,7 +769,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
# shouldn't be any in the resource, but just in case...
|
# shouldn't be any in the resource, but just in case...
|
||||||
res = exploit_resource(s[:name]).gsub("\n",'').gsub("'", "\\\\'")
|
res = exploit_resource(s[:name]).gsub("\n",'').gsub("'", "\\\\'")
|
||||||
|
|
||||||
# Skip exploits that don't match the client's OS.
|
# Skip exploits that don't match the client's OS.
|
||||||
if (host_info and host_info[:os_name] and s[:os_name])
|
if (host_info and host_info[:os_name] and s[:os_name])
|
||||||
# Reject exploits whose OS doesn't match that of the
|
# Reject exploits whose OS doesn't match that of the
|
||||||
|
|
|
||||||
|
|
@ -176,7 +176,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
#
|
#
|
||||||
# "/test.mp4" is currently hard-coded in the swf file, so we need to add to resource
|
# "/test.mp4" is currently hard-coded in the swf file, so we need to add to resource
|
||||||
#
|
#
|
||||||
proc = Proc.new do |cli, req|
|
proc = Proc.new do |cli, req|
|
||||||
self.add_resource({'Path' => "/test.mp4", 'Proc' => proc}) rescue nil
|
self.add_resource({'Path' => "/test.mp4", 'Proc' => proc}) rescue nil
|
||||||
on_request_uri(cli, req)
|
on_request_uri(cli, req)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue