Added module to test for file copies
git-svn-id: file:///home/svn/framework3/trunk@5975 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
9bb814a9d1
commit
c92a64e687
|
@ -0,0 +1,86 @@
|
|||
##
|
||||
# $Id: wmap_backup_file.rb 5869 2008-11-10 04:38:05Z et $
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/projects/Framework/
|
||||
##
|
||||
|
||||
require 'rex/proto/http'
|
||||
require 'msf/core'
|
||||
|
||||
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::WMAPScanFile
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'HTTP Copy File Scanner',
|
||||
'Description' => %q{
|
||||
This module identifies the existence of possible copies
|
||||
of a specific file in a given path.
|
||||
},
|
||||
'Author' => [ 'et [at] cyberspace.org' ],
|
||||
'License' => BSD_LICENSE,
|
||||
'Version' => '$Revision: 5869 $'))
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PATH', [ true, "The path/file to identify copies", '/index.asp'])
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
prestr = [
|
||||
'Copy of ',
|
||||
'Copy',
|
||||
'_'
|
||||
]
|
||||
|
||||
tpathf = datastore['PATH']
|
||||
testf = tpathf.split('/').last
|
||||
|
||||
prestr.each do |pre|
|
||||
filec = tpathf.sub(testf,pre + testf)
|
||||
check_for_file(filec)
|
||||
end
|
||||
end
|
||||
|
||||
def check_for_file(file)
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => file,
|
||||
'method' => 'GET',
|
||||
'ctype' => 'text/plain'
|
||||
}, 20)
|
||||
|
||||
if (res and res.code >= 200 and res.code < 300)
|
||||
print_status("Found http://#{target_host}:#{datastore['RPORT']}#{file}")
|
||||
|
||||
rep_id = wmap_base_report_id(
|
||||
wmap_target_host,
|
||||
wmap_target_port,
|
||||
wmap_target_ssl
|
||||
)
|
||||
wmap_report(rep_id,'VULNERABILITY','COPY_FILE',"#{file}","A copy of file was found.")
|
||||
else
|
||||
print_status("NOT Found http://#{target_host}:#{datastore['RPORT']}#{file}")
|
||||
#To be removed or just displayed with verbose debugging.
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
|
@ -117,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}, 20)
|
||||
|
||||
|
||||
if(not res or (res.code.to_i == ecode) or (emesg and res.body.index(emesg)))
|
||||
if(not res or ((res.code.to_i == ecode) or (emesg and res.body.index(emesg))))
|
||||
print_status("NOT Found #{prot}://#{vhost}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code} (#{target_host})")
|
||||
else
|
||||
print_status("Found #{prot}://#{vhost}:#{datastore['RPORT']}#{tpath}#{testfdir} #{res.code} (#{target_host})")
|
||||
|
|
Loading…
Reference in New Issue