infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made recommended changes removed short timeout added returns and other small changes

bug/bundler_fix
f8lerror 2013-01-24 17:04:22 -05:00
parent 6cdb1a80de
commit dd1ce34ecc
1 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
modules/auxiliary/scanner/http/joomla_vulnscan.rb
View File

@ -23,7 +23,7 @@ class Metasploit3 < Msf::Auxiliary
'Description' => %q{ 'Description' => %q{
This module scans a Joomla install for information, plugins and potential vulnerabilites. This module scans a Joomla install for information, plugins and potential vulnerabilites.
}, },
'Author' => [ 'f8lerror' ], 'Author' => [ 'newpid0' ],
'License' => MSF_LICENSE 'License' => MSF_LICENSE
) )
register_options( register_options(
@ -101,22 +101,23 @@ class Metasploit3 < Msf::Auxiliary
'language/en-GB/en-GB.ini','htaccess.txt', 'language/en-GB/en-GB.com_media.ini'] 'language/en-GB/en-GB.ini','htaccess.txt', 'language/en-GB/en-GB.com_media.ini']
iapps = ['robots.txt','administrator/index.php','admin/','index.php/using-joomla/extensions/components/users-component/registration-form', iapps = ['robots.txt','administrator/index.php','admin/','index.php/using-joomla/extensions/components/users-component/registration-form',
'index.php/component/users/?view=registration','htaccess.txt'] 'index.php/component/users/?view=registration','htaccess.txt']
vprint_status("#{peer} - Checking Joomla version")
apps.each do |app| apps.each do |app|
app_status = check_app(tpath, app, ip) app_status = check_app(tpath, app, ip)
return if app_status == :abort return if app_status == :abort
break if app_status break if app_status
end end
vprint_status("#{peer} - Checking host for interesting pages") vprint_status("#{peer} - Checking for interesting pages")
iapps.each do |iapp| iapps.each do |iapp|
scan_pages(tpath,iapp,ip) scan_pages(tpath,iapp,ip)
end end
if datastore['ENUMERATE'] if datastore['ENUMERATE']
vprint_status("#{peer} - Checking host for interesting plugins") vprint_status("#{peer} - Checking for interesting plugins")
bres = send_request_cgi({ bres = send_request_cgi({
'uri' => tpath, 'uri' => tpath,
'method' => 'GET', 'method' => 'GET',
}, 5) }, 5)
return false if not bres or not bres.body or not bres.code return if not bres or not bres.body or not bres.code
bres.body.gsub!(/[\r|\n]/, ' ') bres.body.gsub!(/[\r|\n]/, ' ')
File.open(datastore['PLUGINS'], 'rb').each_line do |bapp| File.open(datastore['PLUGINS'], 'rb').each_line do |bapp|
papp = bapp.chomp papp = bapp.chomp
@ -129,10 +130,9 @@ class Metasploit3 < Msf::Auxiliary
res = send_request_cgi({ res = send_request_cgi({
'uri' => "#{tpath}" << app, 'uri' => "#{tpath}" << app,
'method' => 'GET', 'method' => 'GET',
}, 5) })
return :abort if res.nil? return :abort if res.nil?
return false if not res or not res.body or not res.code return if not res or not res.body or not res.code
vprint_status("#{peer} - Checking host for version information")
res.body.gsub!(/[\r|\n]/, ' ') res.body.gsub!(/[\r|\n]/, ' ')
os = osfingerprint(res) os = osfingerprint(res)
if (res.code == 200) if (res.code == 200)
@ -151,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary
:ntype => 'Joomla Version', :ntype => 'Joomla Version',
:data => out :data => out
) )
return :next_app return true
end end
elsif(res.code == 403) elsif(res.code == 403)
if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/) if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
@ -163,25 +163,26 @@ class Metasploit3 < Msf::Auxiliary
else else
vprint_status("#{ip} denied access to #{ip} #{res.code} #{res.message}") vprint_status("#{ip} denied access to #{ip} #{res.code} #{res.message}")
end end
else
return
end end
rescue OpenSSL::SSL::SSLError rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error") vprint_error("#{peer} - SSL error")
return :abort return
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect") vprint_error("#{peer} - Unable to Connect")
return :abort return
rescue ::Timeout::Error, ::Errno::EPIPE rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error") vprint_error("#{peer} - Timeout error")
return :abort return
end end
def scan_pages(tpath, iapp, ip) def scan_pages(tpath, iapp, ip)
res = send_request_cgi({ res = send_request_cgi({
'uri' => "#{tpath}" << iapp, 'uri' => "#{tpath}" << iapp,
'method' => 'GET', 'method' => 'GET',
}, 5) })
return false if not res or not res.body or not res.code return if not res or not res.body or not res.code
res.body.gsub!(/[\r|\n]/, ' ') res.body.gsub!(/[\r|\n]/, ' ')
if (res.code == 200) if (res.code == 200)
if(res.body =~ /Administration Login/ and res.body =~ /\(\'form-login\'\)\.submit/ or res.body =~/administration console/) if(res.body =~ /Administration Login/ and res.body =~ /\(\'form-login\'\)\.submit/ or res.body =~/administration console/)
@ -213,23 +214,25 @@ class Metasploit3 < Msf::Auxiliary
else else
vprint_status("#{ip} ip access to #{ip} #{res.code} #{res.message}") vprint_status("#{ip} ip access to #{ip} #{res.code} #{res.message}")
end end
else
return
end end
rescue OpenSSL::SSL::SSLError rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error") vprint_error("#{peer} - SSL error")
return :abort return
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect") vprint_error("#{peer} - Unable to Connect")
return :abort return
rescue ::Timeout::Error, ::Errno::EPIPE rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error") vprint_error("#{peer} - Timeout error")
return :abort return
end end
def plugin_search(tpath, papp, ip, bres) def plugin_search(tpath, papp, ip, bres)
res = send_request_cgi({ res = send_request_cgi({
'uri' => "#{tpath}" << papp, 'uri' => "#{tpath}" << papp,
'method' => 'GET', 'method' => 'GET',
}, 5) })
return if not res or not res.body or not res.code return if not res or not res.body or not res.code
res.body.gsub!(/[\r|\n]/, ' ') res.body.gsub!(/[\r|\n]/, ' ')
osize = bres.body.size osize = bres.body.size
@ -279,18 +282,20 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{ip} requires a SSL client certificate") vprint_status("#{ip} requires a SSL client certificate")
else else
vprint_status("#{ip} denied access to #{ip}#{tpath}#{papp} - #{res.code} #{res.message}") vprint_status("#{ip} denied access to #{ip}#{tpath}#{papp} - #{res.code} #{res.message}")
end end
else
return
end end
rescue OpenSSL::SSL::SSLError rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error") vprint_error("#{peer} - SSL error")
return :abort return
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect") vprint_error("#{peer} - Unable to Connect")
return :abort return
rescue ::Timeout::Error, ::Errno::EPIPE rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error") vprint_error("#{peer} - Timeout error")
return :abort return
end end