From df4b832019d88c3ab4ac8209fe5072f56df03ad0 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Tue, 13 May 2014 22:56:12 +0200 Subject: [PATCH] Resolved some more Set-Cookie warnings --- modules/auxiliary/scanner/http/dolibarr_login.rb | 4 ++-- modules/auxiliary/scanner/http/glassfish_login.rb | 4 ++-- modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb | 6 +++--- modules/auxiliary/scanner/http/owa_login.rb | 7 ++++--- modules/auxiliary/scanner/http/sentry_cdu_enum.rb | 2 +- modules/auxiliary/scanner/http/sevone_enum.rb | 2 +- .../scanner/http/smt_ipmi_url_redirect_traversal.rb | 2 +- modules/auxiliary/scanner/http/splunk_web_login.rb | 4 ++-- .../auxiliary/scanner/http/symantec_brightmail_logfile.rb | 6 +++--- modules/auxiliary/scanner/http/tomcat_enum.rb | 2 +- modules/auxiliary/scanner/http/vcms_login.rb | 2 +- modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb | 6 +++--- modules/auxiliary/scanner/lotus/lotus_domino_login.rb | 4 ++-- modules/auxiliary/scanner/msf/msf_web_login.rb | 4 ++-- .../auxiliary/scanner/vmware/vmware_screenshot_stealer.rb | 4 ++-- modules/exploits/linux/http/dolibarr_cmd_exec.rb | 4 ++-- .../linux/http/foreman_openstack_satellite_code_exec.rb | 2 +- modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb | 2 +- modules/exploits/linux/http/mutiny_frontend_upload.rb | 4 ++-- modules/exploits/linux/http/pineapp_test_li_conn_exec.rb | 2 +- modules/exploits/multi/http/activecollab_chat.rb | 2 +- modules/exploits/multi/http/axis2_deployer.rb | 4 ++-- modules/exploits/multi/http/glassfish_deployer.rb | 6 +++--- modules/exploits/multi/http/glossword_upload_exec.rb | 4 ++-- .../exploits/multi/http/hp_sitescope_uploadfileshandler.rb | 4 ++-- modules/exploits/multi/http/hp_sys_mgmt_exec.rb | 2 +- modules/exploits/multi/http/jenkins_script_console.rb | 2 +- modules/exploits/multi/http/mutiny_subnetmask_exec.rb | 2 +- modules/exploits/multi/http/php_volunteer_upload_exec.rb | 2 +- modules/exploits/multi/http/phpldapadmin_query_engine.rb | 4 ++-- modules/exploits/multi/http/qdpm_upload_exec.rb | 2 +- .../exploits/multi/http/rails_secret_deserialization.rb | 4 ++-- modules/exploits/multi/http/sflog_upload_exec.rb | 4 ++-- modules/exploits/multi/http/sit_file_upload.rb | 2 +- modules/exploits/multi/http/splunk_mappy_exec.rb | 6 +++--- modules/exploits/multi/http/splunk_upload_app_exec.rb | 4 ++-- 36 files changed, 64 insertions(+), 63 deletions(-) diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb index 6463d9af62..58ab1e19d5 100644 --- a/modules/auxiliary/scanner/http/dolibarr_login.rb +++ b/modules/auxiliary/scanner/http/dolibarr_login.rb @@ -42,10 +42,10 @@ class Metasploit3 < Msf::Auxiliary 'uri' => normalize_uri(@uri.path) }) - return [nil, nil] if not (res and res.headers['Set-Cookie']) + return [nil, nil] if res.nil? || res.get_cookies.empty? # Get the session ID from the cookie - m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/) + m = get_cookies.match(/(DOLSESSID_.+);/) id = (m.nil?) ? nil : m[1] # Get the token from the decompressed HTTP body response diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb index aa2dab6a0b..7801400f3e 100644 --- a/modules/auxiliary/scanner/http/glassfish_login.rb +++ b/modules/auxiliary/scanner/http/glassfish_login.rb @@ -167,7 +167,7 @@ class Metasploit3 < Msf::Auxiliary print_status("Trying credential GlassFish 2.x #{user}:'#{pass}'....") res = try_login(user,pass) if res and res.code == 302 - session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) + session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i res = send_request('/applications/upload.jsf', 'GET', session) p = /Deploy Enterprise Applications\/Modules/ @@ -180,7 +180,7 @@ class Metasploit3 < Msf::Auxiliary print_status("Trying credential GlassFish 3.x #{user}:'#{pass}'....") res = try_login(user,pass) if res and res.code == 302 - session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) + session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i res = send_request('/common/applications/uploadFrame.jsf', 'GET', session) p = /<title>Deploy Applications or Modules/ diff --git a/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb b/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb index a55c173a17..62fe258b46 100644 --- a/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb +++ b/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb @@ -64,7 +64,7 @@ class Metasploit4 < Msf::Auxiliary } }) - if res and res.code == 200 and res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /([^\s]*session)=([a-z0-9]+)/ + if res && res.code == 200 && res.get_cookies =~ /([^\s]*session)=([a-z0-9]+)/ return $1,$2 else return nil @@ -134,8 +134,8 @@ class Metasploit4 < Msf::Auxiliary 'cookie' => session_cookie }) - if res and res.code == 302 and res.headers['Set-Cookie'] =~ /UserID=/ - parse_auth_cookie(res.headers['Set-Cookie']) + if res and res.code == 302 and res.get_cookies.include?('UserID=') + parse_auth_cookie(res.get_cookies) return true else return false diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb index 8240a0ae11..9696f28e3f 100644 --- a/modules/auxiliary/scanner/http/owa_login.rb +++ b/modules/auxiliary/scanner/http/owa_login.rb @@ -200,7 +200,7 @@ class Metasploit3 < Msf::Auxiliary return :abort end - if action.name != "OWA_2013" and not res.headers['set-cookie'] + if action.name != "OWA_2013" and res.get_cookies.empty? print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting") return :abort end @@ -233,8 +233,9 @@ class Metasploit3 < Msf::Auxiliary end else # these two lines are the authentication info - sessionid = 'sessionid=' << res.headers['set-cookie'].split('sessionid=')[1].split('; ')[0] - cadata = 'cadata=' << res.headers['set-cookie'].split('cadata=')[1].split('; ')[0] + cookies = res.get_cookies + sessionid = 'sessionid=' << cookies.split('sessionid=')[1].split('; ')[0] + cadata = 'cadata=' << cookies.split('cadata=')[1].split('; ')[0] headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata end diff --git a/modules/auxiliary/scanner/http/sentry_cdu_enum.rb b/modules/auxiliary/scanner/http/sentry_cdu_enum.rb index 6c00a86bfc..71de9699d7 100644 --- a/modules/auxiliary/scanner/http/sentry_cdu_enum.rb +++ b/modules/auxiliary/scanner/http/sentry_cdu_enum.rb @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary 'authorization' => basic_auth(user,pass) }) - if (res and res.headers['Set-Cookie']) + if res and !res.get_cookies.empty? print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_hash = { diff --git a/modules/auxiliary/scanner/http/sevone_enum.rb b/modules/auxiliary/scanner/http/sevone_enum.rb index df1365d803..1714e690c9 100644 --- a/modules/auxiliary/scanner/http/sevone_enum.rb +++ b/modules/auxiliary/scanner/http/sevone_enum.rb @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) - if (res and res.code.to_i == 200 and res.headers['Set-Cookie'].include?('SEVONE')) + if (res and res.code.to_i == 200 and res.get_cookies.include?('SEVONE')) version_key = /Version: <strong>(.+)<\/strong>/ version = res.body.scan(version_key).flatten print_good("#{rhost}:#{rport} - Application confirmed to be SevOne Network Performance Management System version #{version}") diff --git a/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb b/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb index 918a44ed28..491fb9ff34 100644 --- a/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb +++ b/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary } }) - if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.headers["Set-Cookie"].to_s =~ /(SID=[a-z]+)/ + if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.get_cookies =~ /(SID=[a-z]+)/ return $1 else return nil diff --git a/modules/auxiliary/scanner/http/splunk_web_login.rb b/modules/auxiliary/scanner/http/splunk_web_login.rb index 02407661c3..1c47c9e90b 100644 --- a/modules/auxiliary/scanner/http/splunk_web_login.rb +++ b/modules/auxiliary/scanner/http/splunk_web_login.rb @@ -82,8 +82,8 @@ class Metasploit3 < Msf::Auxiliary session_id = '' cval = '' - if res and res.code == 200 and res.headers['Set-Cookie'] - res.headers['Set-Cookie'].split(';').each {|c| + if res and res.code == 200 and !res.get_cookies.empty? + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /cval/ cval = v.split('=')[1] diff --git a/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb b/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb index 7a5057147e..d3cd471a5e 100644 --- a/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb +++ b/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb @@ -86,8 +86,8 @@ class Metasploit3 < Msf::Auxiliary last_login = '' #A hidden field in the login page res = send_request_raw({'uri'=>'/brightmail/viewLogin.do'}) - if res and res.headers['Set-Cookie'] - sid = res.headers['Set-Cookie'].scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || '' + if res and !res.get_cookies.empty? + sid = res.get_cookies.scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || '' end if res @@ -147,4 +147,4 @@ class Metasploit3 < Msf::Auxiliary download_file(sid, fname) end -end \ No newline at end of file +end diff --git a/modules/auxiliary/scanner/http/tomcat_enum.rb b/modules/auxiliary/scanner/http/tomcat_enum.rb index ab4d7484f9..e07eaecc52 100644 --- a/modules/auxiliary/scanner/http/tomcat_enum.rb +++ b/modules/auxiliary/scanner/http/tomcat_enum.rb @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary 'data' => post_data, }, 20) - if res and res.code == 200 and res.headers['Set-Cookie'] + if res and res.code == 200 and !res.get_cookies.empty? vprint_error("#{target_url} - Apache Tomcat #{user} not found ") elsif res and res.code == 200 and res.body =~ /invalid username/i vprint_error("#{target_url} - Apache Tomcat #{user} not found ") diff --git a/modules/auxiliary/scanner/http/vcms_login.rb b/modules/auxiliary/scanner/http/vcms_login.rb index 21610d3ab7..f8ecb4781e 100644 --- a/modules/auxiliary/scanner/http/vcms_login.rb +++ b/modules/auxiliary/scanner/http/vcms_login.rb @@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary }) # Get the PHP session ID - m = res.headers['Set-Cookie'].match(/(PHPSESSID=.+);/) + m = res.get_cookies.match(/(PHPSESSID=.+);/) id = (m.nil?) ? nil : m[1] return id diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb index 39c02bac5a..2816691fcd 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb @@ -93,10 +93,10 @@ class Metasploit3 < Msf::Auxiliary return end - if (res and res.code == 302 ) - if res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i) + if res and res.code == 302 + if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i) cookie = "DomAuthSessId=#{$1}" - elsif res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/LtpaToken=(.*);(.*)/i) + elsif res.get_cookies.match(/LtpaToken=(.*);(.*)/i) cookie = "LtpaToken=#{$1}" else print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response") diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb index a9a4bcec10..3ddd187895 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb @@ -45,8 +45,8 @@ class Metasploit3 < Msf::Auxiliary 'data' => post_data, }, 20) - if (res and res.code == 302 ) - if res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i) + if res and res.code == 302 + if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i) print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'") report_auth_info( :host => rhost, diff --git a/modules/auxiliary/scanner/msf/msf_web_login.rb b/modules/auxiliary/scanner/msf/msf_web_login.rb index 07eaecf3bf..4c67510bd9 100644 --- a/modules/auxiliary/scanner/msf/msf_web_login.rb +++ b/modules/auxiliary/scanner/msf/msf_web_login.rb @@ -76,9 +76,9 @@ class Metasploit3 < Msf::Auxiliary token = '' uisession = '' - if res and res.code == 200 and res.headers['Set-Cookie'] + if res and res.code == 200 and !res.get_cookies.empty? # extract tokens from cookie - res.headers['Set-Cookie'].split(';').each {|c| + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /token/ token = v.split('=')[1] diff --git a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb index 9c037550bd..97cbd4664c 100644 --- a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb +++ b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary 'headers' => { 'Authorization' => "Basic #{@user_pass}"} }, 25) if res - @vim_cookie = res.headers['Set-Cookie'] + @vim_cookie = res.get_cookies if res.code== 200 res.body.scan(/<a href="([\w\/\?=&;%]+)">/) do |match| link = match[0] @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary 'headers' => { 'Authorization' => "Basic #{@user_pass}"} }, 25) if res - @vim_cookie = res.headers['Set-Cookie'] + @vim_cookie = res.get_cookies if res.code == 200 img = res.body ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], img, name , "Screenshot of VM #{name}") diff --git a/modules/exploits/linux/http/dolibarr_cmd_exec.rb b/modules/exploits/linux/http/dolibarr_cmd_exec.rb index ad798e8969..d50b15a7da 100644 --- a/modules/exploits/linux/http/dolibarr_cmd_exec.rb +++ b/modules/exploits/linux/http/dolibarr_cmd_exec.rb @@ -78,10 +78,10 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => @uri.path }) - return [nil, nil] if not (res and res.headers['Set-Cookie']) + return [nil, nil] if res.nil? || res.get_cookies.empty? # Get the session ID from the cookie - m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/) + m = res.get_cookies.match(/(DOLSESSID_.+);/) id = (m.nil?) ? nil : m[1] # Get the token from the decompressed HTTP body response diff --git a/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb b/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb index bc02f5d255..184ea9c2e6 100644 --- a/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb +++ b/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb @@ -67,7 +67,7 @@ class Metasploit4 < Msf::Exploit::Remote if res.headers['Location'] =~ /users\/login$/ fail_with(Failure::NoAccess, 'Authentication failed') else - session = $1 if res.headers['Set-Cookie'] =~ /_session_id=([0-9a-f]*)/ + session = $1 if res.get_cookies =~ /_session_id=([0-9a-f]*)/ fail_with(Failure::UnexpectedReply, 'Failed to retrieve the current session id') if session.nil? end diff --git a/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb b/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb index 676e931b3d..cbc3fc3043 100644 --- a/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb +++ b/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote 'josso_password' => datastore['PASSWORD'] } }) - if res and res.headers['Set-Cookie'] =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/ + if res and res.get_cookies =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/ return $1 else return nil diff --git a/modules/exploits/linux/http/mutiny_frontend_upload.rb b/modules/exploits/linux/http/mutiny_frontend_upload.rb index 03d03adf5f..e0fa99ef5e 100644 --- a/modules/exploits/linux/http/mutiny_frontend_upload.rb +++ b/modules/exploits/linux/http/mutiny_frontend_upload.rb @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET' }) - if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ + if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/ first_session = $1 end @@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote 'cookie' => "JSESSIONID=#{first_session}" }) - if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ + if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/ @session = $1 return true end diff --git a/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb b/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb index accf593b61..e7a568baf2 100644 --- a/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb +++ b/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote 'iptest' => "127.0.0.1" # In order to make things as fast as possible } }) - if res and res.code == 200 and res.headers.include?('Set-Cookie') and res.headers['Set-Cookie'] =~ /SESSIONID/ + if res and res.code == 200 and res.get_cookies.include?('SESSIONID') return res.get_cookies else return nil diff --git a/modules/exploits/multi/http/activecollab_chat.rb b/modules/exploits/multi/http/activecollab_chat.rb index d926fafdce..7a6bf553b4 100644 --- a/modules/exploits/multi/http/activecollab_chat.rb +++ b/modules/exploits/multi/http/activecollab_chat.rb @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote # response handling if res and res.code == 302 - if (res.headers['Set-Cookie'] =~ /ac_ActiveCollab_sid_eaM4h3LTIZ=(.*); expires=/) + if res.get_cookies =~ /ac_ActiveCollab_sid_[a-zA-Z0-9]+=(.*); expires=/ acsession = $1 end elsif res and res.body =~ /Failed to log you in/ diff --git a/modules/exploits/multi/http/axis2_deployer.rb b/modules/exploits/multi/http/axis2_deployer.rb index acf1734552..dfe58bb7d6 100644 --- a/modules/exploits/multi/http/axis2_deployer.rb +++ b/modules/exploits/multi/http/axis2_deployer.rb @@ -283,7 +283,7 @@ class Metasploit3 < Msf::Exploit::Remote # likely to change success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1) - if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/) + if res.get_cookies =~ /JSESSIONID=(.*);/ session = $1 end end @@ -319,7 +319,7 @@ class Metasploit3 < Msf::Exploit::Remote # likely to change success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1) - if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/) + if res.get_cookies =~ /JSESSIONID=(.*);/ session = $1 end end diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb index 7115369187..042f17ccd2 100644 --- a/modules/exploits/multi/http/glassfish_deployer.rb +++ b/modules/exploits/multi/http/glassfish_deployer.rb @@ -684,7 +684,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("Trying #{type} credentials for GlassFish 2.x #{user}:'#{pass}'....") res = try_login(user,pass) if res and res.code == 302 - session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) + session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i res = send_request('/applications/upload.jsf', 'GET', session) p = /<title>Deploy Enterprise Applications\/Modules/ @@ -697,7 +697,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("Trying #{type} credentials for GlassFish 3.x #{user}:'#{pass}'....") res = try_login(user,pass) if res and res.code == 302 - session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) + session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i res = send_request('/common/applications/uploadFrame.jsf', 'GET', session) p = /<title>Deploy Applications or Modules/ @@ -788,7 +788,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("Glassfish edition: #{banner}") #Get session - res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); / + res.get_cookies =~ /JSESSIONID=(.*); / session = $1 #Set HTTP verbs. lower-case is used to bypass auth on v3.0 diff --git a/modules/exploits/multi/http/glossword_upload_exec.rb b/modules/exploits/multi/http/glossword_upload_exec.rb index 56c54d1008..aec23ca800 100644 --- a/modules/exploits/multi/http/glossword_upload_exec.rb +++ b/modules/exploits/multi/http/glossword_upload_exec.rb @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote if res.code == 200 vprint_error("#{peer} - Authentication failed") return Exploit::CheckCode::Unknown - elsif res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/ + elsif res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/ vprint_good("#{peer} - Authenticated successfully") return Exploit::CheckCode::Appears end @@ -130,7 +130,7 @@ class Metasploit3 < Msf::Exploit::Remote # login; get session id and token print_status("#{peer} - Authenticating as user '#{user}'") res = login(base, user, pass) - if res and res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/ + if res and res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/ token = "#{$1}" sid = "#{$2}" print_good("#{peer} - Authenticated successfully") diff --git a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb index 825701d651..90b9a989e2 100644 --- a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb +++ b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'POST' ) - if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/ + if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/ session_id = $1 else print_error("#{peer} - Retrieve of initial JSESSIONID failed") @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) - if res and res.code == 302 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/ + if res and res.code == 302 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/ session_id = $1 redirect = URI(res.headers['Location']).path else diff --git a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb index 581fbce608..dabfe034c6 100644 --- a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb +++ b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb @@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote # CpqElm-Login: success if res.headers['CpqElm-Login'].to_s =~ /success/ - cookie = res.headers['Set-Cookie'].scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || '' + cookie = res.get_cookies.scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || '' end cookie diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb index 3c7bf20530..73e8d7adee 100644 --- a/modules/exploits/multi/http/jenkins_script_console.rb +++ b/modules/exploits/multi/http/jenkins_script_console.rb @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote if not (res and res.code == 302) or res.headers['Location'] =~ /loginError/ fail_with(Failure::NoAccess, 'login failed') end - sessionid = 'JSESSIONID' << res.headers['set-cookie'].split('JSESSIONID')[1].split('; ')[0] + sessionid = 'JSESSIONID' << res.get_cookies.split('JSESSIONID')[1].split('; ')[0] @cookie = "#{sessionid}" else print_status('No authentication required, skipping login...') diff --git a/modules/exploits/multi/http/mutiny_subnetmask_exec.rb b/modules/exploits/multi/http/mutiny_subnetmask_exec.rb index d4cadae1c7..900c5a6418 100644 --- a/modules/exploits/multi/http/mutiny_subnetmask_exec.rb +++ b/modules/exploits/multi/http/mutiny_subnetmask_exec.rb @@ -193,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) - if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ + if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.get_cookies =~ /JSESSIONID=(.*);/ print_good("#{peer} - Login successful") session = $1 else diff --git a/modules/exploits/multi/http/php_volunteer_upload_exec.rb b/modules/exploits/multi/http/php_volunteer_upload_exec.rb index a885cb3901..6854cd78bb 100644 --- a/modules/exploits/multi/http/php_volunteer_upload_exec.rb +++ b/modules/exploits/multi/http/php_volunteer_upload_exec.rb @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote }) # If we don't get a cookie, bail! - if res and res.headers['Set-Cookie'] =~ /(PHPVolunteerManagent=\w+);*/ + if res and res.get_cookies =~ /(PHPVolunteerManagent=\w+);*/ cookie = $1 vprint_status("#{peer} - Found cookie: #{cookie}") else diff --git a/modules/exploits/multi/http/phpldapadmin_query_engine.rb b/modules/exploits/multi/http/phpldapadmin_query_engine.rb index c6eeac426b..1315ed710e 100644 --- a/modules/exploits/multi/http/phpldapadmin_query_engine.rb +++ b/modules/exploits/multi/http/phpldapadmin_query_engine.rb @@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => uri, }, 3) - if (res.nil? or not res.headers['Set-Cookie']) + if res.nil? or res.get_cookies.empty? print_error("Could not generate a valid session") return end - return res.headers['Set-Cookie'] + return res.get_cookies end def cleanup diff --git a/modules/exploits/multi/http/qdpm_upload_exec.rb b/modules/exploits/multi/http/qdpm_upload_exec.rb index 0478b23dd5..c9f5931858 100644 --- a/modules/exploits/multi/http/qdpm_upload_exec.rb +++ b/modules/exploits/multi/http/qdpm_upload_exec.rb @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) - cookie = (res and res.headers['Set-Cookie'] =~ /qdpm\=.+\;/) ? res.headers['Set-Cookie'] : '' + cookie = (res and res.get_cookies =~ /qdpm\=.+\;/) ? res.get_cookies : '' return {} if cookie.empty? cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0] diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb index 46751d2f1f..7803dd5414 100644 --- a/modules/exploits/multi/http/rails_secret_deserialization.rb +++ b/modules/exploits/multi/http/rails_secret_deserialization.rb @@ -233,8 +233,8 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => datastore['TARGETURI'] || "/", 'method' => datastore['HTTP_METHOD'], }, 25) - if res && res.headers['Set-Cookie'] - match = res.headers['Set-Cookie'].match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /) + if res && !res.get_cookies.empty? + match = res.get_cookies.match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /) end if match diff --git a/modules/exploits/multi/http/sflog_upload_exec.rb b/modules/exploits/multi/http/sflog_upload_exec.rb index 1e2cd51567..d8f6f00de9 100644 --- a/modules/exploits/multi/http/sflog_upload_exec.rb +++ b/modules/exploits/multi/http/sflog_upload_exec.rb @@ -86,8 +86,8 @@ class Metasploit3 < Msf::Exploit::Remote } }) - if res and res.headers['Set-Cookie'] =~ /PHPSESSID/ and res.body !~ /\<i\>Access denied\!\<\/i\>/ - return res.headers['Set-Cookie'] + if res and res.get_cookies.include?('PHPSESSID') and res.body !~ /\<i\>Access denied\!\<\/i\>/ + return res.get_cookies else return '' end diff --git a/modules/exploits/multi/http/sit_file_upload.rb b/modules/exploits/multi/http/sit_file_upload.rb index d85302620b..92d4380c43 100644 --- a/modules/exploits/multi/http/sit_file_upload.rb +++ b/modules/exploits/multi/http/sit_file_upload.rb @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote if (res and res.code == 302 and res.headers['Location'] =~ /main.php/) print_status("Successfully logged in as #{user}:#{pass}") - if (res.headers['Set-Cookie'] =~ /SiTsessionID/) and res.headers['Set-Cookie'].split("SiTsessionID")[-1] =~ /=(.*);/ + if (res.get_cookies =~ /SiTsessionID/) and res.get_cookies.split("SiTsessionID")[-1] =~ /=(.*);/ session = $1 print_status("Successfully retrieved cookie: #{session}") return session diff --git a/modules/exploits/multi/http/splunk_mappy_exec.rb b/modules/exploits/multi/http/splunk_mappy_exec.rb index 2725ba5f81..cae9a80878 100644 --- a/modules/exploits/multi/http/splunk_mappy_exec.rb +++ b/modules/exploits/multi/http/splunk_mappy_exec.rb @@ -124,8 +124,8 @@ class Metasploit3 < Msf::Exploit::Remote uid = '' session_id_port = session_id = '' - if res and res.code == 200 and res.headers['Set-Cookie'] - res.headers['Set-Cookie'].split(';').each {|c| + if res and res.code == 200 and !res.get_cookies.empty? + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /cval/ cval = v.split('=')[1] @@ -159,7 +159,7 @@ class Metasploit3 < Msf::Exploit::Remote else session_id_port = '' session_id = '' - res.headers['Set-Cookie'].split(';').each {|c| + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /session_id/ session_id_port = v.split('=')[0] diff --git a/modules/exploits/multi/http/splunk_upload_app_exec.rb b/modules/exploits/multi/http/splunk_upload_app_exec.rb index 0c710b83ac..35e5f85241 100644 --- a/modules/exploits/multi/http/splunk_upload_app_exec.rb +++ b/modules/exploits/multi/http/splunk_upload_app_exec.rb @@ -202,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote session_id_port = session_id = '' if res and res.code == 200 - res.headers['Set-Cookie'].split(';').each {|c| + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /cval/ cval = v.split('=')[1] @@ -236,7 +236,7 @@ class Metasploit3 < Msf::Exploit::Remote else session_id_port = '' session_id = '' - res.headers['Set-Cookie'].split(';').each {|c| + res.get_cookies.split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /session_id/ session_id_port = v.split('=')[0]