Resolved some more Set-Cookie warnings

bug/bundler_fix
Christian Mehlmauer 2014-05-13 22:56:12 +02:00
parent 827feaed9f
commit df4b832019
No known key found for this signature in database
GPG Key ID: BCFF4FA966BC32C7
36 changed files with 64 additions and 63 deletions

View File

@ -42,10 +42,10 @@ class Metasploit3 < Msf::Auxiliary
'uri' => normalize_uri(@uri.path) 'uri' => normalize_uri(@uri.path)
}) })
return [nil, nil] if not (res and res.headers['Set-Cookie']) return [nil, nil] if res.nil? || res.get_cookies.empty?
# Get the session ID from the cookie # Get the session ID from the cookie
m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/) m = get_cookies.match(/(DOLSESSID_.+);/)
id = (m.nil?) ? nil : m[1] id = (m.nil?) ? nil : m[1]
# Get the token from the decompressed HTTP body response # Get the token from the decompressed HTTP body response

View File

@ -167,7 +167,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Trying credential GlassFish 2.x #{user}:'#{pass}'....") print_status("Trying credential GlassFish 2.x #{user}:'#{pass}'....")
res = try_login(user,pass) res = try_login(user,pass)
if res and res.code == 302 if res and res.code == 302
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i
res = send_request('/applications/upload.jsf', 'GET', session) res = send_request('/applications/upload.jsf', 'GET', session)
p = /<title>Deploy Enterprise Applications\/Modules/ p = /<title>Deploy Enterprise Applications\/Modules/
@ -180,7 +180,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Trying credential GlassFish 3.x #{user}:'#{pass}'....") print_status("Trying credential GlassFish 3.x #{user}:'#{pass}'....")
res = try_login(user,pass) res = try_login(user,pass)
if res and res.code == 302 if res and res.code == 302
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session) res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
p = /<title>Deploy Applications or Modules/ p = /<title>Deploy Applications or Modules/

View File

@ -64,7 +64,7 @@ class Metasploit4 < Msf::Auxiliary
} }
}) })
if res and res.code == 200 and res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /([^\s]*session)=([a-z0-9]+)/ if res && res.code == 200 && res.get_cookies =~ /([^\s]*session)=([a-z0-9]+)/
return $1,$2 return $1,$2
else else
return nil return nil
@ -134,8 +134,8 @@ class Metasploit4 < Msf::Auxiliary
'cookie' => session_cookie 'cookie' => session_cookie
}) })
if res and res.code == 302 and res.headers['Set-Cookie'] =~ /UserID=/ if res and res.code == 302 and res.get_cookies.include?('UserID=')
parse_auth_cookie(res.headers['Set-Cookie']) parse_auth_cookie(res.get_cookies)
return true return true
else else
return false return false

View File

@ -200,7 +200,7 @@ class Metasploit3 < Msf::Auxiliary
return :abort return :abort
end end
if action.name != "OWA_2013" and not res.headers['set-cookie'] if action.name != "OWA_2013" and res.get_cookies.empty?
print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting") print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
return :abort return :abort
end end
@ -233,8 +233,9 @@ class Metasploit3 < Msf::Auxiliary
end end
else else
# these two lines are the authentication info # these two lines are the authentication info
sessionid = 'sessionid=' << res.headers['set-cookie'].split('sessionid=')[1].split('; ')[0] cookies = res.get_cookies
cadata = 'cadata=' << res.headers['set-cookie'].split('cadata=')[1].split('; ')[0] sessionid = 'sessionid=' << cookies.split('sessionid=')[1].split('; ')[0]
cadata = 'cadata=' << cookies.split('cadata=')[1].split('; ')[0]
headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata
end end

View File

@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
'authorization' => basic_auth(user,pass) 'authorization' => basic_auth(user,pass)
}) })
if (res and res.headers['Set-Cookie']) if res and !res.get_cookies.empty?
print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
report_hash = { report_hash = {

View File

@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
'method' => 'GET' 'method' => 'GET'
}) })
if (res and res.code.to_i == 200 and res.headers['Set-Cookie'].include?('SEVONE')) if (res and res.code.to_i == 200 and res.get_cookies.include?('SEVONE'))
version_key = /Version: <strong>(.+)<\/strong>/ version_key = /Version: <strong>(.+)<\/strong>/
version = res.body.scan(version_key).flatten version = res.body.scan(version_key).flatten
print_good("#{rhost}:#{rport} - Application confirmed to be SevOne Network Performance Management System version #{version}") print_good("#{rhost}:#{rport} - Application confirmed to be SevOne Network Performance Management System version #{version}")

View File

@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
} }
}) })
if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.headers["Set-Cookie"].to_s =~ /(SID=[a-z]+)/ if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.get_cookies =~ /(SID=[a-z]+)/
return $1 return $1
else else
return nil return nil

View File

@ -82,8 +82,8 @@ class Metasploit3 < Msf::Auxiliary
session_id = '' session_id = ''
cval = '' cval = ''
if res and res.code == 200 and res.headers['Set-Cookie'] if res and res.code == 200 and !res.get_cookies.empty?
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /cval/ if v.split('=')[0] =~ /cval/
cval = v.split('=')[1] cval = v.split('=')[1]

View File

@ -86,8 +86,8 @@ class Metasploit3 < Msf::Auxiliary
last_login = '' #A hidden field in the login page last_login = '' #A hidden field in the login page
res = send_request_raw({'uri'=>'/brightmail/viewLogin.do'}) res = send_request_raw({'uri'=>'/brightmail/viewLogin.do'})
if res and res.headers['Set-Cookie'] if res and !res.get_cookies.empty?
sid = res.headers['Set-Cookie'].scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || '' sid = res.get_cookies.scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || ''
end end
if res if res
@ -147,4 +147,4 @@ class Metasploit3 < Msf::Auxiliary
download_file(sid, fname) download_file(sid, fname)
end end
end end

View File

@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data, 'data' => post_data,
}, 20) }, 20)
if res and res.code == 200 and res.headers['Set-Cookie'] if res and res.code == 200 and !res.get_cookies.empty?
vprint_error("#{target_url} - Apache Tomcat #{user} not found ") vprint_error("#{target_url} - Apache Tomcat #{user} not found ")
elsif res and res.code == 200 and res.body =~ /invalid username/i elsif res and res.code == 200 and res.body =~ /invalid username/i
vprint_error("#{target_url} - Apache Tomcat #{user} not found ") vprint_error("#{target_url} - Apache Tomcat #{user} not found ")

View File

@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary
}) })
# Get the PHP session ID # Get the PHP session ID
m = res.headers['Set-Cookie'].match(/(PHPSESSID=.+);/) m = res.get_cookies.match(/(PHPSESSID=.+);/)
id = (m.nil?) ? nil : m[1] id = (m.nil?) ? nil : m[1]
return id return id

View File

@ -93,10 +93,10 @@ class Metasploit3 < Msf::Auxiliary
return return
end end
if (res and res.code == 302 ) if res and res.code == 302
if res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i) if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
cookie = "DomAuthSessId=#{$1}" cookie = "DomAuthSessId=#{$1}"
elsif res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/LtpaToken=(.*);(.*)/i) elsif res.get_cookies.match(/LtpaToken=(.*);(.*)/i)
cookie = "LtpaToken=#{$1}" cookie = "LtpaToken=#{$1}"
else else
print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response") print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")

View File

@ -45,8 +45,8 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data, 'data' => post_data,
}, 20) }, 20)
if (res and res.code == 302 ) if res and res.code == 302
if res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i) if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'") print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")
report_auth_info( report_auth_info(
:host => rhost, :host => rhost,

View File

@ -76,9 +76,9 @@ class Metasploit3 < Msf::Auxiliary
token = '' token = ''
uisession = '' uisession = ''
if res and res.code == 200 and res.headers['Set-Cookie'] if res and res.code == 200 and !res.get_cookies.empty?
# extract tokens from cookie # extract tokens from cookie
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /token/ if v.split('=')[0] =~ /token/
token = v.split('=')[1] token = v.split('=')[1]

View File

@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
'headers' => { 'Authorization' => "Basic #{@user_pass}"} 'headers' => { 'Authorization' => "Basic #{@user_pass}"}
}, 25) }, 25)
if res if res
@vim_cookie = res.headers['Set-Cookie'] @vim_cookie = res.get_cookies
if res.code== 200 if res.code== 200
res.body.scan(/<a href="([\w\/\?=&;%]+)">/) do |match| res.body.scan(/<a href="([\w\/\?=&;%]+)">/) do |match|
link = match[0] link = match[0]
@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary
'headers' => { 'Authorization' => "Basic #{@user_pass}"} 'headers' => { 'Authorization' => "Basic #{@user_pass}"}
}, 25) }, 25)
if res if res
@vim_cookie = res.headers['Set-Cookie'] @vim_cookie = res.get_cookies
if res.code == 200 if res.code == 200
img = res.body img = res.body
ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], img, name , "Screenshot of VM #{name}") ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], img, name , "Screenshot of VM #{name}")

View File

@ -78,10 +78,10 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => @uri.path 'uri' => @uri.path
}) })
return [nil, nil] if not (res and res.headers['Set-Cookie']) return [nil, nil] if res.nil? || res.get_cookies.empty?
# Get the session ID from the cookie # Get the session ID from the cookie
m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/) m = res.get_cookies.match(/(DOLSESSID_.+);/)
id = (m.nil?) ? nil : m[1] id = (m.nil?) ? nil : m[1]
# Get the token from the decompressed HTTP body response # Get the token from the decompressed HTTP body response

View File

@ -67,7 +67,7 @@ class Metasploit4 < Msf::Exploit::Remote
if res.headers['Location'] =~ /users\/login$/ if res.headers['Location'] =~ /users\/login$/
fail_with(Failure::NoAccess, 'Authentication failed') fail_with(Failure::NoAccess, 'Authentication failed')
else else
session = $1 if res.headers['Set-Cookie'] =~ /_session_id=([0-9a-f]*)/ session = $1 if res.get_cookies =~ /_session_id=([0-9a-f]*)/
fail_with(Failure::UnexpectedReply, 'Failed to retrieve the current session id') if session.nil? fail_with(Failure::UnexpectedReply, 'Failed to retrieve the current session id') if session.nil?
end end

View File

@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
'josso_password' => datastore['PASSWORD'] 'josso_password' => datastore['PASSWORD']
} }
}) })
if res and res.headers['Set-Cookie'] =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/ if res and res.get_cookies =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/
return $1 return $1
else else
return nil return nil

View File

@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'GET' 'method' => 'GET'
}) })
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/
first_session = $1 first_session = $1
end end
@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
'cookie' => "JSESSIONID=#{first_session}" 'cookie' => "JSESSIONID=#{first_session}"
}) })
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/
@session = $1 @session = $1
return true return true
end end

View File

@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote
'iptest' => "127.0.0.1" # In order to make things as fast as possible 'iptest' => "127.0.0.1" # In order to make things as fast as possible
} }
}) })
if res and res.code == 200 and res.headers.include?('Set-Cookie') and res.headers['Set-Cookie'] =~ /SESSIONID/ if res and res.code == 200 and res.get_cookies.include?('SESSIONID')
return res.get_cookies return res.get_cookies
else else
return nil return nil

View File

@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
# response handling # response handling
if res and res.code == 302 if res and res.code == 302
if (res.headers['Set-Cookie'] =~ /ac_ActiveCollab_sid_eaM4h3LTIZ=(.*); expires=/) if res.get_cookies =~ /ac_ActiveCollab_sid_[a-zA-Z0-9]+=(.*); expires=/
acsession = $1 acsession = $1
end end
elsif res and res.body =~ /Failed to log you in/ elsif res and res.body =~ /Failed to log you in/

View File

@ -283,7 +283,7 @@ class Metasploit3 < Msf::Exploit::Remote
# likely to change # likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1) success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/) if res.get_cookies =~ /JSESSIONID=(.*);/
session = $1 session = $1
end end
end end
@ -319,7 +319,7 @@ class Metasploit3 < Msf::Exploit::Remote
# likely to change # likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1) success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/) if res.get_cookies =~ /JSESSIONID=(.*);/
session = $1 session = $1
end end
end end

View File

@ -684,7 +684,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Trying #{type} credentials for GlassFish 2.x #{user}:'#{pass}'....") print_status("Trying #{type} credentials for GlassFish 2.x #{user}:'#{pass}'....")
res = try_login(user,pass) res = try_login(user,pass)
if res and res.code == 302 if res and res.code == 302
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i
res = send_request('/applications/upload.jsf', 'GET', session) res = send_request('/applications/upload.jsf', 'GET', session)
p = /<title>Deploy Enterprise Applications\/Modules/ p = /<title>Deploy Enterprise Applications\/Modules/
@ -697,7 +697,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Trying #{type} credentials for GlassFish 3.x #{user}:'#{pass}'....") print_status("Trying #{type} credentials for GlassFish 3.x #{user}:'#{pass}'....")
res = try_login(user,pass) res = try_login(user,pass)
if res and res.code == 302 if res and res.code == 302
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i) session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session) res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
p = /<title>Deploy Applications or Modules/ p = /<title>Deploy Applications or Modules/
@ -788,7 +788,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Glassfish edition: #{banner}") print_status("Glassfish edition: #{banner}")
#Get session #Get session
res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); / res.get_cookies =~ /JSESSIONID=(.*); /
session = $1 session = $1
#Set HTTP verbs. lower-case is used to bypass auth on v3.0 #Set HTTP verbs. lower-case is used to bypass auth on v3.0

View File

@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
if res.code == 200 if res.code == 200
vprint_error("#{peer} - Authentication failed") vprint_error("#{peer} - Authentication failed")
return Exploit::CheckCode::Unknown return Exploit::CheckCode::Unknown
elsif res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/ elsif res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/
vprint_good("#{peer} - Authenticated successfully") vprint_good("#{peer} - Authenticated successfully")
return Exploit::CheckCode::Appears return Exploit::CheckCode::Appears
end end
@ -130,7 +130,7 @@ class Metasploit3 < Msf::Exploit::Remote
# login; get session id and token # login; get session id and token
print_status("#{peer} - Authenticating as user '#{user}'") print_status("#{peer} - Authenticating as user '#{user}'")
res = login(base, user, pass) res = login(base, user, pass)
if res and res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/ if res and res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/
token = "#{$1}" token = "#{$1}"
sid = "#{$2}" sid = "#{$2}"
print_good("#{peer} - Authenticated successfully") print_good("#{peer} - Authenticated successfully")

View File

@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'POST' 'method' => 'POST'
) )
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/ if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/
session_id = $1 session_id = $1
else else
print_error("#{peer} - Retrieve of initial JSESSIONID failed") print_error("#{peer} - Retrieve of initial JSESSIONID failed")
@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote
} }
}) })
if res and res.code == 302 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/ if res and res.code == 302 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/
session_id = $1 session_id = $1
redirect = URI(res.headers['Location']).path redirect = URI(res.headers['Location']).path
else else

View File

@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
# CpqElm-Login: success # CpqElm-Login: success
if res.headers['CpqElm-Login'].to_s =~ /success/ if res.headers['CpqElm-Login'].to_s =~ /success/
cookie = res.headers['Set-Cookie'].scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || '' cookie = res.get_cookies.scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || ''
end end
cookie cookie

View File

@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote
if not (res and res.code == 302) or res.headers['Location'] =~ /loginError/ if not (res and res.code == 302) or res.headers['Location'] =~ /loginError/
fail_with(Failure::NoAccess, 'login failed') fail_with(Failure::NoAccess, 'login failed')
end end
sessionid = 'JSESSIONID' << res.headers['set-cookie'].split('JSESSIONID')[1].split('; ')[0] sessionid = 'JSESSIONID' << res.get_cookies.split('JSESSIONID')[1].split('; ')[0]
@cookie = "#{sessionid}" @cookie = "#{sessionid}"
else else
print_status('No authentication required, skipping login...') print_status('No authentication required, skipping login...')

View File

@ -193,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
} }
}) })
if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/ if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.get_cookies =~ /JSESSIONID=(.*);/
print_good("#{peer} - Login successful") print_good("#{peer} - Login successful")
session = $1 session = $1
else else

View File

@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
}) })
# If we don't get a cookie, bail! # If we don't get a cookie, bail!
if res and res.headers['Set-Cookie'] =~ /(PHPVolunteerManagent=\w+);*/ if res and res.get_cookies =~ /(PHPVolunteerManagent=\w+);*/
cookie = $1 cookie = $1
vprint_status("#{peer} - Found cookie: #{cookie}") vprint_status("#{peer} - Found cookie: #{cookie}")
else else

View File

@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => uri, 'uri' => uri,
}, 3) }, 3)
if (res.nil? or not res.headers['Set-Cookie']) if res.nil? or res.get_cookies.empty?
print_error("Could not generate a valid session") print_error("Could not generate a valid session")
return return
end end
return res.headers['Set-Cookie'] return res.get_cookies
end end
def cleanup def cleanup

View File

@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
} }
}) })
cookie = (res and res.headers['Set-Cookie'] =~ /qdpm\=.+\;/) ? res.headers['Set-Cookie'] : '' cookie = (res and res.get_cookies =~ /qdpm\=.+\;/) ? res.get_cookies : ''
return {} if cookie.empty? return {} if cookie.empty?
cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0] cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0]

View File

@ -233,8 +233,8 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => datastore['TARGETURI'] || "/", 'uri' => datastore['TARGETURI'] || "/",
'method' => datastore['HTTP_METHOD'], 'method' => datastore['HTTP_METHOD'],
}, 25) }, 25)
if res && res.headers['Set-Cookie'] if res && !res.get_cookies.empty?
match = res.headers['Set-Cookie'].match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /) match = res.get_cookies.match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /)
end end
if match if match

View File

@ -86,8 +86,8 @@ class Metasploit3 < Msf::Exploit::Remote
} }
}) })
if res and res.headers['Set-Cookie'] =~ /PHPSESSID/ and res.body !~ /\<i\>Access denied\!\<\/i\>/ if res and res.get_cookies.include?('PHPSESSID') and res.body !~ /\<i\>Access denied\!\<\/i\>/
return res.headers['Set-Cookie'] return res.get_cookies
else else
return '' return ''
end end

View File

@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
if (res and res.code == 302 and res.headers['Location'] =~ /main.php/) if (res and res.code == 302 and res.headers['Location'] =~ /main.php/)
print_status("Successfully logged in as #{user}:#{pass}") print_status("Successfully logged in as #{user}:#{pass}")
if (res.headers['Set-Cookie'] =~ /SiTsessionID/) and res.headers['Set-Cookie'].split("SiTsessionID")[-1] =~ /=(.*);/ if (res.get_cookies =~ /SiTsessionID/) and res.get_cookies.split("SiTsessionID")[-1] =~ /=(.*);/
session = $1 session = $1
print_status("Successfully retrieved cookie: #{session}") print_status("Successfully retrieved cookie: #{session}")
return session return session

View File

@ -124,8 +124,8 @@ class Metasploit3 < Msf::Exploit::Remote
uid = '' uid = ''
session_id_port = session_id_port =
session_id = '' session_id = ''
if res and res.code == 200 and res.headers['Set-Cookie'] if res and res.code == 200 and !res.get_cookies.empty?
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /cval/ if v.split('=')[0] =~ /cval/
cval = v.split('=')[1] cval = v.split('=')[1]
@ -159,7 +159,7 @@ class Metasploit3 < Msf::Exploit::Remote
else else
session_id_port = '' session_id_port = ''
session_id = '' session_id = ''
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /session_id/ if v.split('=')[0] =~ /session_id/
session_id_port = v.split('=')[0] session_id_port = v.split('=')[0]

View File

@ -202,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote
session_id_port = session_id_port =
session_id = '' session_id = ''
if res and res.code == 200 if res and res.code == 200
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /cval/ if v.split('=')[0] =~ /cval/
cval = v.split('=')[1] cval = v.split('=')[1]
@ -236,7 +236,7 @@ class Metasploit3 < Msf::Exploit::Remote
else else
session_id_port = '' session_id_port = ''
session_id = '' session_id = ''
res.headers['Set-Cookie'].split(';').each {|c| res.get_cookies.split(';').each {|c|
c.split(',').each {|v| c.split(',').each {|v|
if v.split('=')[0] =~ /session_id/ if v.split('=')[0] =~ /session_id/
session_id_port = v.split('=')[0] session_id_port = v.split('=')[0]