Resolved some more Set-Cookie warnings
parent
827feaed9f
commit
df4b832019
|
@ -42,10 +42,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'uri' => normalize_uri(@uri.path)
|
'uri' => normalize_uri(@uri.path)
|
||||||
})
|
})
|
||||||
|
|
||||||
return [nil, nil] if not (res and res.headers['Set-Cookie'])
|
return [nil, nil] if res.nil? || res.get_cookies.empty?
|
||||||
|
|
||||||
# Get the session ID from the cookie
|
# Get the session ID from the cookie
|
||||||
m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/)
|
m = get_cookies.match(/(DOLSESSID_.+);/)
|
||||||
id = (m.nil?) ? nil : m[1]
|
id = (m.nil?) ? nil : m[1]
|
||||||
|
|
||||||
# Get the token from the decompressed HTTP body response
|
# Get the token from the decompressed HTTP body response
|
||||||
|
|
|
@ -167,7 +167,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
print_status("Trying credential GlassFish 2.x #{user}:'#{pass}'....")
|
print_status("Trying credential GlassFish 2.x #{user}:'#{pass}'....")
|
||||||
res = try_login(user,pass)
|
res = try_login(user,pass)
|
||||||
if res and res.code == 302
|
if res and res.code == 302
|
||||||
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i)
|
session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i
|
||||||
res = send_request('/applications/upload.jsf', 'GET', session)
|
res = send_request('/applications/upload.jsf', 'GET', session)
|
||||||
|
|
||||||
p = /<title>Deploy Enterprise Applications\/Modules/
|
p = /<title>Deploy Enterprise Applications\/Modules/
|
||||||
|
@ -180,7 +180,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
print_status("Trying credential GlassFish 3.x #{user}:'#{pass}'....")
|
print_status("Trying credential GlassFish 3.x #{user}:'#{pass}'....")
|
||||||
res = try_login(user,pass)
|
res = try_login(user,pass)
|
||||||
if res and res.code == 302
|
if res and res.code == 302
|
||||||
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i)
|
session = $1 if res && res.get_cookies =~ /JSESSIONID=(.*); /i
|
||||||
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
|
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
|
||||||
|
|
||||||
p = /<title>Deploy Applications or Modules/
|
p = /<title>Deploy Applications or Modules/
|
||||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit4 < Msf::Auxiliary
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /([^\s]*session)=([a-z0-9]+)/
|
if res && res.code == 200 && res.get_cookies =~ /([^\s]*session)=([a-z0-9]+)/
|
||||||
return $1,$2
|
return $1,$2
|
||||||
else
|
else
|
||||||
return nil
|
return nil
|
||||||
|
@ -134,8 +134,8 @@ class Metasploit4 < Msf::Auxiliary
|
||||||
'cookie' => session_cookie
|
'cookie' => session_cookie
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 302 and res.headers['Set-Cookie'] =~ /UserID=/
|
if res and res.code == 302 and res.get_cookies.include?('UserID=')
|
||||||
parse_auth_cookie(res.headers['Set-Cookie'])
|
parse_auth_cookie(res.get_cookies)
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -200,7 +200,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
return :abort
|
return :abort
|
||||||
end
|
end
|
||||||
|
|
||||||
if action.name != "OWA_2013" and not res.headers['set-cookie']
|
if action.name != "OWA_2013" and res.get_cookies.empty?
|
||||||
print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
|
print_error("#{msg} Received invalid repsonse due to a missing cookie (possibly due to invalid version), aborting")
|
||||||
return :abort
|
return :abort
|
||||||
end
|
end
|
||||||
|
@ -233,8 +233,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
# these two lines are the authentication info
|
# these two lines are the authentication info
|
||||||
sessionid = 'sessionid=' << res.headers['set-cookie'].split('sessionid=')[1].split('; ')[0]
|
cookies = res.get_cookies
|
||||||
cadata = 'cadata=' << res.headers['set-cookie'].split('cadata=')[1].split('; ')[0]
|
sessionid = 'sessionid=' << cookies.split('sessionid=')[1].split('; ')[0]
|
||||||
|
cadata = 'cadata=' << cookies.split('cadata=')[1].split('; ')[0]
|
||||||
headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata
|
headers['Cookie'] = 'PBack=0; ' << sessionid << '; ' << cadata
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'authorization' => basic_auth(user,pass)
|
'authorization' => basic_auth(user,pass)
|
||||||
})
|
})
|
||||||
|
|
||||||
if (res and res.headers['Set-Cookie'])
|
if res and !res.get_cookies.empty?
|
||||||
print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
|
print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}")
|
||||||
|
|
||||||
report_hash = {
|
report_hash = {
|
||||||
|
|
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'method' => 'GET'
|
'method' => 'GET'
|
||||||
})
|
})
|
||||||
|
|
||||||
if (res and res.code.to_i == 200 and res.headers['Set-Cookie'].include?('SEVONE'))
|
if (res and res.code.to_i == 200 and res.get_cookies.include?('SEVONE'))
|
||||||
version_key = /Version: <strong>(.+)<\/strong>/
|
version_key = /Version: <strong>(.+)<\/strong>/
|
||||||
version = res.body.scan(version_key).flatten
|
version = res.body.scan(version_key).flatten
|
||||||
print_good("#{rhost}:#{rport} - Application confirmed to be SevOne Network Performance Management System version #{version}")
|
print_good("#{rhost}:#{rport} - Application confirmed to be SevOne Network Performance Management System version #{version}")
|
||||||
|
|
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.headers["Set-Cookie"].to_s =~ /(SID=[a-z]+)/
|
if res and res.code == 200 and res.body.to_s =~ /self.location="\.\.\/cgi\/url_redirect\.cgi/ and res.get_cookies =~ /(SID=[a-z]+)/
|
||||||
return $1
|
return $1
|
||||||
else
|
else
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -82,8 +82,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
session_id = ''
|
session_id = ''
|
||||||
cval = ''
|
cval = ''
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie']
|
if res and res.code == 200 and !res.get_cookies.empty?
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /cval/
|
if v.split('=')[0] =~ /cval/
|
||||||
cval = v.split('=')[1]
|
cval = v.split('=')[1]
|
||||||
|
|
|
@ -86,8 +86,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
last_login = '' #A hidden field in the login page
|
last_login = '' #A hidden field in the login page
|
||||||
|
|
||||||
res = send_request_raw({'uri'=>'/brightmail/viewLogin.do'})
|
res = send_request_raw({'uri'=>'/brightmail/viewLogin.do'})
|
||||||
if res and res.headers['Set-Cookie']
|
if res and !res.get_cookies.empty?
|
||||||
sid = res.headers['Set-Cookie'].scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || ''
|
sid = res.get_cookies.scan(/JSESSIONID=([a-zA-Z0-9]+)/).flatten[0] || ''
|
||||||
end
|
end
|
||||||
|
|
||||||
if res
|
if res
|
||||||
|
@ -147,4 +147,4 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
download_file(sid, fname)
|
download_file(sid, fname)
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'data' => post_data,
|
'data' => post_data,
|
||||||
}, 20)
|
}, 20)
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie']
|
if res and res.code == 200 and !res.get_cookies.empty?
|
||||||
vprint_error("#{target_url} - Apache Tomcat #{user} not found ")
|
vprint_error("#{target_url} - Apache Tomcat #{user} not found ")
|
||||||
elsif res and res.code == 200 and res.body =~ /invalid username/i
|
elsif res and res.code == 200 and res.body =~ /invalid username/i
|
||||||
vprint_error("#{target_url} - Apache Tomcat #{user} not found ")
|
vprint_error("#{target_url} - Apache Tomcat #{user} not found ")
|
||||||
|
|
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
})
|
})
|
||||||
|
|
||||||
# Get the PHP session ID
|
# Get the PHP session ID
|
||||||
m = res.headers['Set-Cookie'].match(/(PHPSESSID=.+);/)
|
m = res.get_cookies.match(/(PHPSESSID=.+);/)
|
||||||
id = (m.nil?) ? nil : m[1]
|
id = (m.nil?) ? nil : m[1]
|
||||||
|
|
||||||
return id
|
return id
|
||||||
|
|
|
@ -93,10 +93,10 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if (res and res.code == 302 )
|
if res and res.code == 302
|
||||||
if res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i)
|
if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
|
||||||
cookie = "DomAuthSessId=#{$1}"
|
cookie = "DomAuthSessId=#{$1}"
|
||||||
elsif res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/LtpaToken=(.*);(.*)/i)
|
elsif res.get_cookies.match(/LtpaToken=(.*);(.*)/i)
|
||||||
cookie = "LtpaToken=#{$1}"
|
cookie = "LtpaToken=#{$1}"
|
||||||
else
|
else
|
||||||
print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")
|
print_error("http://#{vhost}:#{rport} - Lotus Domino - Unrecognized 302 response")
|
||||||
|
|
|
@ -45,8 +45,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'data' => post_data,
|
'data' => post_data,
|
||||||
}, 20)
|
}, 20)
|
||||||
|
|
||||||
if (res and res.code == 302 )
|
if res and res.code == 302
|
||||||
if res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i)
|
if res.get_cookies.match(/DomAuthSessId=(.*);(.*)/i)
|
||||||
print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")
|
print_good("http://#{vhost}:#{rport} - Lotus Domino - SUCCESSFUL login for '#{user}' : '#{pass}'")
|
||||||
report_auth_info(
|
report_auth_info(
|
||||||
:host => rhost,
|
:host => rhost,
|
||||||
|
|
|
@ -76,9 +76,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
token = ''
|
token = ''
|
||||||
uisession = ''
|
uisession = ''
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie']
|
if res and res.code == 200 and !res.get_cookies.empty?
|
||||||
# extract tokens from cookie
|
# extract tokens from cookie
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /token/
|
if v.split('=')[0] =~ /token/
|
||||||
token = v.split('=')[1]
|
token = v.split('=')[1]
|
||||||
|
|
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'headers' => { 'Authorization' => "Basic #{@user_pass}"}
|
'headers' => { 'Authorization' => "Basic #{@user_pass}"}
|
||||||
}, 25)
|
}, 25)
|
||||||
if res
|
if res
|
||||||
@vim_cookie = res.headers['Set-Cookie']
|
@vim_cookie = res.get_cookies
|
||||||
if res.code== 200
|
if res.code== 200
|
||||||
res.body.scan(/<a href="([\w\/\?=&;%]+)">/) do |match|
|
res.body.scan(/<a href="([\w\/\?=&;%]+)">/) do |match|
|
||||||
link = match[0]
|
link = match[0]
|
||||||
|
@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'headers' => { 'Authorization' => "Basic #{@user_pass}"}
|
'headers' => { 'Authorization' => "Basic #{@user_pass}"}
|
||||||
}, 25)
|
}, 25)
|
||||||
if res
|
if res
|
||||||
@vim_cookie = res.headers['Set-Cookie']
|
@vim_cookie = res.get_cookies
|
||||||
if res.code == 200
|
if res.code == 200
|
||||||
img = res.body
|
img = res.body
|
||||||
ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], img, name , "Screenshot of VM #{name}")
|
ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], img, name , "Screenshot of VM #{name}")
|
||||||
|
|
|
@ -78,10 +78,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'uri' => @uri.path
|
'uri' => @uri.path
|
||||||
})
|
})
|
||||||
|
|
||||||
return [nil, nil] if not (res and res.headers['Set-Cookie'])
|
return [nil, nil] if res.nil? || res.get_cookies.empty?
|
||||||
|
|
||||||
# Get the session ID from the cookie
|
# Get the session ID from the cookie
|
||||||
m = res.headers['Set-Cookie'].match(/(DOLSESSID_.+);/)
|
m = res.get_cookies.match(/(DOLSESSID_.+);/)
|
||||||
id = (m.nil?) ? nil : m[1]
|
id = (m.nil?) ? nil : m[1]
|
||||||
|
|
||||||
# Get the token from the decompressed HTTP body response
|
# Get the token from the decompressed HTTP body response
|
||||||
|
|
|
@ -67,7 +67,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||||
if res.headers['Location'] =~ /users\/login$/
|
if res.headers['Location'] =~ /users\/login$/
|
||||||
fail_with(Failure::NoAccess, 'Authentication failed')
|
fail_with(Failure::NoAccess, 'Authentication failed')
|
||||||
else
|
else
|
||||||
session = $1 if res.headers['Set-Cookie'] =~ /_session_id=([0-9a-f]*)/
|
session = $1 if res.get_cookies =~ /_session_id=([0-9a-f]*)/
|
||||||
fail_with(Failure::UnexpectedReply, 'Failed to retrieve the current session id') if session.nil?
|
fail_with(Failure::UnexpectedReply, 'Failed to retrieve the current session id') if session.nil?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'josso_password' => datastore['PASSWORD']
|
'josso_password' => datastore['PASSWORD']
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
if res and res.headers['Set-Cookie'] =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/
|
if res and res.get_cookies =~ /JOSSO_SESSIONID_josso=([A-F0-9]+)/
|
||||||
return $1
|
return $1
|
||||||
else
|
else
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'method' => 'GET'
|
'method' => 'GET'
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/
|
if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/
|
||||||
first_session = $1
|
first_session = $1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'cookie' => "JSESSIONID=#{first_session}"
|
'cookie' => "JSESSIONID=#{first_session}"
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/
|
if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=(.*);/
|
||||||
@session = $1
|
@session = $1
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'iptest' => "127.0.0.1" # In order to make things as fast as possible
|
'iptest' => "127.0.0.1" # In order to make things as fast as possible
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
if res and res.code == 200 and res.headers.include?('Set-Cookie') and res.headers['Set-Cookie'] =~ /SESSIONID/
|
if res and res.code == 200 and res.get_cookies.include?('SESSIONID')
|
||||||
return res.get_cookies
|
return res.get_cookies
|
||||||
else
|
else
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
# response handling
|
# response handling
|
||||||
if res and res.code == 302
|
if res and res.code == 302
|
||||||
if (res.headers['Set-Cookie'] =~ /ac_ActiveCollab_sid_eaM4h3LTIZ=(.*); expires=/)
|
if res.get_cookies =~ /ac_ActiveCollab_sid_[a-zA-Z0-9]+=(.*); expires=/
|
||||||
acsession = $1
|
acsession = $1
|
||||||
end
|
end
|
||||||
elsif res and res.body =~ /Failed to log you in/
|
elsif res and res.body =~ /Failed to log you in/
|
||||||
|
|
|
@ -283,7 +283,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# likely to change
|
# likely to change
|
||||||
|
|
||||||
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
|
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
|
||||||
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
|
if res.get_cookies =~ /JSESSIONID=(.*);/
|
||||||
session = $1
|
session = $1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -319,7 +319,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# likely to change
|
# likely to change
|
||||||
|
|
||||||
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
|
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
|
||||||
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
|
if res.get_cookies =~ /JSESSIONID=(.*);/
|
||||||
session = $1
|
session = $1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -684,7 +684,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_status("Trying #{type} credentials for GlassFish 2.x #{user}:'#{pass}'....")
|
print_status("Trying #{type} credentials for GlassFish 2.x #{user}:'#{pass}'....")
|
||||||
res = try_login(user,pass)
|
res = try_login(user,pass)
|
||||||
if res and res.code == 302
|
if res and res.code == 302
|
||||||
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i)
|
session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i
|
||||||
res = send_request('/applications/upload.jsf', 'GET', session)
|
res = send_request('/applications/upload.jsf', 'GET', session)
|
||||||
|
|
||||||
p = /<title>Deploy Enterprise Applications\/Modules/
|
p = /<title>Deploy Enterprise Applications\/Modules/
|
||||||
|
@ -697,7 +697,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_status("Trying #{type} credentials for GlassFish 3.x #{user}:'#{pass}'....")
|
print_status("Trying #{type} credentials for GlassFish 3.x #{user}:'#{pass}'....")
|
||||||
res = try_login(user,pass)
|
res = try_login(user,pass)
|
||||||
if res and res.code == 302
|
if res and res.code == 302
|
||||||
session = $1 if (res and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /i)
|
session = $1 if res and res.get_cookies =~ /JSESSIONID=(.*); /i
|
||||||
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
|
res = send_request('/common/applications/uploadFrame.jsf', 'GET', session)
|
||||||
|
|
||||||
p = /<title>Deploy Applications or Modules/
|
p = /<title>Deploy Applications or Modules/
|
||||||
|
@ -788,7 +788,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_status("Glassfish edition: #{banner}")
|
print_status("Glassfish edition: #{banner}")
|
||||||
|
|
||||||
#Get session
|
#Get session
|
||||||
res.headers['Set-Cookie'] =~ /JSESSIONID=(.*); /
|
res.get_cookies =~ /JSESSIONID=(.*); /
|
||||||
session = $1
|
session = $1
|
||||||
|
|
||||||
#Set HTTP verbs. lower-case is used to bypass auth on v3.0
|
#Set HTTP verbs. lower-case is used to bypass auth on v3.0
|
||||||
|
|
|
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
if res.code == 200
|
if res.code == 200
|
||||||
vprint_error("#{peer} - Authentication failed")
|
vprint_error("#{peer} - Authentication failed")
|
||||||
return Exploit::CheckCode::Unknown
|
return Exploit::CheckCode::Unknown
|
||||||
elsif res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/
|
elsif res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/
|
||||||
vprint_good("#{peer} - Authenticated successfully")
|
vprint_good("#{peer} - Authenticated successfully")
|
||||||
return Exploit::CheckCode::Appears
|
return Exploit::CheckCode::Appears
|
||||||
end
|
end
|
||||||
|
@ -130,7 +130,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# login; get session id and token
|
# login; get session id and token
|
||||||
print_status("#{peer} - Authenticating as user '#{user}'")
|
print_status("#{peer} - Authenticating as user '#{user}'")
|
||||||
res = login(base, user, pass)
|
res = login(base, user, pass)
|
||||||
if res and res.code == 301 and res.headers['set-cookie'] =~ /sid([\da-f]+)=([\da-f]{32})/
|
if res and res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/
|
||||||
token = "#{$1}"
|
token = "#{$1}"
|
||||||
sid = "#{$2}"
|
sid = "#{$2}"
|
||||||
print_good("#{peer} - Authenticated successfully")
|
print_good("#{peer} - Authenticated successfully")
|
||||||
|
|
|
@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'method' => 'POST'
|
'method' => 'POST'
|
||||||
)
|
)
|
||||||
|
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/
|
if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/
|
||||||
session_id = $1
|
session_id = $1
|
||||||
else
|
else
|
||||||
print_error("#{peer} - Retrieve of initial JSESSIONID failed")
|
print_error("#{peer} - Retrieve of initial JSESSIONID failed")
|
||||||
|
@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 302 and res.headers['Set-Cookie'] =~ /JSESSIONID=([0-9A-F]*);/
|
if res and res.code == 302 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/
|
||||||
session_id = $1
|
session_id = $1
|
||||||
redirect = URI(res.headers['Location']).path
|
redirect = URI(res.headers['Location']).path
|
||||||
else
|
else
|
||||||
|
|
|
@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
# CpqElm-Login: success
|
# CpqElm-Login: success
|
||||||
if res.headers['CpqElm-Login'].to_s =~ /success/
|
if res.headers['CpqElm-Login'].to_s =~ /success/
|
||||||
cookie = res.headers['Set-Cookie'].scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || ''
|
cookie = res.get_cookies.scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || ''
|
||||||
end
|
end
|
||||||
|
|
||||||
cookie
|
cookie
|
||||||
|
|
|
@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
if not (res and res.code == 302) or res.headers['Location'] =~ /loginError/
|
if not (res and res.code == 302) or res.headers['Location'] =~ /loginError/
|
||||||
fail_with(Failure::NoAccess, 'login failed')
|
fail_with(Failure::NoAccess, 'login failed')
|
||||||
end
|
end
|
||||||
sessionid = 'JSESSIONID' << res.headers['set-cookie'].split('JSESSIONID')[1].split('; ')[0]
|
sessionid = 'JSESSIONID' << res.get_cookies.split('JSESSIONID')[1].split('; ')[0]
|
||||||
@cookie = "#{sessionid}"
|
@cookie = "#{sessionid}"
|
||||||
else
|
else
|
||||||
print_status('No authentication required, skipping login...')
|
print_status('No authentication required, skipping login...')
|
||||||
|
|
|
@ -193,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/
|
if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.get_cookies =~ /JSESSIONID=(.*);/
|
||||||
print_good("#{peer} - Login successful")
|
print_good("#{peer} - Login successful")
|
||||||
session = $1
|
session = $1
|
||||||
else
|
else
|
||||||
|
|
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
})
|
})
|
||||||
|
|
||||||
# If we don't get a cookie, bail!
|
# If we don't get a cookie, bail!
|
||||||
if res and res.headers['Set-Cookie'] =~ /(PHPVolunteerManagent=\w+);*/
|
if res and res.get_cookies =~ /(PHPVolunteerManagent=\w+);*/
|
||||||
cookie = $1
|
cookie = $1
|
||||||
vprint_status("#{peer} - Found cookie: #{cookie}")
|
vprint_status("#{peer} - Found cookie: #{cookie}")
|
||||||
else
|
else
|
||||||
|
|
|
@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'uri' => uri,
|
'uri' => uri,
|
||||||
}, 3)
|
}, 3)
|
||||||
|
|
||||||
if (res.nil? or not res.headers['Set-Cookie'])
|
if res.nil? or res.get_cookies.empty?
|
||||||
print_error("Could not generate a valid session")
|
print_error("Could not generate a valid session")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
return res.headers['Set-Cookie']
|
return res.get_cookies
|
||||||
end
|
end
|
||||||
|
|
||||||
def cleanup
|
def cleanup
|
||||||
|
|
|
@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
cookie = (res and res.headers['Set-Cookie'] =~ /qdpm\=.+\;/) ? res.headers['Set-Cookie'] : ''
|
cookie = (res and res.get_cookies =~ /qdpm\=.+\;/) ? res.get_cookies : ''
|
||||||
return {} if cookie.empty?
|
return {} if cookie.empty?
|
||||||
cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0]
|
cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0]
|
||||||
|
|
||||||
|
|
|
@ -233,8 +233,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'uri' => datastore['TARGETURI'] || "/",
|
'uri' => datastore['TARGETURI'] || "/",
|
||||||
'method' => datastore['HTTP_METHOD'],
|
'method' => datastore['HTTP_METHOD'],
|
||||||
}, 25)
|
}, 25)
|
||||||
if res && res.headers['Set-Cookie']
|
if res && !res.get_cookies.empty?
|
||||||
match = res.headers['Set-Cookie'].match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /)
|
match = res.get_cookies.match(/([_A-Za-z0-9]+)=([A-Za-z0-9%]*)--([0-9A-Fa-f]+); /)
|
||||||
end
|
end
|
||||||
|
|
||||||
if match
|
if match
|
||||||
|
|
|
@ -86,8 +86,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.headers['Set-Cookie'] =~ /PHPSESSID/ and res.body !~ /\<i\>Access denied\!\<\/i\>/
|
if res and res.get_cookies.include?('PHPSESSID') and res.body !~ /\<i\>Access denied\!\<\/i\>/
|
||||||
return res.headers['Set-Cookie']
|
return res.get_cookies
|
||||||
else
|
else
|
||||||
return ''
|
return ''
|
||||||
end
|
end
|
||||||
|
|
|
@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
if (res and res.code == 302 and res.headers['Location'] =~ /main.php/)
|
if (res and res.code == 302 and res.headers['Location'] =~ /main.php/)
|
||||||
print_status("Successfully logged in as #{user}:#{pass}")
|
print_status("Successfully logged in as #{user}:#{pass}")
|
||||||
|
|
||||||
if (res.headers['Set-Cookie'] =~ /SiTsessionID/) and res.headers['Set-Cookie'].split("SiTsessionID")[-1] =~ /=(.*);/
|
if (res.get_cookies =~ /SiTsessionID/) and res.get_cookies.split("SiTsessionID")[-1] =~ /=(.*);/
|
||||||
session = $1
|
session = $1
|
||||||
print_status("Successfully retrieved cookie: #{session}")
|
print_status("Successfully retrieved cookie: #{session}")
|
||||||
return session
|
return session
|
||||||
|
|
|
@ -124,8 +124,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
uid = ''
|
uid = ''
|
||||||
session_id_port =
|
session_id_port =
|
||||||
session_id = ''
|
session_id = ''
|
||||||
if res and res.code == 200 and res.headers['Set-Cookie']
|
if res and res.code == 200 and !res.get_cookies.empty?
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /cval/
|
if v.split('=')[0] =~ /cval/
|
||||||
cval = v.split('=')[1]
|
cval = v.split('=')[1]
|
||||||
|
@ -159,7 +159,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
else
|
else
|
||||||
session_id_port = ''
|
session_id_port = ''
|
||||||
session_id = ''
|
session_id = ''
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /session_id/
|
if v.split('=')[0] =~ /session_id/
|
||||||
session_id_port = v.split('=')[0]
|
session_id_port = v.split('=')[0]
|
||||||
|
|
|
@ -202,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
session_id_port =
|
session_id_port =
|
||||||
session_id = ''
|
session_id = ''
|
||||||
if res and res.code == 200
|
if res and res.code == 200
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /cval/
|
if v.split('=')[0] =~ /cval/
|
||||||
cval = v.split('=')[1]
|
cval = v.split('=')[1]
|
||||||
|
@ -236,7 +236,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
else
|
else
|
||||||
session_id_port = ''
|
session_id_port = ''
|
||||||
session_id = ''
|
session_id = ''
|
||||||
res.headers['Set-Cookie'].split(';').each {|c|
|
res.get_cookies.split(';').each {|c|
|
||||||
c.split(',').each {|v|
|
c.split(',').each {|v|
|
||||||
if v.split('=')[0] =~ /session_id/
|
if v.split('=')[0] =~ /session_id/
|
||||||
session_id_port = v.split('=')[0]
|
session_id_port = v.split('=')[0]
|
||||||
|
|
Loading…
Reference in New Issue