From ec35f4b13f0ce1a0876c7ed75534406ce3c10c7b Mon Sep 17 00:00:00 2001 From: Brandon Perry Date: Mon, 24 Mar 2014 18:17:50 -0500 Subject: [PATCH] some bugs for sinn3r --- modules/exploits/linux/http/lifesize_uvc_ping_rce.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb b/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb index 03706b7bf7..e1c25550b8 100644 --- a/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb +++ b/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb @@ -48,6 +48,8 @@ class Metasploit3 < Msf::Exploit::Remote register_options( [ + Opt::RPORT(443), + OptBool.new('SSL', [true, 'Use SSL', true]), OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/']), OptString.new('USERNAME', [true, 'The username to authenticate with', 'administrator']), OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin123']) @@ -63,6 +65,10 @@ class Metasploit3 < Msf::Exploit::Remote fail_with("Server did not respond in an expected way") end + if res.code != 200 + fail_with("Did not get a 200 response, perhaps the server isn't on an SSL port") + end + token = /name='csrfmiddlewaretoken' value='(.*)'/.match(res.body) token = token[1]