infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor tomcat_mgr_upload

bug/bundler_fix
David Maloney 2014-06-04 16:07:57 -05:00
parent 28bf29980e
commit f22447f91e
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
modules/exploits/multi/http/tomcat_mgr_upload.rb
View File

@ -126,15 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote
vprint_status("#{peer} - Tomcat Manager found running on #{plat} platform and #{arch} architecture") vprint_status("#{peer} - Tomcat Manager found running on #{plat} platform and #{arch} architecture")
report_auth_info( report_tomcat_credential
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['USERNAME'],
:pass => datastore['PASSWORD'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
return CheckCode::Appears return CheckCode::Appears
end end
@ -156,15 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote
# #
print_status("#{peer} - Uploading and deploying #{@app_base}...") print_status("#{peer} - Uploading and deploying #{@app_base}...")
if upload_payload if upload_payload
report_auth_info( report_tomcat_credential
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['USERNAME'],
:pass => datastore['PASSWORD'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
else else
fail_with(Failure::Unknown, "Upload failed") fail_with(Failure::Unknown, "Upload failed")
end end
@ -423,4 +407,33 @@ class Metasploit3 < Msf::Exploit::Remote
return true return true
end end
def report_tomcat_credential
service_data = {
address: ::Rex::Socket.getaddress(datastore['RHOST'],true),
port: datastore['RPORT'],
service_name: (ssl ? "https" : "http"),
protocol: 'tcp',
workspace_id: myworkspace_id
}
credential_data = {
origin_type: :service,
module_fullname: self.fullname,
private_type: :password,
private_data: datastore['USERNAME'],
username: datastore['PASSWORD'].downcase
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
login_data = {
access_level: 'Admin',
core: credential_core,
last_attempted_at: DateTime.now,
status: Metasploit::Credential::Login::Status::SUCCESSFUL
}
end
end end