refactor tomcat_mgr_upload

2014-06-04 16:07:57 -05:00 · 2014-06-04 16:07:57 -05:00 · f22447f91e
parent 28bf29980e
commit f22447f91e
1 changed files with 31 additions and 18 deletions
--- a/modules/exploits/multi/http/tomcat_mgr_upload.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb
@ -126,15 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote

    vprint_status("#{peer} - Tomcat Manager found running on #{plat} platform and #{arch} architecture")

-    report_auth_info(
-      :host   => rhost,
-      :port   => rport,
-      :sname  => (ssl ? "https" : "http"),
-      :user   => datastore['USERNAME'],
-      :pass   => datastore['PASSWORD'],
-      :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
-      :active => true
-    )
+    report_tomcat_credential

    return CheckCode::Appears
  end
@ -156,15 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote
    #
    print_status("#{peer} - Uploading and deploying #{@app_base}...")
    if upload_payload
-      report_auth_info(
-        :host   => rhost,
-        :port   => rport,
-        :sname  => (ssl ? "https" : "http"),
-        :user   => datastore['USERNAME'],
-        :pass   => datastore['PASSWORD'],
-        :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
-        :active => true
-      )
+      report_tomcat_credential
    else
      fail_with(Failure::Unknown, "Upload failed")
    end
@ -423,4 +407,33 @@ class Metasploit3 < Msf::Exploit::Remote
    return true
  end

+  def report_tomcat_credential
+    service_data = {
+        address: ::Rex::Socket.getaddress(datastore['RHOST'],true),
+        port: datastore['RPORT'],
+        service_name: (ssl ? "https" : "http"),
+        protocol: 'tcp',
+        workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+        origin_type: :service,
+        module_fullname: self.fullname,
+        private_type: :password,
+        private_data: datastore['USERNAME'],
+        username: datastore['PASSWORD'].downcase
+    }
+
+    credential_data.merge!(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+        access_level: 'Admin',
+        core: credential_core,
+        last_attempted_at: DateTime.now,
+        status: Metasploit::Credential::Login::Status::SUCCESSFUL
+    }
+  end
+
 end