infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Obey to reviewer.. code fix

bug/bundler_fix
Thanat0s 2014-04-28 23:26:29 +02:00
parent 2396d497d8
commit fe3f7fd76a
1 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
modules/auxiliary/gather/f5_bigip_cookie_disclosure.rb
View File

@ -52,10 +52,9 @@ class Metasploit3 < Msf::Auxiliary
'uri' => @uri 'uri' => @uri
}) })
id,value = nil id,value = nil
begin # Get the SLB session ID, like "TestCookie=2263487148.3013.0000"
# Get the SLB session ID, like "TestCookie=2263487148.3013.0000" m = res.get_cookies.match(/([\-\w\d]+)=((?:\d+\.){2}\d+)(?:$|,|;|\s)/)
m = res.get_cookies.match(/([\-\w\d]+)=((?:\d+\.){2}\d+)(?:$|,|;|\s)/) unless m.nil?
ensure
id = (m.nil?) ? nil : m[1] id = (m.nil?) ? nil : m[1]
value = (m.nil?) ? nil : m[2] value = (m.nil?) ? nil : m[2]
return id, value return id, value
@ -63,37 +62,31 @@ class Metasploit3 < Msf::Auxiliary
end end
def run def run
host_port = Array.new host_port = []
@uri = normalize_uri(target_uri.path) @uri = normalize_uri(target_uri.path)
print_status("Starting request #{@uri}") print_status("Starting request #{@uri}")
id, value = get_cookie() for i in 0...datastore['RETRY']
unless id id, value = get_cookie() # Get the cookie
print_error "F5 SLB cookie not found" # If the cookie is not found, stop process
return unless id
end print_error("F5 SLB cookie not found")
print_status ("F5 cookie \"#{id}\" found") return
host, port = cookie_decode(value) end
host_port.push(host+":"+port) # Print the cookie name on the first request
print_status "Backend #{host}:#{port}" if i == 0
i=1 # We already have done one request print_status("F5 cookie \"#{id}\" found")
until i == datastore['RETRY'] end
id, value = get_cookie()
host, port = cookie_decode(value) host, port = cookie_decode(value)
unless host_port.include? (host+":"+port) unless host_port.include? (host+":"+port)
host_port.push(host+":"+port) host_port.push(host+":"+port)
print_status "Backend #{host}:#{port}" print_status("Backend #{host}:#{port}")
end end
i += 1
end
# Reporting found backend in database
backends = Array.new
host_port.each do |key|
backends.push (key)
end end
# Reporting found backends in database
report_note( report_note(
:host => datastore['RHOST'], :host => rhost,
:type => "F5_Cookie_Backends", :type => "F5_Cookie_Backends",
:data => backends :data => host_port
) )
end end
end end