metasploit-framework/modules/auxiliary/scanner/http/wmap_backup_file.rb

77 lines
1.9 KiB
Ruby

##
# $Id: backupfile.rb 1000 2008-25-02 08:21:36Z et $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'rex/proto/http'
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WMAPScanFile
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'HTTP Backup File Scanner',
'Description' => %q{
This module identifies the existence of possible copies
of a especific file in a given path.
},
'Author' => [ 'et [at] cyberspace.org' ],
'License' => BSD_LICENSE,
'Version' => '$Revision: 1000 $'))
register_options(
[
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp'])
], self.class)
end
def run_host(ip)
bakextensions = [
'bak',
'backup',
'txt',
'old',
'copy',
'temp'
]
bakextensions.each do |ext|
begin
res = send_request_cgi({
'uri' => datastore['PATH']+"."+ext,
'method' => 'GET',
'ctype' => 'text/plain'
}, 20)
if (res and res.code >= 200 and res.code < 300)
print_status("Found http://#{target_host}:#{datastore['RPORT']}#{datastore['PATH']}.#{ext}")
else
print_status("NOT Found http://#{target_host}:#{datastore['RPORT']}#{datastore['PATH']}.#{ext}")
#To be removed or just displayed with verbose debugging.
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
end