adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

Updates based on cdelafuente-r7 latest comments

Browse Source
This commit is contained in:
h00die-gr3y
2023-05-10 07:46:11 +00:00
parent 51ab9746fb
commit 4f8024454c
1 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb
+7 -9
View File
@@ -316,6 +316,9 @@ class MetasploitModule < Msf::Exploit::Remote
end
def process_configuration(res)
# Initiate the instance variable config to store the configuration
@config = {}
# Parse the device configuration json file
res_json = res.get_json_document
if res_json.blank?
@@ -411,7 +414,7 @@ class MetasploitModule < Msf::Exploit::Remote
def check
# Initiate the instance variable config to store the configuration
@config = { 'hardware' => nil, 'software' => nil, 'serial' => nil, 'ssh_user' => nil, 'ssh_port' => nil, 'ssh_wan_access' => nil, 'ssh_service_enabled' => nil }
# @config = { 'hardware' => nil, 'software' => nil, 'serial' => nil, 'ssh_user' => nil, 'ssh_port' => nil, 'ssh_wan_access' => nil, 'ssh_service_enabled' => nil }
res = get_configuration
return CheckCode::Safe if res.nil? || res.code != 200
@@ -420,9 +423,7 @@ class MetasploitModule < Msf::Exploit::Remote
process_configuration(res)
rescue ProcessConfigException => e
case e.exception_type
when 'ConfigNotVulnerable'
return CheckCode::Safe(e.message)
when 'ConfigUnreachable'
when 'ConfigNotVulnerable', 'ConfigUnreachable'
return CheckCode::Safe(e.message)
when 'ConfigUnknown'
return CheckCode::Unknown(e.message)
@@ -432,11 +433,8 @@ class MetasploitModule < Msf::Exploit::Remote
end
def exploit
# run if AutoCheck is NOT set, otherwise use the information gathered during the check method
unless datastore['AutoCheck']
# Initiate the instance variable config to store the configuration
@config = { 'hardware' => nil, 'software' => nil, 'serial' => nil, 'ssh_user' => nil, 'ssh_port' => nil, 'ssh_wan_access' => nil, 'ssh_service_enabled' => nil }
# run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
unless @config
res = get_configuration
fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200