adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/NagiosXi/RceCheck.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

502 lines
24 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::NagiosXi::RceCheck
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::NagiosXi::RceCheck";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (R)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../NagiosXi.html" title="Msf::Exploit::Remote::HTTP::NagiosXi (module)">NagiosXi</a></span></span>
&raquo;
<span class="title">RceCheck</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::NagiosXi::RceCheck
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../NagiosXi.html" title="Msf::Exploit::Remote::HTTP::NagiosXi (module)">Msf::Exploit::Remote::HTTP::NagiosXi</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/nagios_xi/rce_check.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Scans a Nagios XI target and suggests exploit modules to use</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#add_cve_module_to_hash-instance_method" title="#add_cve_module_to_hash (instance method)">#<strong>add_cve_module_to_hash</strong>(matching_exploits, cve_module_array) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Helper function that populates the matching_exploits hash with the contents of cve_module_array by setting index 0 of each array as the key and index 1 as the value.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#nagios_xi_rce_check-instance_method" title="#nagios_xi_rce_check (instance method)">#<strong>nagios_xi_rce_check</strong>(version) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Uses the Nagios XI version to check which CVEs and related exploit modules the target is vulnerable to, if any.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="add_cve_module_to_hash-instance_method">
#<strong>add_cve_module_to_hash</strong>(matching_exploits, cve_module_array) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Helper function that populates the matching_exploits hash with the contents of cve_module_array by setting index 0 of each array as the key and index 1 as the value.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>matching_exploits</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>maps CVE numbers to exploit module names</p>
</div>
</li>
<li>
<span class='name'>cve_module_array</span>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>contains arrays with a CVE number at index 0 and a matching exploit at index 1</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>updated list of matching exploits, mapping CVE numbers to exploit module names</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
80
81
82
83
84
85
86
87
88
89
90
91
92</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/nagios_xi/rce_check.rb', line 80</span>
<span class='kw'>def</span> <span class='id identifier rubyid_add_cve_module_to_hash'>add_cve_module_to_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='comma'>,</span> <span class='id identifier rubyid_cve_module_array'>cve_module_array</span><span class='rparen'>)</span>
<span class='comment'># Account for version numbers for which we have multiple exploits
</span> <span class='kw'>if</span> <span class='id identifier rubyid_cve_module_array'>cve_module_array</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;</span> <span class='int'>1</span>
<span class='id identifier rubyid_cve_module_array'>cve_module_array</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_cma'>cma</span><span class='op'>|</span>
<span class='id identifier rubyid_cve'>cve</span><span class='comma'>,</span> <span class='id identifier rubyid_msf_module'>msf_module</span> <span class='op'>=</span> <span class='id identifier rubyid_cma'>cma</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='lbracket'>[</span><span class='id identifier rubyid_cve'>cve</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_msf_module'>msf_module</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_cve'>cve</span><span class='comma'>,</span> <span class='id identifier rubyid_msf_module'>msf_module</span> <span class='op'>=</span> <span class='id identifier rubyid_cve_module_array'>cve_module_array</span><span class='period'>.</span><span class='id identifier rubyid_flatten'>flatten</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='lbracket'>[</span><span class='id identifier rubyid_cve'>cve</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_msf_module'>msf_module</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="nagios_xi_rce_check-instance_method">
#<strong>nagios_xi_rce_check</strong>(version) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Uses the Nagios XI version to check which CVEs and related exploit modules the target is vulnerable to, if any</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>version</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../../../Rex/Version.html" title="Rex::Version (class)">Rex::Version</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>Nagios XI version</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>, Hash mapping CVE numbers to exploit module names if the target is vulnerable, empty hash otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/nagios_xi/rce_check.rb', line 9</span>
<span class='kw'>def</span> <span class='id identifier rubyid_nagios_xi_rce_check'>nagios_xi_rce_check</span><span class='lparen'>(</span><span class='id identifier rubyid_version'>version</span><span class='rparen'>)</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='comment'># Storage area for known exploits that affect versions prior to the one in the hash key
</span> <span class='id identifier rubyid_nagios_rce_version_prior'>nagios_rce_version_prior</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.2.8</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NO CVE AVAILABLE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_chained_rce</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_nagios_rce_version_prior'>nagios_rce_version_prior</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>&lt;</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='rparen'>)</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span> <span class='op'>=</span> <span class='id identifier rubyid_add_cve_module_to_hash'>add_cve_module_to_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='comment'># Storage area for known exploits that affect only the version in the hash key
</span> <span class='id identifier rubyid_nagios_rce_version_equals'>nagios_rce_version_equals</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_nagios_rce_version_equals'>nagios_rce_version_equals</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_nagios_rce_version_equals'>nagios_rce_version_equals</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='rparen'>)</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span> <span class='op'>=</span> <span class='id identifier rubyid_add_cve_module_to_hash'>add_cve_module_to_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='comment'># Storage area for known exploits that affect version ranges (inclusive).
</span> <span class='comment'># Each hash key should be two versions separated by a hyphen, eg `5.6.0-5.8.5`
</span> <span class='id identifier rubyid_nagios_rce_version_range'>nagios_rce_version_range</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.2.0-5.5.6</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2018-15708, CVE-2018-15710</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_magpie_debug</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.2.0-5.6.5</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2019-15949</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_plugins_check_plugin_authenticated_rce</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.2.6-5.4.12</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_chained_rce_2_electric_boogaloo</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.3.0-5.7.9</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2020-35578</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_plugins_filename_authenticated_rce</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.5.0-5.7.3</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2020-5792</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_snmptrap_authenticated_rce</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.6.0-5.7.3</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2020-5791</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_mibs_authenticated_rce</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>5.2.0-5.8.4</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbracket'>[</span>
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CVE-2021-37343</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>nagios_xi_autodiscovery_webshell</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='rbracket'>]</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_nagios_rce_version_range'>nagios_rce_version_range</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='op'>|</span>
<span class='id identifier rubyid_lower'>lower</span><span class='comma'>,</span> <span class='id identifier rubyid_higher'>higher</span> <span class='op'>=</span> <span class='id identifier rubyid_fixed_version'>fixed_version</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>-</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_lower'>lower</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_lower'>lower</span><span class='rparen'>)</span>
<span class='id identifier rubyid_higher'>higher</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_higher'>higher</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>&gt;=</span> <span class='id identifier rubyid_lower'>lower</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>&lt;=</span> <span class='id identifier rubyid_higher'>higher</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span> <span class='op'>=</span> <span class='id identifier rubyid_add_cve_module_to_hash'>add_cve_module_to_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_matching_exploits'>matching_exploits</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_matching_exploits'>matching_exploits</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:38 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink