Module: Msf::Exploit::Remote::HTTP::Gitea::Helpers

Included in:
Msf::Exploit::Remote::HTTP::Gitea
Defined in:
lib/msf/core/exploit/remote/http/gitea/helpers.rb

Class Method Summary collapse

Class Method Details

.gitea_get_csrf(res) ⇒ String?

Returns CSRF token string for Gitea session

Parameters:

Returns:

  • (String, nil)

    csrf token if found, nil otherwise



12
13
14
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 12

def gitea_get_csrf(res)
  res&.get_html_document&.at('//input[@name="_csrf"]/@value')&.text
end

.gitea_get_repo_uid(res) ⇒ String?

Returns string for Gitea repository uid

Parameters:

Returns:

  • (String, nil)

    repo uid string if found, nil otherwise



20
21
22
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 20

def gitea_get_repo_uid(res)
  res&.get_html_document&.at('//input[@id="uid"]/@value')&.text
end

.gitea_get_service_type_uri(res) ⇒ String?

Returns string for Gitea service type uri

Parameters:

Returns:

  • (String, nil)

    Gitea service type uri string if found, nil otherwise



28
29
30
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 28

def gitea_get_service_type_uri(res)
  res&.get_html_document&.at('//svg[@class="svg gitea-gitea"]/ancestor::a/@href')&.text
end

.gitea_helper_login_post_data(user, pass, csrf) ⇒ Hash

Returns the POST data for a Gitea login request

Parameters:

  • user (String)

    Username

  • pass (String)

    Password

  • csrf (String)

    Login csrf

Returns:

  • (Hash)

    The post data for vars_post Parameter



38
39
40
41
42
43
44
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 38

def (user, pass, csrf)
  {
    'user_name' => user,
    'password' => pass,
    '_csrf' => csrf
  }
end

.gitea_helper_repo_create_post_data(name, uid, csrf) ⇒ Hash

Returns the POST data for a Gitea create repository request

Parameters:

  • name (String)

    Repository name

  • uid (String)

    Repository uid

  • csrf (String)

    Login csrf

Returns:

  • (Hash)

    The post data for vars_post Parameter



52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 52

def gitea_helper_repo_create_post_data(name, uid, csrf)
  {
    'uid' => uid,
    'auto_init' => 'on',
    'readme' => 'Default',
    'repo_name' => name,
    'trust_model' => 'default',
    'default_branch' => 'master',
    '_csrf' => csrf
  }
end

.gitea_helper_repo_migrate_post_data(name, uid, service, url, token, csrf) ⇒ Hash

Returns the POST data for a Gitea migrate repository request

Parameters:

  • name (String)

    Repository name

  • uid (String)

    Repository uid

  • service (String)

    Service id

  • url (String)

    Repository name

  • token (String)

    Repository auth token

  • csrf (String)

    Login csrf

Returns:

  • (Hash)

    The post data for vars_post Parameter



86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 86

def gitea_helper_repo_migrate_post_data(name, uid, service, url, token, csrf)
  {
    'uid' => uid,
    'service' => service,
    'pull_requests' => 'on',
    'repo_name' => name,
    '_csrf' => csrf,
    'auth_token' => token,
    'clone_addr' => url
  }
end

.gitea_helper_repo_remove_post_data(name, csrf) ⇒ Hash

Returns the POST data for a Gitea remove repository request

Parameters:

  • name (String)

    Repository path

  • csrf (String)

    Login csrf

Returns:

  • (Hash)

    The post data for vars_post Parameter



69
70
71
72
73
74
75
 
# File 'lib/msf/core/exploit/remote/http/gitea/helpers.rb', line 69

def gitea_helper_repo_remove_post_data(name, csrf)
  {
    'action' => 'delete',
    'repo_name' => name,
    '_csrf' => csrf
  }
end