Module: Msf::Exploit::Remote::HTTP::Moodle::Course

Included in:
Msf::Exploit::Remote::HTTP::Moodle
Defined in:
lib/msf/core/exploit/remote/http/moodle/course.rb

Instance Method Summary collapse

Instance Method Details

#enrol(user_id, course_id, enrol_id, sess_key, role = '1') ⇒ Boolean

performs a moodle course enrollment

Parameters:

  • user_id (String)

    ID of the user to enrol

  • course_id (String)

    ID of the course to enrol in

  • enrol_id (String)

    ID of the enrolment

  • sess_key (String)

    session key

  • role (String) (defaults to: '1')

    role to enrol as. 1 is manager, 5 is student

Returns:

  • (Boolean)

    if the enrolment was successful or not


12
13
14
15
16
17
18
19
20
21
22
23
24
# File 'lib/msf/core/exploit/remote/http/moodle/course.rb', line 12

def enrol(user_id, course_id, enrol_id, sess_key, role = '1')
  res = send_request_cgi({
    'uri' => moodle_enrol_ajax,
    'vars_get' => moodle_helper_enrol_get_data(user_id, course_id, enrol_id, sess_key, role),
    'keep_cookies' => true
  })
  return false unless res
  if res.body.include?('success')
    return true
  end

  return false
end

#get_course_context_id(course_id) ⇒ String?

obtains the contextid from an enrolled course

Parameters:

  • course_id (String)

    ID of the course

Returns:

  • (String, nil)

    the contextid for the course, nil otherwise


48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/exploit/remote/http/moodle/course.rb', line 48

def get_course_context_id(course_id)
  res = send_request_cgi({
    'uri' => moodle_user_home,
    'vars_get' => {
      'id' => course_id
    },
    'keep_cookies' => true
  })
  return nil unless res

  res.body =~ /contextid=(\d*)"/
  Regexp.last_match(1)
end

#get_course_enrol_id(course_id) ⇒ String?

obtains the enrolid from an enrolled course

Parameters:

  • course_id (String)

    ID of the course

Returns:

  • (String, nil)

    the enrolid for the course, nil otherwise


30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/exploit/remote/http/moodle/course.rb', line 30

def get_course_enrol_id(course_id)
  res = send_request_cgi({
    'uri' => moodle_user_home,
    'vars_get' => {
      'id' => course_id
    },
    'keep_cookies' => true
  })
  return nil unless res

  res.body =~ /name="enrolid" value="(.*?)"/
  Regexp.last_match(1)
end