Module: Msf::Exploit::Remote::HTTP::NagiosXi::Install

Includes:
Login, URIs
Included in:
Msf::Exploit::Remote::HTTP::NagiosXi
Defined in:
lib/msf/core/exploit/remote/http/nagios_xi/install.rb

Instance Method Summary collapse

Methods included from Login

#clean_cookies, #get_nsp, #login_after_install_or_license, #nagios_xi_login, #visit_nagios_dashboard

Methods included from URIs

#nagios_xi_backend_url, #nagios_xi_install_url, #nagios_xi_login_url

Instance Method Details

#install_nagios_xi(pass) ⇒ nil, Array

Attempts to complete the Nagios XI web installation

Parameters:

  • pass (String)

    Password

Returns:

  • (nil, Array)

    nil if the installation seems successful, otherwise Array containing an error code and an error message


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/msf/core/exploit/remote/http/nagios_xi/install.rb', line 10

def install_nagios_xi(pass)
  print_status('Attempting to finish the Nagios XI installation on the target using the provided password. The username will be `nagiosadmin`.')

  # Visit the install page to obtain the cookies and nsp token required for installing the app
   res_install_page = send_request_cgi({
    'method' => 'GET',
    'uri' => nagios_xi_install_url
  })

  unless res_install_page
    return [1, 'Connection failed']
  end

  unless res_install_page.code == 200 && res_install_page.body.include?('Nagios XI') && res_install_page.body.include?('install')
    return [2, 'Received unexpected reply while trying to access the Nagios XI Installer.']
  end

  install_cookies = res_install_page.get_cookies

  if install_cookies.blank?
    return [2, 'Unable to obtain the cookies required to install Nagios XI']
  end

  install_nsp = get_nsp(res_install_page)

  if install_nsp.blank?
    return [2, 'Unable to obtain the nsp token required to install Nagios XI']
  end

  # Install the app, using the provided password (the username cannot be set here, it is `nagiosadmin` by default)
  res_start_install = send_request_cgi({
    'method' => 'POST',
    'uri' => nagios_xi_install_url,
    'cookie' => install_cookies,
    'vars_post' => {
      'install' => 1,
      'nsp' => install_nsp,
      'url' => "#{full_uri(target_uri.path)}",
      'admin_name' => 'Nagios Administrator',
      'admin_email' => '[email protected]',
      'admin_password' => password,
      'timezone' => 'UTC'
    }
  })

  unless res_start_install
    return [1, 'Connection failed']
  end

  unless res_start_install.code == 200 && res_start_install.body.include?('>Nagios XI<') && res_start_install.body.include?('login') # you may now login
    return [2, 'Received unexpected reply while trying to install Nagios XI on the target.']
  end

  # If installation succeeded, we don't need to return anything here.
  # It is better to start a new session to authenticate now, otherwise the session may timeout
  return
end

#sign_license_agreement(cookies, nsp) ⇒ nil, Array

Signs the Nagios XI license agreement

Parameters:

  • cookies (String)

    cookies required to visit the license agreement page

  • nsp (String)

    nsp token required to visit the license agreement page

Returns:

  • (nil, Array)

    nil if signing the the license agreement succeeds, otherwise Array containing an error code and an error message


73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/msf/core/exploit/remote/http/nagios_xi/install.rb', line 73

def sign_license_agreement(cookies, nsp)
  if cookies.blank?
    return [2, 'Cannot sign the license agreement. The provided cookies are empty or nil.']
  end

  if nsp.blank?
    return [2, 'Cannot sign the license agreement. The provided `nsp_str` value is empty or nil.']
  end

  print_status('Attempting to sign the Nagios XI license agreement...')

  res_sign_license = send_request_cgi({
    'method' => 'POST',
    'uri' => ,
    'cookie' => cookies,
    'vars_get' => { 'showlicense' => ''},
    'vars_post' => {
      'page' => ,
      'pageopt' => 'agreelicense',
      'nsp' => nsp,
      'agree_license' => 'on'
    }
  })

  unless res_sign_license
    return [1, 'Connection failed']
  end

  unless res_sign_license.code == 302 && res_sign_license.headers['Location'].end_with?('index.php')
    return [2, 'Received unexpected reply while trying to accept the Nagios XI license agreement.']
  end

  # If signing the license agreement succeeded, we don't need to return anything here
  # It is better to start a new session to authenticate now, otherwise the session may timeout
  return
end