Module: Msf::Exploit::Remote::HTTP::NagiosXi::Install

Includes:
Login, URIs
Included in:
Msf::Exploit::Remote::HTTP::NagiosXi
Defined in:
lib/msf/core/exploit/remote/http/nagios_xi/install.rb

Constant Summary

Constants included from Login

Login::AUTH_RESULTS

Instance Method Summary collapse

Methods included from Login

#authenticate, #clean_cookies, #extract_auth_cookies, #get_nsp, #handle_unsigned_license, #install_full_nagios, #login_after_install_or_license, #nagios_xi_login, #visit_nagios_dashboard

Methods included from URIs

#nagios_xi_backend_url, #nagios_xi_install_url, #nagios_xi_login_url

Instance Method Details

#install_nagios_xi(pass) ⇒ nil, Array

Attempts to complete the Nagios XI web installation

Parameters:

  • pass (String)

    Password

Returns:

  • (nil, Array)

    nil if the installation seems successful, otherwise Array containing an error code and an error message

[View source] [View on GitHub]

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/msf/core/exploit/remote/http/nagios_xi/install.rb', line 10

def install_nagios_xi(pass)
  print_status('Attempting to finish the Nagios XI installation on the target using the provided password. The username will be `nagiosadmin`.')

  # Visit the install page to obtain the cookies and nsp token required for installing the app
   res_install_page = send_request_cgi({
    'method' => 'GET',
    'uri' => nagios_xi_install_url
  })

  unless res_install_page
    return [1, 'Connection failed']
  end

  unless res_install_page.code == 200 && res_install_page.body.include?('Nagios XI') && res_install_page.body.include?('install')
    return [2, 'Received unexpected reply while trying to access the Nagios XI Installer.']
  end

  install_cookies = res_install_page.get_cookies

  if install_cookies.blank?
    return [2, 'Unable to obtain the cookies required to install Nagios XI']
  end

  install_nsp = get_nsp(res_install_page)

  if install_nsp.blank?
    return [2, 'Unable to obtain the nsp token required to install Nagios XI']
  end

  # Install the app, using the provided password (the username cannot be set here, it is `nagiosadmin` by default)
  res_start_install = send_request_cgi({
    'method' => 'POST',
    'uri' => nagios_xi_install_url,
    'cookie' => install_cookies,
    'vars_post' => {
      'install' => 1,
      'nsp' => install_nsp,
      'url' => "#{full_uri(target_uri.path)}",
      'admin_name' => 'Nagios Administrator',
      'admin_email' => 'root@localhost',
      'admin_password' => password,
      'timezone' => 'UTC'
    }
  })

  unless res_start_install
    return [1, 'Connection failed']
  end

  unless res_start_install.code == 200 && res_start_install.body.include?('>Nagios XI<') && res_start_install.body.include?('login') # you may now login
    return [2, 'Received unexpected reply while trying to install Nagios XI on the target.']
  end

  # If installation succeeded, we don't need to return anything here.
  # It is better to start a new session to authenticate now, otherwise the session may timeout
  return
end

#sign_license_agreement(cookies, nsp) ⇒ nil, Array

Signs the Nagios XI license agreement

Parameters:

  • cookies (String)

    cookies required to visit the license agreement page

  • nsp (String)

    nsp token required to visit the license agreement page

Returns:

  • (nil, Array)

    nil if signing the license agreement succeeds, otherwise Array containing an error code and an error message

[View source] [View on GitHub]

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/msf/core/exploit/remote/http/nagios_xi/install.rb', line 73

def sign_license_agreement(cookies, nsp)
  if cookies.blank?
    return [2, 'Cannot sign the license agreement. The provided cookies are empty or nil.']
  end

  if nsp.blank?
    return [2, 'Cannot sign the license agreement. The provided `nsp_str` value is empty or nil.']
  end

  print_status('Attempting to sign the Nagios XI license agreement...')

  res_sign_license = send_request_cgi({
    'method' => 'POST',
    'uri' => ,
    'cookie' => cookies,
    'vars_get' => { 'showlicense' => ''},
    'vars_post' => {
      'page' => ,
      'pageopt' => 'agreelicense',
      'nsp' => nsp,
      'agree_license' => 'on'
    }
  })

  unless res_sign_license
    return [1, 'Connection failed']
  end

  unless res_sign_license.code == 302 && res_sign_license.headers['Location'].end_with?('index.php')
    return [2, 'Received unexpected reply while trying to accept the Nagios XI license agreement.']
  end

  # If signing the license agreement succeeded, we don't need to return anything here
  # It is better to start a new session to authenticate now, otherwise the session may timeout
  return
end